ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [smime] [Technical Errata Reported] RFC2633 (5019)

2017-05-15 04:23:26
from [Josh Soref] [Permanent Link] 
https://tools.ietf.org/html/rfc5751 says:
   id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}
   SMIMEEncryptionKeyPreference ::= CHOICE {
      issuerAndSerialNumber   [0] IssuerAndSerialNumber,
      receipentKeyId          [1] RecipientKeyIdentifier,
      subjectAltKeyIdentifier [2] SubjectKeyIdentifier
   }

   -- receipentKeyId is spelt incorrectly, but kept for historical
   -- reasons.

I'm trying to ask for a similar note.
Responding with reject and not suggesting a way forward is insulting.

Instead of responding "reject". Someone could have checked the related
documents and suggested that this would have been the correct way to
address my concern.
No one did that.
No one really suggested that a fix would need to be applied to multiple
RFCs or whatever the correct approach would be.

As Peter notes, and I'm paraphrasing, just because a section isn't examined
doesn't mean it's correct. I'd argue that given that this general section
indeed has other typos, it's likely that it's in fact a dark corner with
less review.

Picking between editorial and technical is fairly hard. I generally send
both kinds of feedback and this is clearly near the edge. It isn't a comma
or similar. Changing the spelling would as noted by someone here
potentially break clients that consume human readable formats.

The reason I sent this feedback in the first place is that I was searching
for spelling errors in a derived product and identified this one. No one
rejected it as "not a spelling error", they didn't try to defend it as "a
proper abbreviation". The only concern that was raised was that it would be
an API change and impact interoperability. At which point I realized that
it was probably from the RFC and came here to raise the issue.

The errata tool forces over to choose between technical and editorial.
Given that had I made the downstream change it would have technically
broken clients if the tool I was using, technical felt like the right
choice.

A call-out is needed to tell implementers "this is misspelled in the source
and if you use the correct spelling, you will break something". Whether
that be done using shorthand "[sic]" or longhand as in the later RFC quoted
above is immaterial to me.

As for who has seen this error, I think I run into it every 5 or so years
when I run a similar tool against​a different system (historically this
would have been Mozilla mail or NSS).

If you need to consult with the RFC editor for the correct way forward,
then you should do that. Just as Peter took the effort to consult the
original author.

When I attended W3C meetings, an IETF representative would occasionally
come and try to encourage people to participate in IETF. This is not how
one encourages participation.

On May 14, 2017 6:38 PM, "Jim Schaad" <ietf(_at_)augustcellars(_dot_)com> wrote:

I did not intend to be offensive, and I apologize if you have found it so.



I thought that I offered two reasons why the current suggested errata was
incorrect.  If they were both fixed, then I do not know what my position on
this suggestion would be.



I am unclear if the use of sic as presented in the errata is correct or
not.  I would need to ask the RFC editor on that point, but if this was
editorial and held for update then that is not of any immediate
importance.  My general understanding is that “sic” is used, not in
original source material, but in quotes to say that I did a faithful
transcription of what was in the original document and the spelling (or
other) errors are theirs and not mine.  That would be a question for others
and not for me.  This could be a correct usage that I am unaware of.



Going back and looking at RC 2616, it is clear that this is a technical
issue in that document.  The string “Referer” appears as bits transported
on the wire and needs to be spelt as it is in the document rather than
having the spelling corrected.  If the correct spelling is used, there
would be an interoperability issue.  This makes the usage of “sic” correct
in this location and it would have been a technical errata if it was raised.



The use of the errata mechanism is an appropriate method for raising these
types of issues, however it must be recognized that we do not all have the
same level of significance when it comes to technical vs editorial.  Some
people are more strict in terms of how significant an errata issue affects
the document and consider anything which, even if it might lead to
difference of opinion on implementation, to be editorial.  I think however,
that this suggestion was clearly editorial in nature as it would not cause
confusion in how things are to be implemented or change bits on the wire if
one were to change the string in the ASN.1 file.



Jim





*From:* Josh Soref [mailto:jsoref(_at_)gmail(_dot_)com]
*Sent:* Sunday, May 14, 2017 1:43 PM
*To:* Jim Schaad <ietf(_at_)augustcellars(_dot_)com>
*Cc:* Paul Hoffman <paul(_dot_)hoffman(_at_)vpnc(_dot_)org>; IETF SMIME 
<smime(_at_)ietf(_dot_)org>;
Eric Rescorla <ekr(_at_)rtfm(_dot_)com>; Russ Housley 
<housley(_at_)vigilsec(_dot_)com>; Kathleen
Moriarty <Kathleen(_dot_)Moriarty(_dot_)ietf(_at_)gmail(_dot_)com>
*Subject:* RE: [smime] [Technical Errata Reported] RFC2633 (5019)



Ok. Let's say that I'm new to IETF process. The feedback provided so far is
offensive.



Please suggest the proper way to annotate that there is an error in a
number of the documents hosted by IETF.



Clearly someone successfully ridiculed IETF once such that future standards
appropriately included "[sic]" wherever "referer" is used. It shouldn't be
hard to suggest to a submitter the correct way to do that today, decades
later.



On May 14, 2017 4:35 PM, "Jim Schaad" <ietf(_at_)augustcellars(_dot_)com> wrote:

The name chosen has absolutely no change of what is one the wire.   That
means that this is at best editorial and is definitely not technical.



This is only going to affect those people who decide to use autogenerated
constant names from the ASN.1 file.  The suggested change would make for an
invalid ASN.1 file so it not correct.  Changing this name at this point
would be a hassle for any one doing auto generation and highlighting that
this is not, in some sense, a word does not affect the standard in any way.



This should be rejected.



Jim





*From:* smime [mailto:smime-bounces(_at_)ietf(_dot_)org] *On Behalf Of *Russ 
Housley
*Sent:* Sunday, May 14, 2017 10:55 AM
*To:* Josh Soref <jsoref(_at_)gmail(_dot_)com>
*Cc:* Kathleen Moriarty 
<Kathleen(_dot_)Moriarty(_dot_)ietf(_at_)gmail(_dot_)com>; Paul Hoffman <
paul(_dot_)hoffman(_at_)vpnc(_dot_)org>; Eric Rescorla 
<ekr(_at_)rtfm(_dot_)com>; IETF SMIME <
smime(_at_)ietf(_dot_)org>
*Subject:* Re: [smime] [Technical Errata Reported] RFC2633 (5019)



It is the name that the author chose to use in the ASN.1.  If it was a
typo, then it would have been changed in the subsequent update to the RFC.



Russ





On May 14, 2017, at 1:44 PM, Josh Soref <jsoref(_at_)gmail(_dot_)com> wrote:



It isn't an abbreviation, other tokens are clearly longer such as
signingCertificate and smimeEncryptCerts. It's likely that the errata
applies to multiple RFCs.



On May 14, 2017 1:15 PM, "Russ Housley" <housley(_at_)vigilsec(_dot_)com> wrote:

I believe that this errata should be rejected.  The author used an
abbreviation, and the same spelling is used in RFC 3851.

Russ



On May 14, 2017, at 12:35 PM, RFC Errata System 
<rfc-editor(_at_)rfc-editor(_dot_)org>

wrote:


The following errata report has been submitted for RFC2633,
"S/MIME Version 3 Message Specification".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5019

--------------------------------------
Type: Technical
Reported by: Josh Soref <jsoref(_at_)gmail(_dot_)com>

Section: 5

Original Text
-------------
id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}


Corrected Text
--------------
id-aa-encrypKeyPref [sic] OBJECT IDENTIFIER ::= {id-aa 11}

Notes
-----
encryp isn't a word, it's a typo. Unfortunately, like http's (rfc1945)

referer [sic] before it, this is now part of the API.


This error should be highlighted (as rfc2068 does for referer [sic]) so

that people are aware that the natural spelling doesn't apply.


If it's possible for a revised RFC to be published suggesting the correct

spelling w/ a way for clients/servers to handle the old spelling, that
would be nice, but based on precedent, that seems unlikely.


Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC2633 (draft-ietf-smime-msg-08)
--------------------------------------
Title               : S/MIME Version 3 Message Specification
Publication Date    : June 1999
Author(s)           : B. Ramsdell, Ed.
Category            : PROPOSED STANDARD
Source              : S/MIME Mail Security
Area                : Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime

_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [smime] [Technical Errata Reported] RFC2633 (5019), Blake Ramsdell
Next by Date:  Re: [smime] [Technical Errata Reported] RFC2633 (5019), Sean Turner
Previous by Thread:  Re: [smime] [Technical Errata Reported] RFC2633 (5019), Jim Schaad
Next by Thread:  Re: [smime] [Technical Errata Reported] RFC2633 (5019), Sean Turner
Indexes:  [Date] [Thread] [Top] [All Lists]