[Acme] Fwd: New Version Notification for draft-wendt-acme-authority-token-jwtclaimcon-00.txt
Chris Wendt <chris@appliedbits.com> Wed, 05 March 2025 09:52 UTC
Return-Path: <chris@appliedbits.com>
X-Original-To: acme@mail2.ietf.org
Delivered-To: acme@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A5E0779E0FB for <acme@mail2.ietf.org>; Wed, 5 Mar 2025 01:52:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=appliedbits.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WlCFKcTO5uaM for <acme@mail2.ietf.org>; Wed, 5 Mar 2025 01:52:21 -0800 (PST)
Received: from black.elm.relay.mailchannels.net (black.elm.relay.mailchannels.net [23.83.212.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4E6FB79E0F4 for <acme@ietf.org>; Wed, 5 Mar 2025 01:52:21 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|chris@appliedbits.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 2715523521 for <acme@ietf.org>; Wed, 5 Mar 2025 09:52:20 +0000 (UTC)
Received: from pdx1-sub0-mail-a293.dreamhost.com (trex-1.trex.outbound.svc.cluster.local [100.115.211.97]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id B6C1F23B55 for <acme@ietf.org>; Wed, 5 Mar 2025 09:52:19 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1741168339; a=rsa-sha256; cv=none; b=a4XAlydKT0dj9ZgcVDL7F6xoZqPsQhQgT4q2K0pS+GDFmoMF3X3wS9nse8Nv7siMgE/ofc 0ODxlIvCKF2fKxOCwimg9E9SGajFliOF0+hrCSBHyU4HfJWl45arvWEhAlRBItrHXfuIcq C03/nkwciW5W7jkcvuwZ5Rx8NiEY33NlZo4vbFRsMKIG0h+4YgQ8USJGNR8d/TVskdoqzD vfalo24w5tUDtkTel2b91VaJ4KFGgjnrE9SdSmemHQu4DkUWLUW838DFjejSkERLZvyfqq VcHqCBPUNoovcgvEq8OwXvUTEH5urEwE6g6fmZ2yuwH899cQ9juFzIwvs0ayew==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1741168339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: references:references:dkim-signature; bh=XQaUL9kHfvGRiUusBPEHzGaMMqYV7xxX/6OuK72z4JI=; b=JxR9O5Hi0f3HPGUPTySSDckdK7R9VuZdJRch0CQCNa379T+aOs77BJo3xSSke/52a/BxRs DNVtw6Igbg6D/s0+AnitYJbguGk1ZSUrVv3dmXkq34Zk1eOgX9T5yBM2SuZKrFl87L6Pms xfDgr7PASVCvo9voqBs0U/1uLOfxmhVSk68HdQtUKnn+WJ8twItsybxUyrhJV3kz7aBSx0 XrK7y2Cgt92B+VePCyhNCLyN95zVLd1RVZGYDZWXN1gssCZyrlbRayr5LF/PgKBAaP2obt nI7hb3rcik6XE+SzOhu0Z5PEFgWKesZCRohVQaPkDp8/WzYo3MFgKjW4Q1t4JA==
ARC-Authentication-Results: i=1; rspamd-d464f9ccc-l9cfz; auth=pass smtp.auth=dreamhost smtp.mailfrom=chris@appliedbits.com
X-Sender-Id: dreamhost|x-authsender|chris@appliedbits.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|chris@appliedbits.com
X-MailChannels-Auth-Id: dreamhost
X-Little-Befitting: 260abca76c01f22d_1741168339954_966710453
X-MC-Loop-Signature: 1741168339953:300409075
X-MC-Ingress-Time: 1741168339953
Received: from pdx1-sub0-mail-a293.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.115.211.97 (trex/7.0.2); Wed, 05 Mar 2025 09:52:19 +0000
Received: from smtpclient.apple (unknown [185.195.59.59]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: chris@appliedbits.com) by pdx1-sub0-mail-a293.dreamhost.com (Postfix) with ESMTPSA id 4Z77BW391nz9q for <acme@ietf.org>; Wed, 5 Mar 2025 01:52:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appliedbits.com; s=dreamhost; t=1741168339; bh=XQaUL9kHfvGRiUusBPEHzGaMMqYV7xxX/6OuK72z4JI=; h=Content-Type:Content-Transfer-Encoding:From:Date:Subject:To; b=WMirdafQFuWCqy8nU2tUJkp+fBI+9AGuEYNafwWWu9KPYFdFSvE/ZsOUslk5n7Zek bf8nDcpDGJL6/IwhdnxmPJroZx318UCrALPaIEuPaPdDN4nE09zB63IjZd5iGmVFqt vtzAo/WqH1sl7hDyui/XtUTDzbBzYnxe/Kj98HnKMboQ4KK2ZY/oED6+o6XThO0emD o+zJvkK77iixDFp7NzfM/bTbYRu1TqaGqj27gz2aBfR4bQ8LgKMU5Z16bCd7+T9/Db 8GKu1IxvJe8WIVZdhcvVUm/tmKsylA733JaiT2WVDTZfrPZ/krZ2+19t6Afr64Qf8p OEqXlV3SoaPmg==
Content-Type: multipart/alternative; boundary="Apple-Mail-8EAC9DA3-71CA-4074-B749-0DE1D7E5AB73"
Content-Transfer-Encoding: 7bit
From: Chris Wendt <chris@appliedbits.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 05 Mar 2025 10:52:06 +0100
Message-Id: <7C973466-31E0-48BA-A9CA-57FDC7AB6BD7@appliedbits.com>
References: <174099971677.380413.9404084199131346441@dt-datatracker-5dd67b77bb-4k4zh>
To: acme@ietf.org
X-Mailer: iPad Mail (22D72)
Message-ID-Hash: TQNWCTHP3J223M3AEELJTZ2EUYND4W2D
X-Message-ID-Hash: TQNWCTHP3J223M3AEELJTZ2EUYND4W2D
X-MailFrom: chris@appliedbits.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Fwd: New Version Notification for draft-wendt-acme-authority-token-jwtclaimcon-00.txt
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/-DHVtJX9lOUXDnEsEeNUwLACZFU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>
Hi acme WG/chairs, I would like to request some time on the acme agenda for IETF 122, if available to discuss this draft, or perhaps this can happen on the list. It is a proposed profile of the authority token [RFC9447] and is complimentary to the TNAuthList Authority Token Profile [RFC9448] addressing another challenge for the issuance of STI certificates [RFC8226] as defined in stir WG specific to JWT ClaimConstraints extension. I’m hoping the effort to define this profile is a straight forward effort and I would plan to keep stir WG engaged on this as well, i plan to discuss in stir WG meeting as well. Thanks! -Chris Begin forwarded message: > From: internet-drafts@ietf.org > Date: March 3, 2025 at 12:01:58 PM GMT+1 > To: Chris Wendt <chris@appliedbits.com>, David Hancock <davidhancock.ietf@gmail.com> > Subject: New Version Notification for draft-wendt-acme-authority-token-jwtclaimcon-00.txt > > A new version of Internet-Draft > draft-wendt-acme-authority-token-jwtclaimcon-00.txt has been successfully > submitted by Chris Wendt and posted to the > IETF repository. > > Name: draft-wendt-acme-authority-token-jwtclaimcon > Revision: 00 > Title: JWTClaimConstraints profile of ACME Authority Token > Date: 2025-03-03 > Group: Individual Submission > Pages: 16 > URL: https://www.ietf.org/archive/id/draft-wendt-acme-authority-token-jwtclaimcon-00.txt > Status: https://datatracker.ietf.org/doc/draft-wendt-acme-authority-token-jwtclaimcon/ > HTMLized: https://datatracker.ietf.org/doc/html/draft-wendt-acme-authority-token-jwtclaimcon > > > Abstract: > > This document defines an authority token profile for handling the > validation of JWTClaimConstraints and Enhanced JWTClaimConstraints. > This profile follows the model established in Authority Token for the > validation of TNAuthList but is specifically tailored for the > JWTClaimConstraints certificate extensions. The profile enables > validation and challenge processes necessary to support certificates > containing both TNAuthList and JWTClaimConstraints, particularly in > the context of Secure Telephone Identity (STI). > > > > The IETF Secretariat > >