Re: [Acme] I-D Action: draft-ietf-acme-integrations-13.txt

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 12 February 2023 18:37 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68829C14CF0C; Sun, 12 Feb 2023 10:37:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJWK8aemiNXc; Sun, 12 Feb 2023 10:37:46 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 724AAC14CEFD; Sun, 12 Feb 2023 10:37:45 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A65A638990; Sun, 12 Feb 2023 14:08:27 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id L9FFDCh5Ntmz; Sun, 12 Feb 2023 14:08:26 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 897B23898F; Sun, 12 Feb 2023 14:08:26 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1676228906; bh=Qfo38Kq6ufH0W7USsy9lL4lSQJtm3+ZhtTww7No6tL0=; h=From:To:cc:Subject:In-Reply-To:References:Date:From; b=QW9UlmraHesFoYTKatvT+9xIUE49oboOM3U6/mXIXcbrBIlE3IjVEYDxHDBh2xRzz BkvZn0KYTwvzAf6XeMgyit+v3MRDgLyVozMxua6h+MQXCmLvPwrHeigbnEnLh7liQN eP3DTP010PavAYhYkgBszVgG3ao4da75SJj5I86fvwifYEQCJj07+1MuaqjKIA7vka yKsX+kf+qWiW9z8VFtywR5CRy8EhegAs+mrVbH0tqc8nqIn3iK739gZ0vh0YsNg16m dHUAZRpniGqdTwX7RVN4DC44SC/qq5fxjljcNu/XywkZeh1kk8GZPZl1yUIGZlWEzk SuchoaJ9O0j+w==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 73FB04C; Sun, 12 Feb 2023 13:37:43 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "acme@ietf.org" <acme@ietf.org>, spasm@ietf.org
cc: "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org>, emu@ietf.org
In-Reply-To: <DS0PR11MB64453FF79D847F7FBCB1D74CDBDE9@DS0PR11MB6445.namprd11.prod.outlook.com>
References: <167605854321.43518.7024746076299481254@ietfa.amsl.com> <DS0PR11MB64453FF79D847F7FBCB1D74CDBDE9@DS0PR11MB6445.namprd11.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 12 Feb 2023 13:37:43 -0500
Message-ID: <10618.1676227063@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/DEg5xJlne-wx6aMsej_OfS2EXzM>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-integrations-13.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2023 18:37:52 -0000

Owen Friel \(ofriel\) <ofriel=40cisco.com@dmarc.ietf.org> wrote:
    > This addresses all issues raised on the mailers. The issues and
    > associated fixes can all be seen at:
    > https://github.com/upros/acme-integrations/issues?q=is%3Aissue+

    > The authors noticed one issues related to Joe Salowey's feedback on
    > tls-unique channel binding:

    > An update for TEAP is underway that can be used to address channel
    > binding in TLS1.3 using RFC9266.

which I think is specified in draft-ietf-emu-tls-eap-types-04, section 2.2.

    > However, there is no currently planned update for EST RFC7030 to
    > specify how to use RFC9266. EST only references tls-unique. How should
    > we proceed here?

AFAIK, a TLS1.3 exporter just needs a string to be specified somewhere.
Where should we specify this?

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide