Re: [Acme] AD Review of draft-ietf-acme-email-smime-07
Ryan Sleevi <ryan-ietf@sleevi.com> Fri, 29 May 2020 17:27 UTC
Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2A13A099E for <acme@ietfa.amsl.com>; Fri, 29 May 2020 10:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APwr_4AN5wli for <acme@ietfa.amsl.com>; Fri, 29 May 2020 10:27:34 -0700 (PDT)
Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1E5C3A08EB for <acme@ietf.org>; Fri, 29 May 2020 10:27:33 -0700 (PDT)
Received: by mail-lf1-f41.google.com with SMTP id x27so134370lfg.9 for <acme@ietf.org>; Fri, 29 May 2020 10:27:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KxmtcS4TkxPM0yAmV1c7mhOoQzayVhmG9KK99hH/44M=; b=kfAdslr6lUQvx6Hjd0h/v36nb32m7una5y70fZJnafgteEr3IrMcCiz1+XMZcBQ9eW pohk07e5JQsP4CcfHe9LE7lx7NhEDSa03vWvk7nYsjwEzaK5q72iKOBaEZntllBzXyBY DUEYu/No0a9YLuSpthMlub6yWDmNJZtJ48M76L5A5uIu02+GQXxc91dnCC8APGaPSlNy goLjBmVQY7ketEYvPvGepbwyGJKo3otW7IqBP2CbJdPP6zhy8fZNWxcjP3VhneYuw3Zl QsF77fPJO3t/j878N7fPP6igU6tv8TVPHwOjVck52b8wX9CBlZ0q13AYzKoLnYtmV8XT cc7w==
X-Gm-Message-State: AOAM5334C6P1lXD/rV+7MLwFsYgTigTHSlNBCW1L/cxnTaSb/J7N9Crd Xu0xTwYjhXZ9eNTG+bzHsq1lbJf7
X-Google-Smtp-Source: ABdhPJy261vbBJspRVDAMTHREHqF/EccrlbuKFQUqPk+cV7cJSDNBDv+hte1drgk293Z6rR3OCJ95g==
X-Received: by 2002:a19:500e:: with SMTP id e14mr4904610lfb.88.1590773251570; Fri, 29 May 2020 10:27:31 -0700 (PDT)
Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com. [209.85.208.171]) by smtp.gmail.com with ESMTPSA id 72sm2383286lfa.52.2020.05.29.10.27.31 for <acme@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 29 May 2020 10:27:31 -0700 (PDT)
Received: by mail-lj1-f171.google.com with SMTP id b6so222035ljj.1 for <acme@ietf.org>; Fri, 29 May 2020 10:27:31 -0700 (PDT)
X-Received: by 2002:a2e:a374:: with SMTP id i20mr4489466ljn.382.1590773250997; Fri, 29 May 2020 10:27:30 -0700 (PDT)
MIME-Version: 1.0
References: <8ecce2820f344c34a124bffa95bd20b6@cert.org> <c8762036-fc0d-1012-98f3-4bf1ce72cb25@isode.com> <4B141F9D-3F3C-41F8-ABA4-98A3EEAEDB7B@vigilsec.com>
In-Reply-To: <4B141F9D-3F3C-41F8-ABA4-98A3EEAEDB7B@vigilsec.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Fri, 29 May 2020 13:27:20 -0400
X-Gmail-Original-Message-ID: <CAErg=HEG2q3PBzqvGf-xWwhBTEmCaFyaHPQhUnqwC+djWSx=cg@mail.gmail.com>
Message-ID: <CAErg=HEG2q3PBzqvGf-xWwhBTEmCaFyaHPQhUnqwC+djWSx=cg@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: IETF ACME <acme@ietf.org>, "Roman D. Danyliw" <rdd@cert.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ddYmw0CeD2nJj7Cuorydf5jCy58>
Subject: Re: [Acme] AD Review of draft-ietf-acme-email-smime-07
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2020 17:27:36 -0000
On Fri, May 29, 2020 at 1:08 PM Russ Housley <housley@vigilsec.com> wrote: > >> ** What was the thinking behind the document status being informational? > > I don't think there was much thought or discussion of this point. I am flexible. I think when I started it was not very clear how much support/interest there were in this, but I noticed more interest over time. > > I would like to see standards track. I wonder what other in the ACME WG think. With my acknowledged bias towards thinking about policies around CAs trusted in my employer's products, I think Informational makes sense. I mention this largely because work is still ongoing within the broader CA/Root Store industry around establishing requirements around the issuance and validation of S/MIME certificates, and it's not at all inconceivable to think things may need to change or be adjusted to be used within those PKIs. The issuance practices and required level of validation / validation process are not as well or widely established and documented, nor are the expectations across vendors as consistent, and so it's difficult to see that there's a lot of "running code" for this model, in terms of CAs or Root Stores. It's also not inconceivable that this may be fine as-is. I'll be the first to readily admit that while I've read the document, I've not read it to a degree that I'd be fully comfortable allowing it for use by CAs that I might delegate to. While I don't for a second think that alone is somehow reasonable to suggest Informational, when I look at the broader sector of folks who have engaged within ACME on the draft, I don't see a a wide variety of participants on the list or in the minutes, and that makes me think that the lack of detailed review by existing industry implementers may be a bit more wide-spread. At the end of the day, I take the view that the question about whether this provides "sufficient" assurance is going to be situational; it depends on the needs and policies of the mail provider, the CAs, the relying parties, MTAs, and root stores. That may be reason to think of this on the "Experimental" or "Informational" spectrum, or it may be that folks believe the particular mechanism is well-specified enough that it deserves to be on the "Standards" track, and whether or not parties implement or adopt that standard is entirely orthogonal. Given that this spec describes a very specific method of providing assurance, and not just a general protocol for assurance establishment, I do lean towards Informational/Experimental.
- [Acme] AD Review of draft-ietf-acme-email-smime-07 Roman Danyliw
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Salz, Rich
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Alexey Melnikov
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Russ Housley
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Ryan Sleevi
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Roman Danyliw
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Alexey Melnikov
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Roman Danyliw
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Roman Danyliw
- Re: [Acme] AD Review of draft-ietf-acme-email-smi… Alexey Melnikov