IETF Logo Mail Archive

Re: [Anima] Alexey Melnikov's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)

"Alexey Melnikov" <aamelnikov@fastmail.fm> Thu, 18 July 2019 16:06 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D741D120807; Thu, 18 Jul 2019 09:06:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=Y3YMBFIT; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=y7Lqu1Af
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TXwrfH-g6H2K; Thu, 18 Jul 2019 09:06:39 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 088A81207FC; Thu, 18 Jul 2019 09:06:38 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id E078F403; Thu, 18 Jul 2019 12:06:36 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute7.internal (MEProxy); Thu, 18 Jul 2019 12:06:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm3; bh=EyljDjYK7oGo9sxVpgQeUP4hnhZtqh2 eVVAp2rKI3Ic=; b=Y3YMBFITy94M45aejIRJkDLSyasQwWP0nqNtxJZw5wT9Vq6 lP3tp+/AzG70haTkEXSX9WRG+/+I2VX95KQD4iBZv4edfNKmAPdY1nY7gZmLYtN8 Nv/UKQj64BYbyarDVXTC+BgwGj9whxwrRs0xwc9kSPjs7Lu7Qm+lM2Gy+jH9csvG OeFRc/QKOcfqj3ERWYXaVyEtmY4o18Ic5jHj1z2GwJtINMRR78b/zd++P9Aul2mr 1RUgzNewDHNDKh2GknD9cZt0+1BTNzY4F/BWLoc77g8Auo7uLYrbPH0A+vqiXzcj 8yhpcIBORc5LnWkwB8N7TP4lZVgIxNdpgzcKlWA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=EyljDj YK7oGo9sxVpgQeUP4hnhZtqh2eVVAp2rKI3Ic=; b=y7Lqu1AfRbZ7VSNZZVI2We DIJR4JKSOEgKFlInvV1/YxzNzHsEsw1v/VNKDkHMlnpdjp/AKvNy7etqctCKitsP D4NkYe2Yu6AA7w96iyRaUxioIztWrDWXp1uWWSd14e8jTMXS1itEf7wwxXbpX7zO COlUMlr4EvSunbJ3lF3mcCRJ0oDQtmexx6hKBHi9wo1M5xKiH5xf2zw5d3S3QhCq wN64KTNhBsd/uA+FOkl22JAe8/8LNyplSzkol36+mP/9RqBo1RH1ExDCWxutD6CG arrg4ke9IF0vYDY/98hQhPRw46oxWdbAs+iLxvENrn8u/j5YYVaOok3F3ql00eTQ ==
X-ME-Sender: <xms:DJkwXVbdMa8iEmAALQOHRtKVcsE1MaoG0GdDVCK8wwHOk4Tv54edxw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrieehgddutddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfrrghrrghmpehmrghilhhf rhhomheprggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfhhmnecuvehluhhsthgvrh fuihiivgeptd
X-ME-Proxy: <xmx:DJkwXRU36xE1wIifWiOo8kHxzBsVWCfO9wTZzmESrgRX_XB_1TIJZA> <xmx:DJkwXcOBf3ODeonySc49GeNsvti3z9V_BPaEBkJh8Ltw_AqeIKeZzA> <xmx:DJkwXTYoRYdX7YPJTFGkUMVibdcLsIwhXdYCjaH9EVDUByJsCwiOJA> <xmx:DJkwXfrnxDfNdY_104s-hkzw4OxQj2uJhv4svYj6STVKJHut3OOfHA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3FA6EC200A4; Thu, 18 Jul 2019 12:06:36 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-736-gdfb8e44-fmstable-20190718v2
Mime-Version: 1.0
Message-Id: <b194301a-59f0-4edb-a387-d6cda1b3b599@www.fastmail.com>
In-Reply-To: <27800.1563297174@localhost>
References: <156285123896.32459.15810474411321920381.idtracker@ietfa.amsl.com> <27800.1563297174@localhost>
Date: Thu, 18 Jul 2019 17:06:06 +0100
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: The IESG <iesg@ietf.org>, draft-ietf-anima-bootstrapping-keyinfra@ietf.org, tte+ietf@cs.fau.de, anima@ietf.org, anima-chairs@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/GLavLD9Cwb-ho_H-__cdVYQASso>
Subject: Re: [Anima] Alexey Melnikov's Discuss on draft-ietf-anima-bootstrapping-keyinfra-22: (with DISCUSS and COMMENT)
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 16:06:41 -0000

Hi Michael,

On Tue, Jul 16, 2019, at 6:12 PM, Michael Richardson wrote:
> Alexey Melnikov via Datatracker <noreply@ietf.org> wrote:
>     > 1) In Section 5:
> 
>     >    o In the language of [RFC6125] this provides for a SERIALNUM-ID
>     > category of identifier that can be included in a certificate and
>     > therefore that can also be used for matching purposes.  The
>     > SERIALNUM-ID whitelist is collated according to manufacturer trust
>     > anchor since serial numbers are not globally unique.
> 
>     > I think now you are just inventing things. Please define what exactly
>     > SERIALNUM-ID is. Cut & paste text from RFC 6125, if needed.
> 
> https://github.com/anima-wg/anima-bootstrap/commit/2f4cee70fc583c60a4589c983043a346ac0145ea
> 
> new text reads:
>         This extends the informal set of "identifer type" values defined in
>         <xref target="RFC6125" /> to include a SERIALNUM-ID
>         category of identifier that can be
>         included in a certificate and
>         therefore that can also be used for matching
>         purposes. As noted
>         in that document this is not a formal definition as
>         the underlying
>         types have been previously defined elsewhere. The
>         SERIALNUM-ID whitelist is collated
>         according to manufacturer
>         trust anchor since serial numbers are not globally
>         unique.

This is actually not helping. I was looking for something like:

  DNS-ID = a subjectAltName entry of type dNSName

Basically I was asking for a definition of SERIALNUM-ID somewhere.

Best Regards,
Alexey

v2.23.0 | Report a Bug | By Email