Re: [Anima] representing ACP info in X.509 certs

Stephen Kent <stkent@verizon.net> Tue, 23 June 2020 15:46 UTC

Return-Path: <stkent@verizon.net>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7FEC3A101C for <anima@ietfa.amsl.com>; Tue, 23 Jun 2020 08:46:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylkf9YTgSNQ4 for <anima@ietfa.amsl.com>; Tue, 23 Jun 2020 08:46:21 -0700 (PDT)
Received: from sonic315-13.consmr.mail.bf2.yahoo.com (sonic315-13.consmr.mail.bf2.yahoo.com [74.6.134.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C73963A0FF6 for <anima@ietf.org>; Tue, 23 Jun 2020 08:46:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048; t=1592927179; bh=AordG0q1pHo3X6Hu7iXf4Sf2916UPPskM9yBYYbkPio=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=osY8sFZYK0TtwwWQ4RjZ8cNRvMbw2XpGF1+d2x5OjNDA44+PUXlRtM06OAYEdNVdfTMBGXu//fx0WFh1DYPZAji5uTfX9nPH5pt58wXJji5RP48T4D3m3ROIIKdx0hS9aMssBtqQaIARUdA+ZTH5JkX4+1IvkveAgNnMaNGfcp9KOO8mt8SPNIyEyOfFjGF+HWkdunOR0K1Ds3KlIeUoX+P4zbUTgTM75vQmJ41G+N+Fp6GiqfBmC9HB5Cgjmug7YGaigdScMpwVI1SNb7vUG4mDvSJcTLcNkwALHHRPyniwWrz+pkCtLjFgyypmNErOCUc0lkOgYTP4XkQm2Lb2mw==
X-YMail-OSG: Cg5G2loVM1m53pCTEiX8QvChTyRbNorjD6VVg9Jx5dLGHoncIQ96qlL1dRJYCAO oW7cN7mV.3iD_MmbsRlPNKOWhxWAmdh407pxAd4cVfwtZ6473_r1p.oZ7SUS1TdGQSxT0.u3ayEc gyVQpUatZn85s26.sVUQmVDhtmlxhdaflVQKwaZmOzFLzaKN4PmAgfGZ_IsrYCPxPH6Ofmu_82lq YMXKpqvwYaEZBDXAtS5JgZTrfh4Uk2UjevEU.CN5_LZmHtOe3.lthFSxEdhxumU2YnxqAXKb7Z6u KAgZUcxwkZzTkJbaSeq0rMuATimOAOUc.yE3q_HBHTa15.FyvekAjtj3KWIOJ92Iy1WGULfmSOSS uoAjxVZeTZCHeDo1vCljYjRNPyaLcLrM.lqb7ucz8lBR9DCg_xnNWZPyf3wGsgGyJPoq8_tYFVpv MAlZpwTIppZHdzixz2f1XugF8dzCtB7nHiDZQaxo5rLh5.TouOPDbZwIkqT5oUhmLqcrzRjV8sp4 k6lq8IFgCY6u1wXH8iWutGo8vKX2CDI_bwlJjM1._wS1e0XLThs5ZV5pPzBf_omQdpcuPRVlfkfr 1YkkQ7vobppfXLy7xvoQfY7.jrmOAUu25JjBEpFP6WdTxz4PD75KkBnEzdWTr.CdSQwiEQAnyCYa GmcvwobXNfWZv2UcAi5y5CKZYfP2NYuViduku1ULXT6Ncnipe9cxR3bg.8q0fQdsm2uA8ouGit5i E9iG9xZt.g7GwerpHLbkIESQNXwsfvP1rWX65bZElwk2WjnVsbPRpAt1QScO4ypW9uhyasB3aMu0 LjrjQHqaVGOoE1gFYAFZuZ_8fYPYSvL_WiiAOJ9mXyF33hzC0AXc1J6pypnJc5m.wqZI2xvra6pw 53mP7h.lF2OOdKBOV80Eo4u9vanLWfB4v_ICXI2SbIKeKSf2Wt_Fg7lD9JkhFpuQNJEaRxAFy88j hLA6ZtwI5msqBNaYHJKpoZq8ooKRYDqKCIjkqJt3sJATHbXtrcFr9O56d2l4dHQDcDyNwnl14uYa kgiA8zRcKl5izSbByHhiL5T_4X8OCXS11y5V75Gd_hEFM.hBwFpZIJ8rWjTjjs1lt.TkQfhBarLL _3BIqdC5KRZt69EeV1MvVi4GXmRThiIsYS4AsFNAi81dlg0CTWTuix9m126OsLZHA3AcpyAJwYcQ D4UgzPgwnjIAQhPk2Z2ngU1D.KJxRSwmV5Zueq1e7QtYm9lU6HWT6_4OIWjdfhquk.c3vxBvf5gL 9qsnKqnajpjgFqU82rsGtBKvK5FjeD4crqg40E7L7mddxhU_P5lRocTBZGT3Q10G3VajkluQRKGu iDU0BNkuvm6XcRFzT5QbHsGWT.HOlsUjqK2Ll3l8Ol3SLhzRQtyNW8KJUIBGaFlJYsv90UVUtZvs ThjGP0P_7r5EvfDEA6hcg4crLSHjcRGkLM0FyYa2JdMODydR8zkFPd6L8VbQvLrxT5_PbzolJrBc nDMoo
Received: from sonic.gate.mail.ne1.yahoo.com by sonic315.consmr.mail.bf2.yahoo.com with HTTP; Tue, 23 Jun 2020 15:46:19 +0000
Received: by smtp420.mail.bf1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 7e644a492fef1793d5d9f7a232f7568a; Tue, 23 Jun 2020 15:46:18 +0000 (UTC)
To: "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>
Cc: Anima WG <anima@ietf.org>
References: <ece7aed3-ede3-5546-4586-1d98d3f71183.ref@verizon.net> <ece7aed3-ede3-5546-4586-1d98d3f71183@verizon.net> <CABcZeBMncZSQOfYsoVS-ZZoSbqZGOg+vQ41OdzAejrRfVozhyQ@mail.gmail.com> <MN2PR11MB3901DD5D6176FEEA43EB9D72DB940@MN2PR11MB3901.namprd11.prod.outlook.com>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <6981a76f-76f1-e9b2-319d-473c7a4bc847@verizon.net>
Date: Tue, 23 Jun 2020 11:46:16 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <MN2PR11MB3901DD5D6176FEEA43EB9D72DB940@MN2PR11MB3901.namprd11.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------F4446BF5597D945CBEA2A756"
Content-Language: en-US
X-Mailer: WebService/1.1.16138 hermes_aol Apache-HttpAsyncClient/4.1.4 (Java/11.0.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/U-sBHp953UO43-cKk9VaUYo4uA0>
Subject: Re: [Anima] representing ACP info in X.509 certs
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2020 15:46:34 -0000

Owen,
>
> Being completely pedantic about the RFC5280 text, nowhere in the text 
> does it say that rfc822name cannot be used for anything but email 
> address. It does state multiple times that an email address must be 
> represented as an rfc822name, but places no explicit restrictions on 
> what an rfc822name may represent. The text as is does not explicitly 
> preclude use of rfc822name for ACP. This may be the widespread 
> understanding of what RFC5280 means, but its not strictly what it says…
>
Common sense argues against putting something other than an e-mail 
address in the rfc822namem attribute.

I expect ADs to use common sense, as well as careful reading of prior 
RFCs, when making decisions.

Steve