Re: [Anima] representing ACP info in X.509 certs

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 23 June 2020 20:34 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CAFD3A0A1D for <anima@ietfa.amsl.com>; Tue, 23 Jun 2020 13:34:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2uIW9JgKYl2 for <anima@ietfa.amsl.com>; Tue, 23 Jun 2020 13:34:45 -0700 (PDT)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5546A3A0A07 for <anima@ietf.org>; Tue, 23 Jun 2020 13:34:45 -0700 (PDT)
Received: by mail-pg1-x52e.google.com with SMTP id s10so119265pgm.0 for <anima@ietf.org>; Tue, 23 Jun 2020 13:34:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=uLh+qmvNOTct6cVDYJKdzoAAIRsbY718OAgRR1d6qFM=; b=FBh2pKy8j/aHj6Ti1bU6fkBpqcqxBRprwqejcLgFReXvYR+kNidI8ALH+bUz01MbhF aJglfWynqL55NFNtdUC7oBPWEgPXp3N26M8/Uk2yc5BermgXdLsNfdfFtRg5IxAoO1bu cMhBwS/weEsZvErbMhOBStz6IVw++Xsjls70gsK+gkXXWeaPNBLi/ZlOqydEjb4QaYza WX9xxA78k/SQNodmiN/KDTFvZ0KgLSPTaF6hEcfVNSlF5kcq2u9KAjX+cMU/3K+/vLbF wAccW64hYdCDHIw9cTFyenKPRdg6GCiiD9oBbfvUcczKHc47+g4izj73Qgb3maVuzk8E PAzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=uLh+qmvNOTct6cVDYJKdzoAAIRsbY718OAgRR1d6qFM=; b=b3pEBuprOC7+o1hO/utdXn36BylhlmO8J0RJV28awcFL9HmF3KXaTHAZ/70DdEL5Bj KLdiPRV1Oz/fNfKK+crkt5HUzYCYg7/McumJ35HqOersFhhFqM99+yXpLNyAEKfgo2ME fc+Uyl16tTnT5RbaDAaWaClg1zw69k62UOCmMrzZEFunNmCURtFsB0sHWVgMA8XM/h5Z t6R5Ik03cEt3c5fdFdRhW87odAUd4rv6jt5UpL5uFninyLDNMPyDAiTkjpEdK6htffBO Dk5jvP/QDgPaQPiv1X9lcIcZ19C8W9nDaKK1+7/8E6N76tgrmt8jEtZQkgnptqxGiPMp fgAw==
X-Gm-Message-State: AOAM530khZwAxEyEk7CbypTtv13QRkiJ22dkK0HYKfLEfm4IB308R7O4 nAtT+BhBrhhr1t9NeKExveM=
X-Google-Smtp-Source: ABdhPJy/K+lHLBDdZsGFZTy2EzVdKHz8hkp167UHLD62335lSWvfu3kxf2vAZFqKcxRACbuPETut4w==
X-Received: by 2002:a05:6a00:7c6:: with SMTP id n6mr24825616pfu.120.1592944484818; Tue, 23 Jun 2020 13:34:44 -0700 (PDT)
Received: from [192.168.178.30] ([118.149.66.243]) by smtp.gmail.com with ESMTPSA id k7sm17981423pfp.84.2020.06.23.13.34.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 23 Jun 2020 13:34:44 -0700 (PDT)
To: Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>, "Owen Friel (ofriel)" <ofriel=40cisco.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>
Cc: Anima WG <anima@ietf.org>, rfcSELF+fd89b714F3db00000200000064000000+area51.research@acp.example.com
References: <ece7aed3-ede3-5546-4586-1d98d3f71183.ref@verizon.net> <ece7aed3-ede3-5546-4586-1d98d3f71183@verizon.net> <CABcZeBMncZSQOfYsoVS-ZZoSbqZGOg+vQ41OdzAejrRfVozhyQ@mail.gmail.com> <MN2PR11MB3901DD5D6176FEEA43EB9D72DB940@MN2PR11MB3901.namprd11.prod.outlook.com> <6981a76f-76f1-e9b2-319d-473c7a4bc847@verizon.net>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <6c4e402f-cce6-daff-aa16-6159340f0802@gmail.com>
Date: Wed, 24 Jun 2020 08:34:38 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <6981a76f-76f1-e9b2-319d-473c7a4bc847@verizon.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/tILbkxfa_HSKBlJegFSMHAQJXuw>
Subject: Re: [Anima] representing ACP info in X.509 certs
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2020 20:34:47 -0000


Regards
   Brian Carpenter

On 24-Jun-20 03:46, Stephen Kent wrote:
> Owen,
>>
>> Being completely pedantic about the RFC5280 text, nowhere in the text does it say that rfc822name cannot be used for anything but email address. It does state multiple times that an email address must be represented as an rfc822name, but places no explicit restrictions on what an rfc822name may represent. The text as is does not explicitly preclude use of rfc822name for ACP. This may be the widespread understanding of what RFC5280 means, but its not strictly what it says…
>>
> Common sense argues against putting something other than an e-mail address in the rfc822namem attribute.
> 
> I expect ADs to use common sense, as well as careful reading of prior RFCs, when making decisions.

Indeed, but that cuts both ways, since running code is our goal. No parser is in a position to say that rfcSELF+fd89b714F3db00000200000064000000+area51.research@acp.example.com isn't an email address.

   Brian

> 
> Steve
> 
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>