Re: [Curdle] Some work for the group

Nikos Mavrogiannopoulos <nmav@redhat.com> Thu, 15 December 2016 08:03 UTC

Message-ID: <1481788992.2779.15.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Jim Schaad <ietf@augustcellars.com>, "'Dang, Quynh (Fed)'" <quynh.dang@nist.gov>, rsalz@akamai.com, curdle@ietf.org
Date: Thu, 15 Dec 2016 09:03:12 +0100
In-Reply-To: <0e1701d254c6$46509670$d2f1c350$@augustcellars.com>
References: <D4701965.2CFAB%qdang@nist.gov> <1481295892.20432.16.camel@redhat.com> <0e1701d254c6$46509670$d2f1c350$@augustcellars.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/YK_LN6sVj1Rux6ERKsHAighMPYM>
Subject: Re: [Curdle] Some work for the group
Precedence: list

On Mon, 2016-12-12 at 14:22 -0800, Jim Schaad wrote:

> > the 3rd is banned. I kind of understand what the authors try to
> > achieve, but
> > adding local policies into RFCs does not make much sense
> > (especially if the
> > policy is dubious as in this case; one option with this particular
> > curve is banned,
> > with the other curves it is fine). The option (2) is apparently
> > better than 3, but I
> > do not see why the existence of better option should prevent a CA
> > from using
> > option (3).
> > 
> > Similar argumentation could be made for banning Ed25519R1 since
> > Ed441 is
> > better.
> > 
> > I instead propose 2 alternatives, (a) remove the prehash option, or
> > (b) create an
> > RFC mandating policies for CAs, which algorithms they MUST use and
> > which not.
> > A CA can chose to follow them.
> I think that option B would be more for the CA Consortium that for
> the IETF to do. 

That is exactly my point with the MUST NOT requirement.

regards,
Nikos

[Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Phillip Hallam-Baker
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Phillip Hallam-Baker
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Jim Schaad
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Jim Schaad
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Phillip Hallam-Baker
Re: [Curdle] Some work for the group Daniel Migault
Re: [Curdle] Some work for the group Daniel Migault
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Brian Smith
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Brian Smith
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Daniel Migault
Re: [Curdle] Some work for the group Daniel Migault
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Daniel Migault
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Ilari Liusvaara
Re: [Curdle] Some work for the group Daniel Migault
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Yoav Nir
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Yoav Nir
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Yoav Nir
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Dang, Quynh (Fed)
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Peter Gutmann
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group santosh.chokhani
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group santosh.chokhani
Re: [Curdle] Some work for the group Salz, Rich
Re: [Curdle] Some work for the group Yoav Nir
Re: [Curdle] Some work for the group Erwann Abalea
Re: [Curdle] Some work for the group Yoav Nir
Re: [Curdle] Some work for the group Erwann Abalea
Re: [Curdle] Some work for the group Santosh Chokhani
Re: [Curdle] Some work for the group Santosh Chokhani
Re: [Curdle] Some work for the group Carl Wallace
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Carl Wallace
Re: [Curdle] Some work for the group Stephen Farrell
Re: [Curdle] Some work for the group Yoav Nir
Re: [Curdle] Some work for the group Peter Gutmann
Re: [Curdle] Some work for the group Manger, James
Re: [Curdle] Some work for the group Peter Gutmann
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Russ Housley
Re: [Curdle] Some work for the group Peter Gutmann
Re: [Curdle] Some work for the group Nikos Mavrogiannopoulos
Re: [Curdle] Some work for the group Peter Gutmann
Re: [Curdle] Some work for the group Salz, Rich