Re: [Dance] [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries
Dick Brooks <dick@reliableenergyanalytics.com> Thu, 08 June 2023 15:28 UTC
Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67CBEC15108C; Thu, 8 Jun 2023 08:28:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=reliableenergyanalytics.com header.b="ib/cV71w"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="fv6U8DmZ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MdQwbXTzNvlN; Thu, 8 Jun 2023 08:28:32 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F6BCC15108B; Thu, 8 Jun 2023 08:28:31 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 6687F5C01CC; Thu, 8 Jun 2023 11:28:29 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 08 Jun 2023 11:28:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= reliableenergyanalytics.com; h=cc:cc:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:reply-to:sender:subject :subject:to:to; s=fm2; t=1686238109; x=1686324509; bh=8LceVXaO5s dxdBVmwlW6D39HKjkr42Fx4qBNbZ9RYqo=; b=ib/cV71wKO064kvjJPjrasvVJQ UDy5C4nQNmtg5aM5HVdV/s3+OgY8MK5jFIZyGJeXOX2fhVdUy7gHk1dgzlH/HrPy HUpodm+Bazet2svWYVPauPBLtWaPeAyZCvEneSOGkiV66IFrq57vZEWUXqsYONkT 0jJkxtW6AmILxILEUxxr+Uic5HF3L8q8WShAbd4kChPbTOCkH6jKKGso5YwMFYbu f5aKZqqgC3N8xmshYGKEV7pSRwCANZZK7F9vU0f/tqsE1Ruh9b2zJU6DJ4t2i2b5 tRA4fFbYEDe765yLVbEsKW816WjzWr63CwEUiCqS972ufOychlNcRjVQxh/A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1686238109; x=1686324509; bh=8 LceVXaO5sdxdBVmwlW6D39HKjkr42Fx4qBNbZ9RYqo=; b=fv6U8DmZ+EZUPHY7s 419qx4R5RL1eaiquntSKUCFm2FtqIWW514PEy6yedUcs/iKEv+62XuyGebeyC6NG 6Xi/rq1QKQkV4yMplN+deziw1QJYIut+jBtUCMej7rFcEy+tx9p+IhLyZ0auhfda oM/UwTyL4cGJu84607wpYN5sZ50ESXs8K2PUjRIBgH35eU6vhIDWdrteswh9SXCh Oie8iIvvsYBCiWzV4lPcB4O9qNtHXi1PI+bZC2XDz4qFpFdn6rHs0rT65ed6cRLH KvUOWzzi9ba8aj29/oIUGTymBWOqSaBq8qc0IFYocojf0jvGYN4/cDdxFG8JFldk 4tMvA==
X-ME-Sender: <xms:nfOBZFre07Nwko5-4SJNDzLkqwY-Pfivav4cNYZYoJ6lDDmieW2mpA> <xme:nfOBZHqk6DmeEGpbOggkRrPPWXAkOKPmJBaH6GdRXlvtVxtjXzMd0L8oQH9xH4Y0G TSeqHPH-HV6PaxtAA>
X-ME-Received: <xmr:nfOBZCP8qw82qmGzxKdhQ99U1UtgYnGkxOVzK7RhJN3HhsXlbRYaWb0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgedtiedgkeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdlqdefmdenucfjughrpehrhffvvehfjgfuffhokfggtgfothesrhdt ghepvddtjeenucfhrhhomhepfdffihgtkhcuuehrohhokhhsfdcuoeguihgtkhesrhgvlh hirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomheqnecuggftrfgrthhtvghr nhepgefgfffglefhudejfeffgfeffeegteelteekgeehveegudduueevtdffhfeugeelne cuffhomhgrihhnpehrvghlihgrsghlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhm pdhivghtfhdrohhrghdpihguvghnthhithihrdhfohhunhgurghtihhonhdpvgigrghmph hlvgdqihhsshhuvghrrdgtrgdpfiefrdhorhhgpdhsvghnrghtvgdrghhovhdpghhithhh uhgsrdgtohhmpdhtrhgrnhhsmhhuthgvrdhinhguuhhsthhrihgvshenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeguihgtkhesrhgvlhhirggs lhgvvghnvghrghihrghnrghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:nfOBZA456T9EOJoTcU-3BCGv3SwVLkMTa4R_PE1iBK1phVKH7em1oQ> <xmx:nfOBZE6ju7ilwmDmz0yhA4krrDXfMQQTAbRse4y0Sc5Q4cvaf-aclg> <xmx:nfOBZIg4a-14-wc4L4C9LEVait086ojZbMCNjv4bwIhAsBt1g_zy3Q> <xmx:nfOBZCknP7zMwXVWWD4aiuFgEvApoBZzZez7WSMDystGQxrndtDz-A>
Feedback-ID: i57d944d0:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 8 Jun 2023 11:28:28 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'Orie Steele' <orie@transmute.industries>, dance@ietf.org
Cc: jacques.latour@cira.ca, uta@ietf.org, 'scitt' <scitt@ietf.org>
References: <CAN8C-_KcJ8G+QX99SA859N=oS8-cXqziy-WwovV7jUS6GM29EQ@mail.gmail.com>
In-Reply-To: <CAN8C-_KcJ8G+QX99SA859N=oS8-cXqziy-WwovV7jUS6GM29EQ@mail.gmail.com>
Date: Thu, 08 Jun 2023 11:28:26 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <496501d99a1d$dfa175d0$9ee46170$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_000_4966_01D999FC.588FD5D0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGOHO/0k9aNAEwiOsaNeHeDRZ4IPLAYARlg
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/E8nuUsutQJCrOTpmadicYt44vso>
Subject: Re: [Dance] [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2023 15:28:37 -0000
The NTIA SBOM initiative discussed the potential use of uri’s based on an IANA registered dns syntax "SupplierID": "dns:reliableenergyanalytics.com" Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: SCITT <scitt-bounces@ietf.org> On Behalf Of Orie Steele Sent: Thursday, June 8, 2023 11:22 AM To: dance@ietf.org Cc: jacques.latour@cira.ca; uta@ietf.org; scitt <scitt@ietf.org> Subject: Re: [SCITT] Leveraging DNS in Digital Trust: Credential Exchanges and Trust Registries Original thread: https://mailarchive.ietf.org/arch/msg/dance/g0eSMxmZzb1ucsFtgkVkICV5Hh8/ I read https://www.ietf.org/archive/id/draft-latour-dns-and-digital-trust-00.html <https://www.ietf.org/archive/id/draft-latour-dns-and-digital-trust-00.html> Previously I had read: - https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/ - https://identity.foundation/.well-known/resources/did-configuration/ (I'm co-author) I don't understand the role that "example-issuer.ca <http://example-issuer.ca> " is playing in these records. Why is there a need to structure the record "key" to include CA information? Is https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/ relevant to this conversation? I wanted to share some related work, from BlueSky: They support linking https://www.w3.org/TR/did-core/ to specific domains, this allows for the natural control of a domain to be used to establish the natural authority of an identifier, For example: dig -t txt _atproto.wyden.senate.gov <http://atproto.wyden.senate.gov> | grep 'did=' | grep -o '"did=.*"' | jq -r 'split("=")[1]' https://github.com/w3c/did-spec-registries/pull/515 I would like to see a standard way to link decentralized identifiers to domains documented somewhere at IETF. Including UTA & SCITT in case there are folks with relevant comments. Regards, OS -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries/>
- Re: [Dance] Leveraging DNS in Digital Trust: Cred… Orie Steele
- Re: [Dance] [SCITT] Leveraging DNS in Digital Tru… Dick Brooks
- Re: [Dance] [EXT] Re: Leveraging DNS in Digital T… Jacques Latour
- Re: [Dance] [EXTERNAL] Re: [SCITT] Leveraging DNS… Antoine Delignat-Lavaud
- Re: [Dance] [SCITT] [EXTERNAL] Re: Leveraging DNS… Dick Brooks
- Re: [Dance] [EXT] Re: Leveraging DNS in Digital T… Orie Steele
- Re: [Dance] [EXTERNAL] Re: [SCITT] Leveraging DNS… Orie Steele