Re: [Dance] client-id and client-auth WGLC summary
Shumon Huque <shuque@gmail.com> Tue, 28 March 2023 01:46 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9B13C1782AE for <dance@ietfa.amsl.com>; Mon, 27 Mar 2023 18:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSsZgJVcI3qQ for <dance@ietfa.amsl.com>; Mon, 27 Mar 2023 18:46:28 -0700 (PDT)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5228C17B321 for <dance@ietf.org>; Mon, 27 Mar 2023 18:46:28 -0700 (PDT)
Received: by mail-io1-xd2c.google.com with SMTP id p17so4746893ioj.10 for <dance@ietf.org>; Mon, 27 Mar 2023 18:46:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679967988; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TIejKfUOwgDG4K0kbF7bbeNaZapcbtbE1QqqwEfbsQk=; b=Hb5bmRUADWVcdUmPBhCiHGrJ+vL+QheRrOVkJWt2QOULFBwCNjqc9aB+va9B64diBa lhdtsZlaHG8sx6MXnhpAKJ0FWjq9nLUqECTcw48R6VhJukDdZjhyMfKZJj8a5QRhWP8J uJLtxoq2SoFdNLW5CKXt9YRGgkaivYINj4dMvsl7xTdsrLIqgMUOzk0zTzNsWhB37Dc/ aQWwiokj+3hPli/1KMmO0AzsM4Bt6o94yCGAOoJPaudfGZ7eyjNrqDFInB4IQ9C1Elmt r71owTL9G0mQl90hoJ8O4UddFBOTphWWObjN5IBIBjYH4hOMea8mbyI8rMvAoDiaGAfh l5XA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679967988; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TIejKfUOwgDG4K0kbF7bbeNaZapcbtbE1QqqwEfbsQk=; b=P7f+ApomtQ3oS2nvr44qlYaNJJfggIzkYDAvrw0rusQbp3/i9mAvkVXrGHhaHBqBmd Z7aag6BEMVaLjPcHapEVtfp6vmnIys+zzssrS7NL1SroftRhVdOBi8Ckp9vAMJMR+L6L z3mPefNJrH7Qclqg5WQd6/V4gtmdFpcQdyntNTVoAOEescI6NAggCi2etg6BmP70X9s3 /aFAjAkAjCmrVok2Yn/s/vjdY1Wyfh1rkIuuivLYwTdCWJDeJYWUpVwzdn7AqhsGOmCW P/ksIjE6dueZlkdiY0rY+r+64r+ZJzkzbcwfSyfgPhEqabagpQktmpuRog+gKpRewNDU b8NA==
X-Gm-Message-State: AO0yUKU4MGLgJZ76bEgJCbuCF1X0j8pbkZfQPZAPzUdkerg2Ms6TJTeY cIIecz1a9CGAuNxFCL44lKJgJrDpwkLbzVcohG0=
X-Google-Smtp-Source: AK7set+V2HQWO7SrcM63GiyDiZqR8f90Q1u71BW08dIdp5QQmDl6INUWs6CayJGGTPYyd7+M6j8Ibepaher+bzjzQpw=
X-Received: by 2002:a05:6638:22a1:b0:3ae:e73b:ff26 with SMTP id z1-20020a05663822a100b003aee73bff26mr5331515jas.1.1679967987663; Mon, 27 Mar 2023 18:46:27 -0700 (PDT)
MIME-Version: 1.0
References: <CAEhLragxtY9vExBsHi=31GbNRzeXc8=tZznFK=MwJCc+xHEdKw@mail.gmail.com>
In-Reply-To: <CAEhLragxtY9vExBsHi=31GbNRzeXc8=tZznFK=MwJCc+xHEdKw@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 28 Mar 2023 10:46:16 +0900
Message-ID: <CAHPuVdWmopid=QPY6ub9ibs_PhmvCfTPRQ=P_V6FuR6VXEVTDw@mail.gmail.com>
To: Joey Salazar <joeygsal@gmail.com>
Cc: dance@ietf.org
Content-Type: multipart/alternative; boundary="000000000000238b9605f7ec0700"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/clM2HAcZML7lkVkKV3x3Nb55nq0>
Subject: Re: [Dance] client-id and client-auth WGLC summary
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2023 01:46:32 -0000
Thanks Joey for compiling this feedback. I've been sadly swamped by the day job, so didn't have a chance to review earlier. I'll be reviewing these suggestions this week during IETF. Viktor - can you help me review? Thanks, Shumon. On Thu, Mar 2, 2023 at 1:24 AM Joey Salazar <joeygsal@gmail.com> wrote: > Hello DANCErs, > > WGLC was held in November for the 2 extension documents; client-id [1] and > client-auth [2]. > > Here's a summary of the feedback received. > > client-id: > > - The draft SHOULD say what RR content it expects > - Needs a check regarding the supported TLS version, the reference > used for framing extensions (RFC6066 vs RFC8446) and for the architecture > document > - Request for clarity on the ClientName limit definition and the > decode_error alert and a closedown of the connection when using empty > dane_clientid extensions defined as <1..255> > - Request for consideration of the use case for mixed environments in > terms of certificate_authorities > - More stiff requirements suggested in order to improve > interoperability and reduce code complexity > > client-auth: > > - Request to add domain name example and text on the use of wildcards > and DANE-TA > - Request to consider the potential need to encode the transport label > - Request for clarity on the security considerations from RFCs 6698 > and 7671 > - Request for clarity on the exception that allows for SHOULD when > using X.509 certificate and a suggestion to change it to MUST > - Smaller wording suggestions and nits IRT DNSSEC validation, > distinction between TLS and DTLS, [_service] and device notation, > references for both RFCs and inactive drafts > > Looking forward to the upcoming discussion about any of these points and > updated drafts, > -- > Wes and Joey > > [1] https://datatracker.ietf.org/doc/draft-ietf-dance-tls-clientid/ > [2] https://datatracker.ietf.org/doc/draft-ietf-dance-client-auth/ > -- > Dance mailing list > Dance@ietf.org > https://www.ietf.org/mailman/listinfo/dance >
- [Dance] client-id and client-auth WGLC summary Joey Salazar
- Re: [Dance] client-id and client-auth WGLC summary Shumon Huque
- Re: [Dance] client-id and client-auth WGLC summary Shumon Huque
- Re: [Dance] client-id and client-auth WGLC summary Joey Salazar
- Re: [Dance] client-id and client-auth WGLC summary Michael Richardson