IETF Logo Mail Archive

Re: [dane] New Version Notification for draft-osterweil-dane-ent-email-reqs-01.txt

"Rose, Scott" <scott.rose@nist.gov> Sat, 29 November 2014 01:11 UTC

Return-Path: <scott.rose@nist.gov>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC091A1BA3 for <dane@ietfa.amsl.com>; Fri, 28 Nov 2014 17:11:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60fFXdcsdp7j for <dane@ietfa.amsl.com>; Fri, 28 Nov 2014 17:11:44 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0117.outbound.protection.outlook.com [65.55.169.117]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3901A1A032D for <dane@ietf.org>; Fri, 28 Nov 2014 17:11:44 -0800 (PST)
Received: from BY1PR09MB0439.namprd09.prod.outlook.com (25.160.109.21) by BY1PR09MB0438.namprd09.prod.outlook.com (25.160.109.20) with Microsoft SMTP Server (TLS) id 15.1.26.15; Sat, 29 Nov 2014 01:11:41 +0000
Received: from BY1PR09MB0439.namprd09.prod.outlook.com ([25.160.109.21]) by BY1PR09MB0439.namprd09.prod.outlook.com ([25.160.109.21]) with mapi id 15.01.0026.003; Sat, 29 Nov 2014 01:11:41 +0000
From: "Rose, Scott" <scott.rose@nist.gov>
To: dane WG list <dane@ietf.org>
Thread-Topic: [dane] New Version Notification for draft-osterweil-dane-ent-email-reqs-01.txt
Thread-Index: AQHQCQxuhVAIDz8BGEOTwo7dkZFy4ZxzPAgAgAOUuAA=
Date: Sat, 29 Nov 2014 01:11:40 +0000
Message-ID: <F4D3904E-B160-4535-8514-BC7F7B57A8E2@nist.gov>
References: <20141126000329.7972.72323.idtracker@ietfa.amsl.com> <B81C95E2-0F2B-4E5B-B4C5-7CD25BEE6F0B@nist.gov> <7BAE5E4A-E08E-4B8D-B68E-8FCE16C51D53@kirei.se>
In-Reply-To: <7BAE5E4A-E08E-4B8D-B68E-8FCE16C51D53@kirei.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.222.137]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BY1PR09MB0438;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:;SRVR:BY1PR09MB0438;
x-forefront-prvs: 041032FF37
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(377454003)(24454002)(51704005)(189002)(20776003)(107886001)(110136001)(107046002)(64706001)(230783001)(86362001)(33656002)(36756003)(46102003)(105586002)(106116001)(66066001)(97736003)(95666004)(99286002)(106356001)(101416001)(19580395003)(83716003)(19580405001)(87936001)(2656002)(54356999)(76176999)(82746002)(50986999)(15975445006)(21056001)(40100003)(92726001)(4396001)(120916001)(122556002)(99396003)(92566001)(77156002)(31966008)(450100001)(15202345003)(62966003)(77096004)(104396001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY1PR09MB0438; H:BY1PR09MB0439.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1C81982082649E4289104DA8BE4F54BF@namprd09.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/WDpdnhLjYiGZehXs1kThiTMK7sc
Subject: Re: [dane] New Version Notification for draft-osterweil-dane-ent-email-reqs-01.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Nov 2014 01:11:46 -0000

The requirement comes from the desire to tie cert/keys with functionality.  Some enterprises may get their certs issued by CA's that set both keyUsage flags, yet want two certs for different purposes. MUA's will have to decide how to handle situations when the keyUsage field does not match the usage statement in the SMIMEA RR.  It should be checked, but behavior when there are discrepancies will need to be specified.

Also, being able to specify signing and encrypting functions for raw keys may come in handy.  It also helps in the reject case, where a domain can reject one usage for a cert.  

Scott

On Nov 26, 2014, at 1:30 PM, Jakob Schlyter <jakob@kirei.se> wrote:

> REQ-5: Please elaborate on why normal certificate keyUsage is not usable to distinguish between certificates used for encryption/signing.
> 
> 	jakob
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane

===================================
Scott Rose
NIST
scott.rose@nist.gov
+1 301-975-8439
Google Voice: +1 571-249-3671
http://www.dnsops.gov/
https://www.had-pilot.com/
===================================

v2.23.0 | Report a Bug | By Email