[DNSOP] CAA and the LAMPS Working Group
"Paul Hoffman" <paul.hoffman@vpnc.org> Fri, 09 February 2018 17:16 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D71512D77C for <dnsop@ietfa.amsl.com>; Fri, 9 Feb 2018 09:16:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7L79LLUQY6lH for <dnsop@ietfa.amsl.com>; Fri, 9 Feb 2018 09:15:57 -0800 (PST)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AB811250B8 for <dnsop@ietf.org>; Fri, 9 Feb 2018 09:15:53 -0800 (PST)
Received: from [10.32.60.161] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id w19HFVGJ081899 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dnsop@ietf.org>; Fri, 9 Feb 2018 10:15:32 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.161]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: dnsop WG <dnsop@ietf.org>
Date: Fri, 09 Feb 2018 09:15:50 -0800
X-Mailer: MailMate (1.10r5443)
Message-ID: <7544B3DA-5948-4443-896D-6C5E114FED13@vpnc.org>
References: <151819552936.1301.2604488310643481748.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2huoVfnvw4soC_q8wqA5q2xFEJQ>
Subject: [DNSOP] CAA and the LAMPS Working Group
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 17:16:00 -0000
Greetings. There was a recent burst of interest in the CAA DNS record type here in DNSOP. The IESG just sent out this proposed update to the LAMPS WG charter. If you are interested in CAA, you might want to comment on the proposed charter and, more importantly, contribute to the CAA effort in that WG. --Paul Hoffman Forwarded message: > From: The IESG <iesg-secretary@ietf.org> > To: IETF-Announce <ietf-announce@ietf.org> > Cc: spasm@ietf.org > Subject: WG Review: Limited Additional Mechanisms for PKIX and SMIME > (lamps) > Date: Fri, 09 Feb 2018 08:58:49 -0800 > > The Limited Additional Mechanisms for PKIX and SMIME (lamps) WG in the > Security Area of the IETF is undergoing rechartering. The IESG has not > made > any determination yet. The following draft charter was submitted, and > is > provided for informational purposes only. Please send your comments to > the > IESG mailing list (iesg@ietf.org) by 2018-02-19. > > Limited Additional Mechanisms for PKIX and SMIME (lamps) > ----------------------------------------------------------------------- > Current status: Active WG > > Chairs: > Russ Housley <housley@vigilsec.com> > > Assigned Area Director: > Eric Rescorla <ekr@rtfm.com> > > Security Area Directors: > Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> > Eric Rescorla <ekr@rtfm.com> > > Mailing list: > Address: spasm@ietf.org > To subscribe: https://www.ietf.org/mailman/listinfo/spasm > Archive: https://mailarchive.ietf.org/arch/browse/spasm/ > > Group page: https://datatracker.ietf.org/group/lamps/ > > Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/ > > The PKIX and S/MIME Working Groups have been closed for some time. > Some > updates have been proposed to the X.509 certificate documents produced > by the PKIX Working Group and the electronic mail security documents > produced by the S/MIME Working Group. > > The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working > Group is chartered to make updates where there is a known constituency > interested in real deployment and there is at least one sufficiently > well specified approach to the update so that the working group can > sensibly evaluate whether to adopt a proposal. > > Having completed the S/MIME 4.0 specifications and updates to support > i18n email addresses in PKIX certificates, the LAMPS WG is now > tackling > these topics: > > 1. Specify a discovery mechanism for CAA records to replace the one > described in RFC 6844. > > 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and > S/MIME. > > RFC 6844 describes the mechanism by which CAA records relating to a > domain are discovered. Implementation experience has demonstrated an > ambiguity in the current processing of CNAME and DNAME records during > discovery. Subsequent discussion has suggested that a different > discovery approach would resolve limitations inherent in the current > approach. > > Unlike the previous hashing standards, the SHA-3 family of functions > are > the outcome of an open competition. They have a clear design > rationale > and have received a lot of public analysis, which gives great > confidence > that the SHA-3 family of functions are secure. Also, since SHA-3 uses > a > very different construction from SHA-2, the SHA-3 family of functions > offers an excellent alternative. In particular, SHAKE128/256 and > SHAKE256/512 offer security and performance benefits. > > In addition, the LAMPS Working Group may investigate other updates to > the documents produced by the PKIX and S/MIME Working Groups, but the > LAMPS Working Group shall not adopt any of these potential work items > without rechartering. > > Milestones: > > Apr 2018 - Adopt a draft for rfc6844bis > > Apr 2018 - Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512 > > Apr 2018 - Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512 > > Apr 2018 - rfc6844bis sent to IESG for standards track publication > > Sep 2018 - SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for > standards track publication > > Sep 2018 - SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for > standards track publication
- [DNSOP] CAA and the LAMPS Working Group Paul Hoffman