IETF Logo Mail Archive

Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC

Benjamin Kaduk <kaduk@mit.edu> Fri, 11 January 2019 02:26 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 665B512D4ED; Thu, 10 Jan 2019 18:26:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXqbjqJcAfh5; Thu, 10 Jan 2019 18:26:07 -0800 (PST)
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-dm3nam05on071c.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe51::71c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6E5112950A; Thu, 10 Jan 2019 18:26:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j3SDmy7yVT2kEV9QuZvVNqcHWO43LtyogJra9kXjFuQ=; b=TRmU3YI7Rbvf0/WqeY/gPPfiBbJFiO7PffejfEx/VMhAMaQBl87cYTApLAe/JvEeh383RWY7ILqNBFqnqnyDmQfrsycQswP1KTFgiGxzYmI8FTc7kWH8g7Uaht4kFjs2dsl3corn643TRcI+10o0UvIbxYBFp00tcNsOlm7lvjE=
Received: from BL0PR0102CA0056.prod.exchangelabs.com (2603:10b6:208:25::33) by DM6PR01MB5530.prod.exchangelabs.com (2603:10b6:5:153::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1516.14; Fri, 11 Jan 2019 02:26:05 +0000
Received: from CO1NAM03FT022.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::200) by BL0PR0102CA0056.outlook.office365.com (2603:10b6:208:25::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1516.15 via Frontend Transport; Fri, 11 Jan 2019 02:26:05 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT022.mail.protection.outlook.com (10.152.80.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1471.13 via Frontend Transport; Fri, 11 Jan 2019 02:26:04 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x0B2Q0bP013350 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Jan 2019 21:26:03 -0500
Date: Thu, 10 Jan 2019 20:26:00 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
CC: Russ Housley <housley@vigilsec.com>, LAMPS WG <spasm@ietf.org>, "draft-ietf-lamps-hash-of-root-key-cert-extn@ietf.org" <draft-ietf-lamps-hash-of-root-key-cert-extn@ietf.org>, IETF <ietf@ietf.org>
Subject: Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
Message-ID: <20190111022600.GF28515@kduck.mit.edu>
References: <154594881588.11855.12133790922363153381.idtracker@ietfa.amsl.com> <1AB99D11-5B25-4A97-9FFD-17E318ADD739@vpnc.org> <87va35o7pe.fsf@fifthhorseman.net> <38891959-38F6-4FA5-B7B1-ACB50921E300@vigilsec.com> <87k1jlnxnu.fsf@fifthhorseman.net> <2AB77CF4-ADD6-4EE6-ABB2-BCDAC4BF6631@vigilsec.com> <87imyxh8fy.fsf@fifthhorseman.net> <175B8CA7-17E8-48EC-BEFA-9E5D4B685B48@akamai.com> <87y37tf71a.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <87y37tf71a.fsf@fifthhorseman.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(39860400002)(376002)(396003)(136003)(2980300002)(199004)(189003)(305945005)(8936002)(54906003)(33656002)(4326008)(246002)(7696005)(316002)(75432002)(53416004)(23676004)(4744005)(36906005)(106002)(8676002)(104016004)(106466001)(786003)(6246003)(476003)(2870700001)(956004)(88552002)(446003)(426003)(26005)(86362001)(229853002)(58126008)(2486003)(126002)(26826003)(76176011)(5660300001)(2906002)(336012)(186003)(478600001)(55016002)(93886005)(1076003)(486006)(6916009)(356004)(50466002)(47776003)(11346002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR01MB5530; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-Microsoft-Exchange-Diagnostics: 1; CO1NAM03FT022; 1:Wdc8D/L9MS5u6aGEETNxOM1AShfSHo80vcgrKa0ff4CllgbFh0kTblk4L0M1cTODiX25YOdyhJQwcIa/DbIR6l4Zr1Iq6YGHH0/Kb+OfWTVc8n4PEQLGoo4Q8osPk7F5
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6fef3b40-997f-4dfe-4d0d-08d6776c234d
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(4608076)(4709027)(2017052603328)(7153060); SRVR:DM6PR01MB5530;
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 3:5JjPrkHXIsiQlg/GKQuX3A3Gih60hSnBRiy0jQ5hHBiLz8xjDCU0MGHDi3U72eLVmOUXzYS13gcE4SCPcpPwXCthG1gTlxhP2Cdk7h94zJCak1BlVBGjAziCnYGijaWVSyW9Bf2XFTwYhwX1n+nYKd72Xwk3WUEemAS9oCsIbMBPIb6hTABCXCOVsfIX0TJu8IlC4mIX6fxP5pZdzbxAiy8WDUPhsUVKwaOQ/aEw1dw447y9iL3LJ++wiIivZJlx3uLqLL72pJl5oifVkcYhHgF1o0OuZridzj19DKRanWZYQSCgfKc6cnFLfEGd2EZR0OoBXr25WeUq17RV6Pi7iWBddp7rQHvvo8s7+K1dKojI2rwMksHXt9eNJMiCLJYr; 25:DxYveEnb4gzKlFDLa7QxMlkfgx0+Vxi0Y+UHoa75vDK5R6Bst/XjmtLNDStqQiaSrdMdtDsxlLk3+FYn9ONYNLpQNdY89+wik6iTD7RLRlJ2vTRaedyAh1jMuvNdRsKt5VTWQXFneNN/irjacSppOX5+X8B2dSXIJwM2eATK3SaWwfT32loz8Fz43sV4JIVILxMq7SdF7RL9q14bG50puRjk825lj7ysfLm49z7IHK8mZwEARtSLwiw1JyXeyxAba1A0MvwLtbrcYBG+rGb/CGxeMieP8a1zNQRhNpUlVwnm579qNjwOHtocNiFDAA89AzgGL8gCjOHzdQvA96pmZA==
X-MS-TrafficTypeDiagnostic: DM6PR01MB5530:
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 31:4zx2q65u0XHOJEb3KubjPzcc0ovFb7wae37X6DJXHLxapxfycpoS42BcKYI5wZJgKH47eMNqFJT4Dn0kH0y2PG1+wGxsFi0TjsUpSTRAEL+Ox01q/njuGb1E/8y2I71126/i9XNG6w+cICzTGBWlF4HAq3Zerok4oFHD8Pcc1xv6OJJvnUpSnmzr5b9yJ7QbLAMtIEaOsjLkFPlHrS3gef0wq3uwvn84BLmSyrQC4Os=; 20:vZ3Gc0ySkGknUbuNNZjkHPgaEnoVdnVPNcTIqrUcMB13NikGynJw+rUW/dIkDyFVjwJt6b0VNltAnDja5iGOWl8PiGLUjDh75309guW7QS6S68p9LmwSpa4QA1C1t8mP5IsrdWfw4EWOtO6ilOSGw44LquRntLOIkM2Q0QWQkBEWqgRbXATl20rAve3s3+8h12THo/3Fw6j/b/DUQ5sch2sjalhNqQIF19x0X5aELYy+FXak+/pqbW66+0CGEhiEUE76tNHPGcraSC0MKFMkopHtipDZ24HePsibcWsnNzgatareQyLWvtFFPVhH1mLKaOnaO/5mgQPK2icXFBHTQdqMKjbr1gss/gdGhPfEdHHpGgbm4pUvm81EmXNLIGKetk/Nma/p0W30Qw7pOvyu6K0282LdDMxksikh6XEq+u4SM5tqaVPqIZezBDUt/sPIEDAiri6xpKGnPI6EhvLffX6VVAEiUwTagkkNAhtbYz+xywFLQZCQ6CqehRoxd7nKYdBuclCKsYjbhIrE1WpikRuNkSyeV3Zj/ffcncthBfOkDxMnGA0zzbtcZqTlPNSqSw7yQELJPHF4Bye0A3VM57w0mWeFUMTPErtRRfKk//4=
X-Microsoft-Antispam-PRVS: <DM6PR01MB5530733994340ED699350413A0850@DM6PR01MB5530.prod.exchangelabs.com>
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 4:tGOQPh0tChhyuTN5qepV/GAM5ke2FR7Qb4npBmTA43oGCdb3WG2sRVGXlUw6Meb9kmRsMzZj/UpMbXXsvK0pkhjm4D1zU6VAw50SIgg+w9zSFZqfdYaZhCLSSgnWN8Xn4+9MB1Gs7tN9tABME/7q1HPIi+XiT/EHkuwzzESxCUa4fgGFjUi9KB6JKk/X9tXess2hhAzZWwCfP4ahdUkv1fMQckfPB6vY3TVR69vs1tELvOyrha6NB+oPQgua7O2Kg3yESKhZiOarQ7JgzrHPmr9MfYYuHM9wxWsYRfmcw1s=
X-Forefront-PRVS: 09144DB0F7
X-Microsoft-Exchange-Diagnostics: 1;DM6PR01MB5530;23:TBsV7whaUfbeePyoW4QCSJPvrHwyk2p9WUEVYjWwF1rqYkgye/2KdTgtF10FMoYnZjf9KQMFyzt4w6t5idJ1A8KbRTeGDiqVky0aIGaWKK0i6ifN3cslPoHvI4DW+h2DzjWIe5wX93IuzbnvyHB2D+J0Edxk6oRajSpjTrenwFYW4mPbCeL4EAl5PWp4MmgdliQcA+2XZQixJx5qwId9J8xJ1CgPQ3DyTS6DwdMiEke05rTAZwvBhFuRAKgKyDTszNcd0PeOGX8fsnPZEwahm21dY5cJRdlrgCzXTt+r4sLXNVz24iiMwVpwALDRHGBHzk0Q4NA+4La7KruhaoEX/L3CnB6BklDtVCzk7Xj+OZ+dqZgWKKWxXJ/NCYRSHpu7rzTdKFWKswgfva/n0hjkH/3Chl+VEnAulpu/wFEcVVtzboBtOibXroyu0ruobO/l51r0Ja5XSrnFba6xhmdfQSSvz8teYxMNoJXttFJrwRyVGeJUVkuTL1Df76SicDqQJdz+I8KdtbSMDLxBIkxuJvngmsV6i87o5tPsz0xrGpJlWU+kJwNo4quKFra8t7j51mjnSg2UDyj4DGNBmP0S9uBNS16Qf+IMy3e2Jy4dIXi1x8kcmgYFAu/KbySYB65oq9EG7gZuPpVB9N5shnzEB0N7Iud4AFZ2OHeGJ0Y29qkcZ4AveHB8fcDCeymws5fztqcNVbevQv1sLlkfllaUgKUd6kKVVQgCqJpYwunR+yR/roI4PaPC8i0OwXG0l9H+8opNfPRX3nnfqM+P0hVsCpPOmY/3Sw9m32vihz2z7EpM3bgQc5RY0ABJspOvTb3VxNTG0JPiDUEIUxuM/+KWDIiSmVXplP/Pv42YJrZfDrbUiBtczt2+NtnnNqlaVCtcTxOz7Y4ik02m6HOuvfatianXXqLeuD566oMxByn26itF18pUi7mwVYgCnRI+988cphVYrdtxkpivsd1c52JKluJtO152AcuP73QMuiIpM2tIjwexWSRhh4NrQ7RTzMdicl/3V7JfiVuGaMMWAALudUvP4TE3wCEy44Tn88RdlqAZLnVY8E8OnxhvkSr7RuMaftkHe8IkD68ifCPTH/ehjOo6rxNNy8oW1XrayNaftAarXEaCWi2ZwbxcoP5ejWtJhd2VHjaIyUg17CaJFDJdWAfOFeGZPj5DI+OvvVpKjEvUEElJYH9A4UON6wkGAGFmwWCW1MnnOu7Ln1dw+UimKQ==
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: TbFI3pa31eI0l+4cKWGyBIe5nBZ4mRD8GFiVvSgmndqj2P1nRy5j42H5l9Y8LqOTSxxHdQbIsbFLZRYCbeQcBRAhSrIqvLTqk6gbK2pxjEKer8DRyzNCA+lSwZcxxYbUv8V+K3ltTW7dB9uQJhYP0CwyyePAlUanpRZDkIPnYHAguYms0QYCBu2Dmcu+b+VfNCtPttVDDt48J8qwvCFTZJIO9RknR5gvYPMUGNGheIM/IOb5vSmoXsLYKJY0j/7a1pyoOW0IAM8UEceMGLkhKkotG6h7BCWJfaX7bqnkPeuCeVVJfN6qaT2nolE0XwOxJNlgFGjdnRVIgGNqFDl8IsmHY+Ss6hFeEQx8eDL8NrdI7eStK6hzgsNEAI5fUdK267Th0FYPxcmFY6fJLzsVkUYimxA8igdcxrNTs8iwpDw=
X-Microsoft-Exchange-Diagnostics: 1; DM6PR01MB5530; 6:BN8pLpZoi/UmKj5drfEGxKspjr06c2HQ31OjA4pHJJZX2F6CIsX3bkAtpI60kDcv/dCJcGvpPiNlwzOdVEz9PgpAHJ+rHzCRkySU2QC1swnfLpuaEgR2Z7YHSVaMvXzrwOwqpd0RGosybYr588WwKoxPFqv67GsCyyDalwPBzQmZ48T7LcMVgxEtYzOBRHGXZ0jsT1BhzVV4ht3toSFct6g6kNmI2ZmuRWAyBZWDkmDZu/TzYjTQGKyjMEh/jh514t7RGlaz+0UTy4BBtZ2UzCtcGa1Sb+gxejfeopaI/fSuJnOUkAVMFSC+zd/0m1e4EJoA7ov5MuuaFr2EfWqpHSSj8SGA1O5QAAzvGi8nSnrtMgMTAmYjnbn4DsgMSh0DZx5e/SFYswiQD4k66G5JpuIwv2jErfvDaiDDlyELn2nlt/6VxD0vTkmzQygYNWlzcgI94WLZIXWQnKU2s1Q2DQ==; 5:nhpfvGYw2mRC0nvHwunL6sn982MQv5eZJtJ4X6QzyS0Dyi9tAJDK5WdY3bgG4yHi7P7SVO+F5ReeFgxD1Noo3wY8FhKPsEQt/DyC+08eUuhiewr8pf4tsR88Nx01abvdSh64cq6QzgA5bRtDzd0vuz49BXfAH0XPaH+FaMD9WCrSUNwNzEPkvcvFb/ke+AZM8SK+LKkqRJugDKUYYSAxBA==; 7:nwXIMEpvLTE5hJ+80bA6EUEtl0A3IAIqFMz987iMLMLmtytjnypTMsCuOjHTqSH67BnTWmQeyIJOMD0ia4ekE0eVPC5VQ1LswImycp/+ki/UZ4KddJKQqkiIicMJuBSdTfxhwUhLnu34KD4yn9tThA==
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2019 02:26:04.7258 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 6fef3b40-997f-4dfe-4d0d-08d6776c234d
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB5530
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/OgCQVHPYVvktloirkumYSfD423c>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Jan 2019 02:26:10 -0000

On Wed, Jan 09, 2019 at 11:52:49PM -0500, Daniel Kahn Gillmor wrote:
> 
> Does no one else see this as a problem?  if not, i'll just shut up about
> it and let things break, i guess.  it's not like the ecosystem has never
> run into transvalidity problems and unreliable root stores before, this
> is just new and interesting automated ways to arrive there…

I am late to the party, but I am happy that you are continuing to drive the
discussion, and it seems to be making good progress.

Thanks to both of you for keeping talking it through!

-Ben

v2.23.0 | Report a Bug | By Email