Re: What ASN.1 got right

Michael Thomas <mike@mtcc.com> Wed, 03 March 2021 01:09 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01E153A15B5 for <ietf@ietfa.amsl.com>; Tue, 2 Mar 2021 17:09:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qn-8zN_AMd2Q for <ietf@ietfa.amsl.com>; Tue, 2 Mar 2021 17:09:10 -0800 (PST)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 003F63A15B3 for <ietf@ietf.org>; Tue, 2 Mar 2021 17:09:09 -0800 (PST)
Received: by mail-pg1-x533.google.com with SMTP id b21so15098491pgk.7 for <ietf@ietf.org>; Tue, 02 Mar 2021 17:09:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc.com; s=fluffulence; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=xbuv8nbr88sEjVzUhr4lzicGx8WK9EWymcACN8F2xFI=; b=bXRUXOFGMNKwuVJVT6xmefzUoVZStQ547zOD1UKEyOnJAc2kEhxejOgRqDEm2Prs5m PyNNOWsBBzZryBtShVIycCL5zmvOybQrf5D4bRMG1jzu6ku63wk3f3AwftOyrav0EV1t 5P0A9a67j9Irgim8xWRL8iaZa3st1/rBCnID98eLrmUt8LyM2XCFWyYY5OB/Txi13EJE dFbmihJYeUsfOU4th4OzfV4tsAgKt9B3jNuWVsEBGm9FrweCDbEMMCdq+oN0NL3WHhkl +Dp1S7LR5NSvJkwYruJey9Jv+lOdbEybYfOMahuuJ5ixHiz8i8VzX82c2OtaMbjB0MGE M6qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=xbuv8nbr88sEjVzUhr4lzicGx8WK9EWymcACN8F2xFI=; b=d2rNyCgkM88hHYDu+eBpU+YRXYIAPdQ1mi4X9UUwEI1ybRtUk4p+/LOm84R/Y104N4 ck3LRnCXLTH8/Cjd0iSx9sgrkJztttnb/ZMpIYm77vT5dyTUbiBg5INNwH1/qFAisGWj cdijBRJdoOvDANLY2ZX+RwiuRbPa1E/Qw7macPSMX9MRFP/YV56aBmcbRKtG5lUEePiK febqH81ek54LLUDVcece+DZeel/E6dUecofI7oOvz1yxHBdJD5YqWW/NuB6fbKxMEJCp 2+IDPDoJD05XlIIb9idIA/pXJjWR2dfmWowyDufwK1A0HYdOoMZJQMzrpUV3PYVlrTyz ewIA==
X-Gm-Message-State: AOAM531QjhO7wl/AivgiYXPKQ+m5h8Orn3EQi8k51aFGBAejVjzXjvsc 0/UQLKG3eHe8RgABph01h81wx3GzNRmSBQ==
X-Google-Smtp-Source: ABdhPJyyuogmAbNpELYbWP3FNDanKlkkCvFyxFo0KBg0GSqRozBpx66rAsxlXFs5f2X1Z9aD7XmqgQ==
X-Received: by 2002:aa7:947d:0:b029:1ed:a78c:59ea with SMTP id t29-20020aa7947d0000b02901eda78c59eamr5599469pfq.36.1614733748775; Tue, 02 Mar 2021 17:09:08 -0800 (PST)
Received: from mike-mac.lan ([206.107.197.192]) by smtp.gmail.com with ESMTPSA id m12sm4601353pjk.47.2021.03.02.17.09.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Mar 2021 17:09:08 -0800 (PST)
Subject: Re: What ASN.1 got right
To: Nico Williams <nico@cryptonector.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF Discussion Mailing List <ietf@ietf.org>
References: <CAMm+Lwj8QwuqaA3f625Ui8arc0TxY3uLXbG-PKToWGdtq8az6w@mail.gmail.com> <613072c6-5518-91e3-41b9-3b7590ee2346@mtcc.com> <CAMm+LwiEqL3bMg09e5NBNZwkPJ90DmQgLTy=SQNEN0q=vp=wrQ@mail.gmail.com> <ed6830b3-e650-d3fa-b253-9f53e01f9615@mtcc.com> <CAMm+LwifpPg-Sg9cXLpWvjmExt8KfuYq6oRZd4D1L0ZBR3nRFg@mail.gmail.com> <1631e20d-9d8a-b8c2-9d5e-6c7f4defa72d@mtcc.com> <20210302234928.GX30153@localhost> <cb4960e2-05a1-9d28-f17b-9f610ac378c9@mtcc.com> <20210303002330.GZ30153@localhost> <7d70044c-88e8-0165-5ce3-4c8612965f16@mtcc.com> <20210303005747.GC30153@localhost>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <13c4899d-9893-4a9e-3deb-904367ad2e35@mtcc.com>
Date: Tue, 2 Mar 2021 17:09:06 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <20210303005747.GC30153@localhost>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/yU5MbcntOCRyzERKyyAp4afdvK8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2021 01:09:11 -0000

On 3/2/21 4:57 PM, Nico Williams wrote:
> On Tue, Mar 02, 2021 at 04:43:10PM -0800, Michael Thomas wrote:
>>>> Is anybody using PKINIT?
>>> Yes.
>> Where? In any volume?
> Corporate networks.  The only place where Kerberos is used.

Really? What is the use case? I'm under the impression that Kerberos has 
mostly been relegated to Active Directory and that's about it. I like 
Kerberos, fwiw.

Mike