Re: [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

Sean Turner <sean@sn3rd.com> Thu, 18 May 2017 22:58 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 406C8128C82 for <lurk@ietfa.amsl.com>; Thu, 18 May 2017 15:58:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-MhyJSMXGRB for <lurk@ietfa.amsl.com>; Thu, 18 May 2017 15:58:45 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68B6D12955D for <lurk@ietf.org>; Thu, 18 May 2017 15:53:31 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id k74so48806427qke.1 for <lurk@ietf.org>; Thu, 18 May 2017 15:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=v49H+JODZiTVVLX6dcv5QyZDC+YwvnC1YyUNUw0FmWQ=; b=J4DWq9BDilzFVochjwG26lxg/M8BwuWw5Q1TZORc0Nf7vjIOGK5kDVQopX3CGjYVKp ELSrNkvE1K+7lfOWft82Tbab5+7coUHTjVPoU9hSkntWQ4tEfW+L5eRMs4IEiLSmyUyH RZYWxQF5eUBjePvZ8mAmeLs2B4KxtapK/ObFk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=v49H+JODZiTVVLX6dcv5QyZDC+YwvnC1YyUNUw0FmWQ=; b=E67BtVixVATZGcTVGk2aFatYr5WTXb/d07vNatYxvWcVZ1+hzGeolreWyfNt0z6LMF 4t9Wp4BxNFgBWQNRJPjWCuYOz2G+coenc4RhbrqAbYiZjIZFxl1bkVPEUfABaBHDDxtO UfW3UV9jZl142zsVUEX70FQuEHfbVbhMBK7wjY/s/HS6Tph19cTXxnlTX+060kT290sr rVFw1UXcQMgH84uBXVSG4HNqDFpQrdxPVIoPaI/7jKRWvsPgMguuNVz51g+GoTVlR+Ff YS6wbb1UOs5i7JZPp4kFOfYDEwwjWkeuGNjan4zVmlbCJ+eVOtqRNpQkBGJuzYY2XayX TtPg==
X-Gm-Message-State: AODbwcBzRFfX1Ii3jWJBgL4PC7zOF9cgqzmxrMimhf92Riq7ErPK181B jBVClf8t0vmA/zSKU9l8Tg==
X-Received: by 10.55.129.195 with SMTP id c186mr2487849qkd.255.1495148010651; Thu, 18 May 2017 15:53:30 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.219.90]) by smtp.gmail.com with ESMTPSA id x44sm4653457qtc.68.2017.05.18.15.53.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 May 2017 15:53:29 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com>
Date: Thu, 18 May 2017 18:53:28 -0400
Cc: lurk@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0956863E-7D11-47A7-BD67-5D9DB3A3574A@sn3rd.com>
References: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/1GgsTIM_NViVAqqeeB5SZsOd3KQ>
Subject: Re: [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 22:58:47 -0000

All,

During the WG call for adoption, a couple of questions were raised about comparison/analysis of sub-certs versus proxy and/or short-lived certificates.  There is some discussion currently in the draft, but the chairs feel that these issues need further discussion (and elaboration in the draft) prior to WG adoption.  So let’s keep the conversation going.

J&S

> On Apr 12, 2017, at 15:31, Sean Turner <sean@sn3rd.com> wrote:
> 
> All,
> 
> At our IETF 98 session, there was support in the room to adopt draft-rescorla-tls-subcerts [0].  We need to confirm this support on the list so please let the list know whether you support adoption of the draft and are willing to review/comment on the draft before 20170429.  If you object to its adoption, please let us know why.
> 
> Clearly, the WG is going to need to work through the trade-offs between short-lived certificates and sub-certs because both seem, to some, to be addressing the same problem. 
> 
> Cheers,
> 
> J&S
> 
> [0] https://datatracker.ietf.org/doc/html/draft-rescorla-tls-subcerts