IETF Logo Mail Archive

Re: [Lurk] [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 14 April 2017 08:23 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3001127275; Fri, 14 Apr 2017 01:23:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SASwinCAO2RF; Fri, 14 Apr 2017 01:23:34 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 796D7124D6C; Fri, 14 Apr 2017 01:23:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1492158213; x=1523694213; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=m+WL7c4SobG7jRbPLlFibPsbZjSTl0tA+vMUX59Vzaw=; b=rbKml5FvdZS/cnZtGv5Lm1XvfIHGumYhK4w+QSD+YEfzuwTPruWKqNVB zO1pRrswMRbnUCQlq6bQnRTDI3terfko3H38I7nfaJPKKoSCLznokmXKv fAmV9zz1g1sdtKScJSjVxD1QwqSWUohGryTynSDc9+hYaT4N2YVE5hyUd 6pWOAg4dgjOz+IlNo0SSRs0CMO3ES+UxsU7i508ZDBtwKPVL+Up+9AuNP 9fh6hUY8qrJSTY+tfEe5VKS2kJX4k/PCu7gUCVin/CNM7Lx2+nw6OuX6f zczshXFx1nSApmYzM30QsVxG5Y+sXERDi2ZA2cNxFB01aQPJEaDXNjLCs A==;
X-IronPort-AV: E=Sophos;i="5.37,197,1488798000"; d="scan'208";a="149942244"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-ogg-b.UoA.auckland.ac.nz) ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 14 Apr 2017 20:23:29 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.23) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 14 Apr 2017 20:23:29 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::3ccc:9df5:6df4:210e]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::3ccc:9df5:6df4:210e%14]) with mapi id 15.00.1263.000; Fri, 14 Apr 2017 20:23:29 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Russ Housley <housley@vigilsec.com>, IETF TLS <tls@ietf.org>, IETF LURK <lurk@ietf.org>
Thread-Topic: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts
Thread-Index: AQHSs8PW+bNvvlEs1UyLQIXhszxKaaHBdeSAgAADYACAAw/UNQ==
Date: Fri, 14 Apr 2017 08:23:28 +0000
Message-ID: <1492158199957.63303@cs.auckland.ac.nz>
References: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com> <CABcZeBPs-gbkMg4BDU7+AY9y7GPfNUiVPRPHPqF-CSuYn4m2EA@mail.gmail.com> <CAL02cgQzK4vMKSUax+=DO=mXWwFXt9xyWiXW2wmnJq30U7unrg@mail.gmail.com>, <EBBA47F7-F521-429B-903A-CDF4F1111FDA@vigilsec.com>
In-Reply-To: <EBBA47F7-F521-429B-903A-CDF4F1111FDA@vigilsec.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/OU5vzXVrXZDGeW9huQGN52AHbpc>
Subject: Re: [Lurk] [TLS] WG Call for adoption of draft-rescorla-tls-subcerts
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 08:23:36 -0000

Russ Housley <housley@vigilsec.com> writes:

>I want to see a solution to this problem, but I think we should look at RFC
>3820, X.509 Proxy Certificate Profile.  I know that this was implemented, but
>I do not know if it is still in use.

It's fairly heavily used in grid computing.  It would probably be used outside
that environment as well if people knew it existed, meaning that I have on a
number of occasions encountered people who needed something like proxy certs
but were kludging around it in various ugly ways because they didn't know they
existed.

Peter.

v2.23.0 | Report a Bug | By Email