IETF Logo Mail Archive

Re: [Lurk] [E] WG Call for adoption of draft-rescorla-tls-subcerts

sanjay.mishra@verizon.com Tue, 25 April 2017 17:57 UTC

Return-Path: <sanjay.mishra@verizon.com>
X-Original-To: lurk@ietfa.amsl.com
Delivered-To: lurk@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C132C1274D0; Tue, 25 Apr 2017 10:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=verizon.com header.b=pYUSjlqf; dkim=pass (1024-bit key) header.d=verizon.com header.b=SJdbCI8P; dkim=pass (1024-bit key) header.d=verizon.com header.b=F7oCKYVA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Erfzc9O4mr8z; Tue, 25 Apr 2017 10:57:34 -0700 (PDT)
Received: from omzsmtpe03.verizonbusiness.com (omzsmtpe03.verizonbusiness.com [199.249.25.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DED66131734; Tue, 25 Apr 2017 10:57:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1493143053; x=1524679053; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=fYHzoZsuJR0PFToEAsYEE2efDg2zJctF25Voe3oVSN8=; b=pYUSjlqfXqQoQmPDAOqqK2EU7nifWA46+VrzBWbfsu/3IA1kqXnVsc97 v3faJgDw/1Hjeii/cLvzF4czsoswNQaxAHGi1GprS2/Ozl0ij0IoqWo3Z X9vL0T6amLOxDv2zaBwxQ3Ee6I6Cz3SP3tmuTGZgenlBYVF8uMfyzm0AE w=;
X-IronPort-Anti-Spam-Filtered: false
Received: from unknown (HELO fldsmtpi03.verizon.com) ([166.68.71.145]) by omzsmtpe03.verizonbusiness.com with ESMTP; 25 Apr 2017 17:57:27 +0000
X-IronPort-AV: E=Sophos;i="5.37,250,1488844800"; d="scan'208";a="339166651"
Received: from rogue-10-255-192-101.rogue.vzwcorp.com (HELO atlantis.verizonwireless.com) ([10.255.192.101]) by fldsmtpi03.verizon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Apr 2017 17:56:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1493143013; x=1524679013; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=fYHzoZsuJR0PFToEAsYEE2efDg2zJctF25Voe3oVSN8=; b=SJdbCI8PHO+eQd6tf77W8CDs/MDqpPVzK1LL7V1RLhRRLDAT27LznsTf ha7Bxqv+S+aZUdg82JQGF5EbNXRBmc5CdzEXbq4hj000DvLmwZRjRvOdR 8UdN6VSGLWCg+1/4kSAGn6klMJr6pMojZUpuuBeIaK61aS2SUgYcWY5ia 0=;
Received: from ranger.odc.vzwcorp.com (HELO mercury.verizonwireless.com) ([10.255.240.27]) by atlantis.verizonwireless.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Apr 2017 13:56:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1493143013; x=1524679013; h=to:cc:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:from; bh=fYHzoZsuJR0PFToEAsYEE2efDg2zJctF25Voe3oVSN8=; b=F7oCKYVAUoy1cq2ekBQtlOMnORAQTut2Vt79D+SJeRyvvOxLED93BOac RC9G4v7gpTIjKT0ybmEYxtl9Ks2Roo4NqKA/3T95SbFKdNxZrYkTV7I48 EwhlizTUvznnbqtpykNKUMMG8h6lR19K3YUVdv1cm0YxgU8zLdRXOEZYk Y=;
From: sanjay.mishra@verizon.com
X-Host: ranger.odc.vzwcorp.com
Received: from gaalpexhub1.uswin.ad.vzwcorp.com ([10.191.138.195]) by mercury.verizonwireless.com with ESMTP/TLS/AES256-SHA; 25 Apr 2017 17:56:53 +0000
Received: from OMZP1LUMXCA05.uswin.ad.vzwcorp.com (144.8.22.175) by GAALPEXHUB1.uswin.ad.vzwcorp.com (10.191.138.195) with Microsoft SMTP Server (TLS) id 8.3.406.0; Tue, 25 Apr 2017 13:56:52 -0400
Received: from OMZP1LUMXCA08.uswin.ad.vzwcorp.com (144.8.22.181) by OMZP1LUMXCA05.uswin.ad.vzwcorp.com (144.8.22.175) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 25 Apr 2017 12:56:51 -0500
Received: from OMZP1LUMXCA08.uswin.ad.vzwcorp.com ([144.8.22.181]) by OMZP1LUMXCA08.uswin.ad.vzwcorp.com ([144.8.22.181]) with mapi id 15.00.1263.000; Tue, 25 Apr 2017 12:56:51 -0500
To: Sean Turner <sean@sn3rd.com>, "<tls@ietf.org>" <tls@ietf.org>
CC: "lurk@ietf.org" <lurk@ietf.org>
Thread-Topic: [E] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts
Thread-Index: AQHSs8NjdltynQ2yEkOLi1/Q6O7xoqHWbl0g
Date: Tue, 25 Apr 2017 17:56:51 +0000
Message-ID: <52a24cbdc02947d8948be0d66e493736@OMZP1LUMXCA08.uswin.ad.vzwcorp.com>
References: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com>
In-Reply-To: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.144.60.250]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lurk/hA7Y25PXVNJeAW8cV0ux1iCQOo8>
Subject: Re: [Lurk] [E] WG Call for adoption of draft-rescorla-tls-subcerts
X-BeenThere: lurk@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Limited Use of Remote Keys <lurk.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lurk>, <mailto:lurk-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lurk/>
List-Post: <mailto:lurk@ietf.org>
List-Help: <mailto:lurk-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lurk>, <mailto:lurk-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 17:57:36 -0000

I have reviewed the draft and I support adoption of this draft. Agree that both the short-lived certificate and subcerts are addressing a similar issue and perhaps tradeoffs can be considered. 

Thanks
Sanjay

-----Original Message-----
From: Lurk [mailto:lurk-bounces@ietf.org] On Behalf Of Sean Turner
Sent: Wednesday, April 12, 2017 3:31 PM
To: <tls@ietf.org>
Cc: lurk@ietf.org
Subject: [E] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

All,

At our IETF 98 session, there was support in the room to adopt draft-rescorla-tls-subcerts [0].  We need to confirm this support on the list so please let the list know whether you support adoption of the draft and are willing to review/comment on the draft before 20170429.  If you object to its adoption, please let us know why.

Clearly, the WG is going to need to work through the trade-offs between short-lived certificates and sub-certs because both seem, to some, to be addressing the same problem. 

Cheers,

J&S

[0] https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Drescorla-2Dtls-2Dsubcerts&d=DwICAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=9a_L6t5TdnDThojv7KBKmqsZzTGM6YylS2wfbAO9KK0&m=jR4l13smzl6mjhJNFZzBEcBkfCAl-bHE1ztPqmR8cSU&s=1-VoLJ98RM8Ke0Zyp2Qad4rw9aXhVeIkqqMVEhfGtuw&e= 
_______________________________________________
Lurk mailing list
Lurk@ietf.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_lurk&d=DwICAg&c=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ&r=9a_L6t5TdnDThojv7KBKmqsZzTGM6YylS2wfbAO9KK0&m=jR4l13smzl6mjhJNFZzBEcBkfCAl-bHE1ztPqmR8cSU&s=pquB3m1OmFta3X4qksEg1egdeKwrUVL4c5W4YFgkSu0&e=

v2.23.0 | Report a Bug | By Email