IETF Logo Mail Archive

[pkix] MUD Draft - was Re: [saag] Fwd: Is it time for a pkix extensions (or similar) wg?

"Tom Gindin" <tgindin@us.ibm.com> Mon, 15 February 2016 02:32 UTC

Return-Path: <tgindin@us.ibm.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E216B1A874F for <pkix@ietfa.amsl.com>; Sun, 14 Feb 2016 18:32:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jbZM4Vr8qtj for <pkix@ietfa.amsl.com>; Sun, 14 Feb 2016 18:32:52 -0800 (PST)
Received: from e17.ny.us.ibm.com (e17.ny.us.ibm.com [129.33.205.207]) (using TLSv1.2 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B5AF1A6FD6 for <pkix@ietf.org>; Sun, 14 Feb 2016 18:32:52 -0800 (PST)
Received: from localhost by e17.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 14 Feb 2016 21:32:50 -0500
Received: from d01dlp01.pok.ibm.com (9.56.250.166) by e17.ny.us.ibm.com (146.89.104.204) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Sun, 14 Feb 2016 21:32:49 -0500
X-IBM-Helo: d01dlp01.pok.ibm.com
X-IBM-MailFrom: tgindin@us.ibm.com
X-IBM-RcptTo: pkix@ietf.org
Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 421CD38C8026 for <pkix@ietf.org>; Sun, 14 Feb 2016 21:32:48 -0500 (EST)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u1F2Wmoo33816706 for <pkix@ietf.org>; Mon, 15 Feb 2016 02:32:48 GMT
Received: from d01av04.pok.ibm.com (localhost [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u1F2Wl4P007190 for <pkix@ietf.org>; Sun, 14 Feb 2016 21:32:47 -0500
Received: from d50lp01.ny.us.ibm.com (d50lp01.pok.ibm.com [146.89.104.207]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id u1F2WlP0007183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <pkix@ietf.org>; Sun, 14 Feb 2016 21:32:47 -0500
Message-Id: <201602150232.u1F2WlP0007183@d01av04.pok.ibm.com>
Received: from /spool/local by d50lp01.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 14 Feb 2016 21:32:47 -0500
Received: from smtp.notes.na.collabserv.com (192.155.248.82) by d50lp01.ny.us.ibm.com (158.87.18.20) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256/256) Sun, 14 Feb 2016 21:32:44 -0500
Received: from /spool/local by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP for <pkix@ietf.org> from <tgindin@us.ibm.com>; Mon, 15 Feb 2016 02:32:43 -0000
Received: from us1a3-smtp02.a3.dal06.isc4sb.com (10.106.154.103) by smtp.notes.na.collabserv.com (10.106.227.105) with smtp.notes.na.collabserv.com ESMTP; Mon, 15 Feb 2016 02:32:42 -0000
Received: from us1a3-mail59.a3.dal09.isc4sb.com ([10.142.3.90]) by us1a3-smtp02.a3.dal06.isc4sb.com with ESMTP id 2016021502344624-100956 ; Mon, 15 Feb 2016 02:34:46 +0000
In-Reply-To: <56B492B0.8070700@cisco.com>
To: Eliot Lear <lear@cisco.com>
From: Tom Gindin <tgindin@us.ibm.com>
Date: Sun, 14 Feb 2016 21:32:41 -0500
References: <56B48DED.5080202@cs.tcd.ie> <56B48E7D.30309@cs.tcd.ie> <56B492B0.8070700@cisco.com>
MIME-Version: 1.0
X-KeepSent: A0896061:5AFD9992-85257F5A:000B690E; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP5 Octobe4, 2013
X-LLNOutbound: False
X-Disclaimed: 63719
X-TNEFEvaluated: 1
Content-Type: multipart/alternative; boundary="=_alternative 000DFA1085257F5A_="
x-cbid: 16021502-0041-0000-0000-000003490CDC
X-IBM-ISS-SpamDetectors: Score=0.4332; BY=0; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.4332; ST=0; TS=0; UL=0; ISC=
X-IBM-ISS-DetailInfo: BY=3.00004922; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000144; SDB=6.00660061; UDB=6.00299932; UTC=2016-02-15 02:32:42
x-cbparentid: 16021502-9900-0000-0000-0000061E32CB
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/3kelhVPerx-WXJCS88wes9ns3wU>
Cc: pkix@ietf.org
Subject: [pkix] MUD Draft - was Re: [saag] Fwd: Is it time for a pkix extensions (or similar) wg?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 02:32:55 -0000

        I think the MUD syntax part of your draft's section 2 would be 
more typical in PKIX, and no less clear, if it looked like this:
The MUD URI is a non-critical Certificate extension that points
 to an on-line Manufacturer Usage Description concerning the certificate 
subject.  This extension contains a single Uniform Resource Identifier 
(URI).  Internationalized Resource Identifiers must be represented as 
URI's in the way described in RFC 5280, section 7.4.  The semantics of the 
URI are defined in [I-D.lear-ietf-netmod-mud].
 
   id-pe-mudURI OBJECT IDENTIFIER ::= { id-pe TBD }



   MudURISyntax ::= { IA5String }


Tom Gindin
P.S.    The opinions above are mine, and not necessarily those of my 
employer



From:   Eliot Lear <lear@cisco.com>
To:     Stephen Farrell <stephen.farrell@cs.tcd.ie>, pkix@ietf.org
Date:   02/05/2016 07:17 AM
Subject:        Re: [pkix] [saag] Fwd: Is it time for a pkix extensions 
(or similar) wg?
Sent by:        "pkix" <pkix-bounces@ietf.org>



Hi Stephen, and thanks for this note.  Please see below:

On 2/5/16 12:58 PM, Stephen Farrell wrote:
>
> Hiya,
>
> We seem to be seeing a number of drafts that folks are
> writing that define new certificate extensions or that
> want to update/modify PKIX specs.
>
> Do folks think it is now time to form a working group
> to process those?
>
> If no, please say why.
>
> If yes, please say what draft(s) and propose any other
> scoping. If you know of people who are or would implement
> and deploy, that is very useful information. (It is fine
> to say "I think we should work on topic <foo>" but it is
> *much* better if you can point at a draft you've written
> about <foo> and say that you or someone is implementing
> that and that it'll get deployed.)

I've written draft-lear-ietf-pkix-mud-extension-00.txt that talks about
something called a manufacturer usage description.  The idea is to
provide a means for local networks to retrieve recommendations from
manufacturers on what sort of access their devices should have.  This
extension is intended for use in the context of IEEE 802.1AR.

It definitely could use a good set of eyes on it.  We are currently in
the lab with the concept now.
>
> If you think this requires face to face discussion at
> IETF95 (e.g. to tease out scope) please say that too.

I am personally okay with any approach to move forward, whether that's a
WG, doing something AD-sponsored, or something else.  I'm hoping that as
non-critical constraints go this one is not particularly controversial. 
If a working group is the best way, I would just ask that this draft be
included in scope ;-)

Eliot

[attachment "signature.asc" deleted by Tom Gindin/Watson/IBM] 
_______________________________________________
pkix mailing list
pkix@ietf.org
https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email