[pkix] MUD Draft - was Re: [saag] Fwd: Is it time for a pkix extensions (or similar) wg?
"Tom Gindin" <tgindin@us.ibm.com> Mon, 15 February 2016 02:32 UTC
Return-Path: <tgindin@us.ibm.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E216B1A874F for <pkix@ietfa.amsl.com>; Sun, 14 Feb 2016 18:32:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jbZM4Vr8qtj for <pkix@ietfa.amsl.com>; Sun, 14 Feb 2016 18:32:52 -0800 (PST)
Received: from e17.ny.us.ibm.com (e17.ny.us.ibm.com [129.33.205.207]) (using TLSv1.2 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B5AF1A6FD6 for <pkix@ietf.org>; Sun, 14 Feb 2016 18:32:52 -0800 (PST)
Received: from localhost by e17.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 14 Feb 2016 21:32:50 -0500
Received: from d01dlp01.pok.ibm.com (9.56.250.166) by e17.ny.us.ibm.com (146.89.104.204) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Sun, 14 Feb 2016 21:32:49 -0500
X-IBM-Helo: d01dlp01.pok.ibm.com
X-IBM-MailFrom: tgindin@us.ibm.com
X-IBM-RcptTo: pkix@ietf.org
Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com [9.57.198.25]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 421CD38C8026 for <pkix@ietf.org>; Sun, 14 Feb 2016 21:32:48 -0500 (EST)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u1F2Wmoo33816706 for <pkix@ietf.org>; Mon, 15 Feb 2016 02:32:48 GMT
Received: from d01av04.pok.ibm.com (localhost [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u1F2Wl4P007190 for <pkix@ietf.org>; Sun, 14 Feb 2016 21:32:47 -0500
Received: from d50lp01.ny.us.ibm.com (d50lp01.pok.ibm.com [146.89.104.207]) by d01av04.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id u1F2WlP0007183 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <pkix@ietf.org>; Sun, 14 Feb 2016 21:32:47 -0500
Message-Id: <201602150232.u1F2WlP0007183@d01av04.pok.ibm.com>
Received: from /spool/local by d50lp01.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <pkix@ietf.org> from <tgindin@us.ibm.com>; Sun, 14 Feb 2016 21:32:47 -0500
Received: from smtp.notes.na.collabserv.com (192.155.248.82) by d50lp01.ny.us.ibm.com (158.87.18.20) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256/256) Sun, 14 Feb 2016 21:32:44 -0500
Received: from /spool/local by smtp.notes.na.collabserv.com with smtp.notes.na.collabserv.com ESMTP for <pkix@ietf.org> from <tgindin@us.ibm.com>; Mon, 15 Feb 2016 02:32:43 -0000
Received: from us1a3-smtp02.a3.dal06.isc4sb.com (10.106.154.103) by smtp.notes.na.collabserv.com (10.106.227.105) with smtp.notes.na.collabserv.com ESMTP; Mon, 15 Feb 2016 02:32:42 -0000
Received: from us1a3-mail59.a3.dal09.isc4sb.com ([10.142.3.90]) by us1a3-smtp02.a3.dal06.isc4sb.com with ESMTP id 2016021502344624-100956 ; Mon, 15 Feb 2016 02:34:46 +0000
In-Reply-To: <56B492B0.8070700@cisco.com>
To: Eliot Lear <lear@cisco.com>
From: Tom Gindin <tgindin@us.ibm.com>
Date: Sun, 14 Feb 2016 21:32:41 -0500
References: <56B48DED.5080202@cs.tcd.ie> <56B48E7D.30309@cs.tcd.ie> <56B492B0.8070700@cisco.com>
MIME-Version: 1.0
X-KeepSent: A0896061:5AFD9992-85257F5A:000B690E; type=4; name=$KeepSent
X-Mailer: IBM Notes Release 9.0.1FP5 Octobe4, 2013
X-LLNOutbound: False
X-Disclaimed: 63719
X-TNEFEvaluated: 1
Content-Type: multipart/alternative; boundary="=_alternative 000DFA1085257F5A_="
x-cbid: 16021502-0041-0000-0000-000003490CDC
X-IBM-ISS-SpamDetectors: Score=0.4332; BY=0; FL=0; FP=0; FZ=0; HX=0; KW=0; PH=0; SC=0.4332; ST=0; TS=0; UL=0; ISC=
X-IBM-ISS-DetailInfo: BY=3.00004922; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000144; SDB=6.00660061; UDB=6.00299932; UTC=2016-02-15 02:32:42
x-cbparentid: 16021502-9900-0000-0000-0000061E32CB
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/3kelhVPerx-WXJCS88wes9ns3wU>
Cc: pkix@ietf.org
Subject: [pkix] MUD Draft - was Re: [saag] Fwd: Is it time for a pkix extensions (or similar) wg?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 02:32:55 -0000
I think the MUD syntax part of your draft's section 2 would be more typical in PKIX, and no less clear, if it looked like this: The MUD URI is a non-critical Certificate extension that points to an on-line Manufacturer Usage Description concerning the certificate subject. This extension contains a single Uniform Resource Identifier (URI). Internationalized Resource Identifiers must be represented as URI's in the way described in RFC 5280, section 7.4. The semantics of the URI are defined in [I-D.lear-ietf-netmod-mud]. id-pe-mudURI OBJECT IDENTIFIER ::= { id-pe TBD } MudURISyntax ::= { IA5String } Tom Gindin P.S. The opinions above are mine, and not necessarily those of my employer From: Eliot Lear <lear@cisco.com> To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, pkix@ietf.org Date: 02/05/2016 07:17 AM Subject: Re: [pkix] [saag] Fwd: Is it time for a pkix extensions (or similar) wg? Sent by: "pkix" <pkix-bounces@ietf.org> Hi Stephen, and thanks for this note. Please see below: On 2/5/16 12:58 PM, Stephen Farrell wrote: > > Hiya, > > We seem to be seeing a number of drafts that folks are > writing that define new certificate extensions or that > want to update/modify PKIX specs. > > Do folks think it is now time to form a working group > to process those? > > If no, please say why. > > If yes, please say what draft(s) and propose any other > scoping. If you know of people who are or would implement > and deploy, that is very useful information. (It is fine > to say "I think we should work on topic <foo>" but it is > *much* better if you can point at a draft you've written > about <foo> and say that you or someone is implementing > that and that it'll get deployed.) I've written draft-lear-ietf-pkix-mud-extension-00.txt that talks about something called a manufacturer usage description. The idea is to provide a means for local networks to retrieve recommendations from manufacturers on what sort of access their devices should have. This extension is intended for use in the context of IEEE 802.1AR. It definitely could use a good set of eyes on it. We are currently in the lab with the concept now. > > If you think this requires face to face discussion at > IETF95 (e.g. to tease out scope) please say that too. I am personally okay with any approach to move forward, whether that's a WG, doing something AD-sponsored, or something else. I'm hoping that as non-critical constraints go this one is not particularly controversial. If a working group is the best way, I would just ask that this draft be included in scope ;-) Eliot [attachment "signature.asc" deleted by Tom Gindin/Watson/IBM] _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] Is it time for a pkix extensions (or s… Miller, Timothy J.
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- Re: [pkix] Is it time for a pkix extensions (or s… Peter Bowen
- Re: [pkix] Is it time for a pkix extensions (or s… Alexey Melnikov
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- [pkix] Is it time for a pkix extensions (or simil… Stephen Farrell
- Re: [pkix] [saag] Fwd: Is it time for a pkix exte… Eliot Lear
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- Re: [pkix] Is it time for a pkix extensions (or s… Eliot Lear
- Re: [pkix] Is it time for a pkix extensions (or s… Miller, Timothy J.
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- Re: [pkix] Is it time for a pkix extensions (or s… Miller, Timothy J.
- Re: [pkix] Is it time for a pkix extensions (or s… Stephen Farrell
- Re: [pkix] Is it time for a pkix extensions (or s… Phillip Hallam-Baker
- Re: [pkix] Is it time for a pkix extensions (or s… Miller, Timothy J.
- Re: [pkix] Is it time for a pkix extensions (or s… Wei Chuang
- [pkix] Email address matching rules (was Re: Is i… David A. Cooper
- Re: [pkix] Email address matching rules (was Re: … Eliot Lear
- Re: [pkix] Email address matching rules (was Re: … David A. Cooper
- Re: [pkix] Email address matching rules (was Re: … Eliot Lear
- Re: [pkix] Email address matching rules (was Re: … David A. Cooper
- Re: [pkix] Email address matching rules (was Re: … Miller, Timothy J.
- Re: [pkix] Email address matching rules (was Re: … Miller, Timothy J.
- Re: [pkix] Email address matching rules (was Re: … David A. Cooper
- Re: [pkix] Email address matching rules (was Re: … Peter Bowen
- Re: [pkix] Email address matching rules (was Re: … Russ Housley
- Re: [pkix] Email address matching rules (was Re: … David A. Cooper
- Re: [pkix] Email address matching rules (was Re: … Eliot Lear
- Re: [pkix] Email address matching rules (was Re: … Tom Gindin
- [pkix] MUD Draft - was Re: [saag] Fwd: Is it time… Tom Gindin
- Re: [pkix] Email address matching rules (was Re: … Wei Chuang
- Re: [pkix] Email address matching rules (was Re: … Russ Housley
- Re: [pkix] Email address matching rules (was Re: … Tom Gindin
- Re: [pkix] Email address matching rules (was Re: … Wei Chuang
- Re: [pkix] Email address matching rules (was Re: … Wei Chuang
- Re: [pkix] Email address matching rules, this is … John R Levine