IETF Logo Mail Archive

Re: [pkix] New Version Notification for draft-belyavskiy-certificate-limitation-policy-04.txt

Carl Wallace <carl@redhoundsoftware.com> Sun, 08 October 2017 14:16 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 578CF1342E0 for <pkix@ietfa.amsl.com>; Sun, 8 Oct 2017 07:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FUZZY_CPILL=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wRe6lB_8329 for <pkix@ietfa.amsl.com>; Sun, 8 Oct 2017 07:16:02 -0700 (PDT)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18BA913458F for <pkix@ietf.org>; Sun, 8 Oct 2017 07:16:01 -0700 (PDT)
Received: by mail-qk0-x233.google.com with SMTP id w134so21632860qkb.0 for <pkix@ietf.org>; Sun, 08 Oct 2017 07:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version:content-transfer-encoding; bh=hITRZf9hT6t0xdB4JdfHhLm8th9azff/CNVFokXBUJU=; b=J44fNxJnvKrUn0unURpamhOPuLFH83FExa0gTAYERixcweKmZdLib86G/jDUYD5QAa v1XQnJTXJ8591cdX0syPmey+edKEUTqnZJ82nwjRDgym5wsoxaCYM8neRkLr1llqarjM S5RV5UpGk99EbEkSctS8Dxz9vZ2ag9nQS1q2U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=hITRZf9hT6t0xdB4JdfHhLm8th9azff/CNVFokXBUJU=; b=M4Vmv5v8YS8of6RfYPit9StBJbSS+MSxMAl6VvVbgz/v7w/Njan6USiEExcCo99vCD LjrpzGreZfkWwVodEBgHCRItikrUVkKzdo7se8AN66caNqcSwl7aR7n0e/0XNR+bmk0E O+Pr7X9N+5NrQH0a/ba0MPoEPD9yaThz1vx/osTBHoPQisw5oRNZ6rXuVdZvGRgvQQXT jxjfpamL2jAwNSaKgUabXpqRrCGnIdHD4oq8jnuQGnSKUzZg6YspWMKcT1okc6cqFLz6 SrIO7tRW+hmkINJ8qr3HJa2XdS8I+EXgRIkaOeOT3+RZMpQpf7Vdif6zHDox+ZsLGxuq CfCA==
X-Gm-Message-State: AMCzsaUz1pGL46Se9zvp0+NR8CaN5Gnsc/MWC9f3turh8WL+KofaXLYT tTrLkoV5OSHDBhB5bC1BUMNsyQ==
X-Google-Smtp-Source: AOwi7QCta0ux/xhB3WHoo64t/jM1QOBHHQ4HNJiyr9MzumkNygno/2cu6IiMLruWKMVQYB8Mg2HPOA==
X-Received: by 10.55.18.28 with SMTP id c28mr6029124qkh.297.1507472161100; Sun, 08 Oct 2017 07:16:01 -0700 (PDT)
Received: from [192.168.2.246] (pool-173-66-76-215.washdc.fios.verizon.net. [173.66.76.215]) by smtp.googlemail.com with ESMTPSA id n45sm3663687qtf.51.2017.10.08.07.15.59 (version=TLS1 cipher=AES128-SHA bits=128/128); Sun, 08 Oct 2017 07:16:00 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.7.6.170621
Date: Sun, 08 Oct 2017 10:16:00 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Peter Bowen <pzbowen@gmail.com>, Dmitry Belyavsky <beldmit@gmail.com>
CC: LAMPS <spasm@ietf.org>, "<pkix@ietf.org>" <pkix@ietf.org>, "mozilla-dev-security-policy@lists.mozilla.org" <dev-security-policy@lists.mozilla.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <D5FFAB1A.A1310%carl@redhoundsoftware.com>
Thread-Topic: [pkix] New Version Notification for draft-belyavskiy-certificate-limitation-policy-04.txt
References: <150522092693.4724.2532571098567577114.idtracker@ietfa.amsl.com> <CADqLbz+OB86s4E-Ntr6eaEow+sBtxscJ703nGN+PAS7zQmJ==Q@mail.gmail.com> <CAK6vND90Fryurf4QZYnjaw8iMmhn7=pE4YgW+5R2i5ertMGWsg@mail.gmail.com>
In-Reply-To: <CAK6vND90Fryurf4QZYnjaw8iMmhn7=pE4YgW+5R2i5ertMGWsg@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/YqRSGSpRY8xWPR-TbeDrxkoNplg>
Subject: Re: [pkix] New Version Notification for draft-belyavskiy-certificate-limitation-policy-04.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Oct 2017 14:16:04 -0000

Also, RFC 5937 defines how to process the constraints from the 5914
structure.

On 10/7/17, 11:31 PM, "pkix on behalf of Peter Bowen"
<pkix-bounces@ietf.org on behalf of pzbowen@gmail.com> wrote:

>On Tue, Sep 12, 2017 at 5:59 AM, Dmitry Belyavsky via
>dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
>> Here is the new version of the draft updated according to the
>>discussion on
>> mozilla-dev-security list.
>
>Given that RFC 5914 already defines a TrustAnchorList and
>TrustAnchorInfo object and that the Trust Anchor List object is
>explicitly contemplated as being included in a signed CMS message,
>would it not make more sense to start from 5914 and define new
>extensions encode constraints not currently defined?
>
>Thanks,
>Peter
>
>_______________________________________________
>pkix mailing list
>pkix@ietf.org
>https://www.ietf.org/mailman/listinfo/pkix

v2.23.0 | Report a Bug | By Email