IETF Logo Mail Archive

Re: [pkix] [saag] Fwd: Is it time for a pkix extensions (or similar) wg?

Eliot Lear <lear@cisco.com> Fri, 05 February 2016 12:16 UTC

Return-Path: <lear@cisco.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F47B1B37A3 for <pkix@ietfa.amsl.com>; Fri, 5 Feb 2016 04:16:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TC-PkSStOX1M for <pkix@ietfa.amsl.com>; Fri, 5 Feb 2016 04:16:54 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AF3B1B37A1 for <pkix@ietf.org>; Fri, 5 Feb 2016 04:16:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2611; q=dns/txt; s=iport; t=1454674613; x=1455884213; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=fck6DcWpOCuWOCWLycUiT/6hZXjQZClgObgnmwJ2MXM=; b=dkLjkTn+1CzB9pQyqZRSKzBCrANuIThtt2VYWIhSmb81GXJ0lPl5Fpf6 r3kwQEMCnliCNnUqfKXwSo8+DyDAloR8wQf5B1hGPIeH4E5Lbm9bUhkTn qYrPQS0boPpID3NTxWSMuxj7qkEALVRn/b2Hb73QsoP3ZNjkoZgsYbOPb M=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CnBAA+krRW/xbLJq1ejVSxG4Fmhg0CgWkTAQEBAQEBAYEKhEIBAQQjVRELGAkWCwICCQMCAQIBRQYBDAgBAYgXsHSOagEBAQEBAQQBAQEBAQESCIlOe4cygToBBIdYjx2CfoFkiG6BW4RDgwOFUoVuiFAiAj6DZTuKKgEBAQ
X-IronPort-AV: E=Sophos;i="5.22,400,1449532800"; d="asc'?scan'208";a="649067158"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2016 12:16:49 +0000
Received: from [10.61.73.104] (ams3-vpn-dhcp2408.cisco.com [10.61.73.104]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u15CGnj8012374; Fri, 5 Feb 2016 12:16:49 GMT
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, pkix@ietf.org
References: <56B48DED.5080202@cs.tcd.ie> <56B48E7D.30309@cs.tcd.ie>
From: Eliot Lear <lear@cisco.com>
Message-ID: <56B492B0.8070700@cisco.com>
Date: Fri, 05 Feb 2016 13:16:48 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56B48E7D.30309@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="1QhTuiGusDFG1MtsTiXhAsEmQ8u7vS9ue"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/vLDaxZG6y1emIHO8Z7kn5F2BF6Q>
Subject: Re: [pkix] [saag] Fwd: Is it time for a pkix extensions (or similar) wg?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 12:16:55 -0000

Hi Stephen, and thanks for this note.  Please see below:

On 2/5/16 12:58 PM, Stephen Farrell wrote:
>
> Hiya,
>
> We seem to be seeing a number of drafts that folks are
> writing that define new certificate extensions or that
> want to update/modify PKIX specs.
>
> Do folks think it is now time to form a working group
> to process those?
>
> If no, please say why.
>
> If yes, please say what draft(s) and propose any other
> scoping. If you know of people who are or would implement
> and deploy, that is very useful information. (It is fine
> to say "I think we should work on topic <foo>" but it is
> *much* better if you can point at a draft you've written
> about <foo> and say that you or someone is implementing
> that and that it'll get deployed.)

I've written draft-lear-ietf-pkix-mud-extension-00.txt that talks about
something called a manufacturer usage description.  The idea is to
provide a means for local networks to retrieve recommendations from
manufacturers on what sort of access their devices should have.  This
extension is intended for use in the context of IEEE 802.1AR.

It definitely could use a good set of eyes on it.  We are currently in
the lab with the concept now.
>
> If you think this requires face to face discussion at
> IETF95 (e.g. to tease out scope) please say that too.

I am personally okay with any approach to move forward, whether that's a
WG, doing something AD-sponsored, or something else.  I'm hoping that as
non-critical constraints go this one is not particularly controversial. 
If a working group is the best way, I would just ask that this draft be
included in scope ;-)

Eliot

v2.23.0 | Report a Bug | By Email