IETF Logo Mail Archive

Re: [saag] draft-iab-crypto-alg-agility-00

Ben Laurie <benl@google.com> Tue, 08 April 2014 14:06 UTC

Return-Path: <benl@google.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E70341A03F9 for <saag@ietfa.amsl.com>; Tue, 8 Apr 2014 07:06:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZaGCquDtsOvM for <saag@ietfa.amsl.com>; Tue, 8 Apr 2014 07:06:30 -0700 (PDT)
Received: from mail-vc0-x231.google.com (mail-vc0-x231.google.com [IPv6:2607:f8b0:400c:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id 8E9991A03E2 for <saag@ietf.org>; Tue, 8 Apr 2014 07:06:26 -0700 (PDT)
Received: by mail-vc0-f177.google.com with SMTP id if17so775116vcb.22 for <saag@ietf.org>; Tue, 08 Apr 2014 07:06:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vbrKEI6TglnDTEow907XTqtQI8q+Q5LSTa6S7k8+5Y4=; b=kiXoiRpU296wEm+NN2iUAIz96okMk3VtvQis0er2mj2INzlbFSLlBM1pPPFk0Xb/KN QRThQ0vVHbI+ixbw3usmWm5Vq85YuLuUdGB8vNs6yT8/yJcHOlk1phlf1YGPSokuWwhE DqkX7RixSjKk7rSJwgnnuGDymbqDvpVMekZ8VeWGsXGAAHhL2OPkV67VnKNlTWVeJuVo LLehtrJ1lYqyAkGK9zp08Km8euFOHn4isCweg8Cg62SEokB/lsScgYFzXfJUIa4G6NsR P0FWnhBdez5VjOWlyaH0jfTYBlPLlainLPRZpSIKEEnWBjl2EoKzL/F5z8hwcb7+bxvX 11Og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vbrKEI6TglnDTEow907XTqtQI8q+Q5LSTa6S7k8+5Y4=; b=FvEjIQ91QFpPJJ4oYRulSxpCsim6+G2oZ4t0Q59tVzYn0GGP4XNJ2xOeke4HPsb07o /TJmfqPCKDneS6uvltfAtkvOkrO21E+YuenKXQqBxv4R9PDI5v/TGs8stEaq3MtEHOtg 2dYT+Wvqy8v5tczl4y8fPHae347H7jeJud/R/an6enBbMHoyJhm4xMaNL1WHnP774ke6 AjMAno5w+7irIiE+LBKfQnzie2XdKtjQJvpUeHLTbnKK7iqpt4gil1C42E7CJsaxqTD8 zX/lDccq28Geptpi4z8KgO2fMO2mLeZ/KyV+WDVVcbNKGEEcwjQgk9Q9Xihvr3AGZOMB RK9w==
X-Gm-Message-State: ALoCoQlMEXAFJSquHb/okoHhgMFrS6tH4Cc8Ew7BzaUEKXVOdzCPhObp8era6mpbjGkzUGiepZE6cVp84tGtImXwFTPjwEIBIjOPBJ/Wat+qe4C95BwjxH/UG1sEbx/L0f09orrcnlYghgY/BsuWS+MqLD8yDeIO2nZ2oQiV4nDYKja9nPdetr+TGcWUvNB4LtJdHhdlKQ1h
MIME-Version: 1.0
X-Received: by 10.52.128.231 with SMTP id nr7mr2851040vdb.17.1396965986202; Tue, 08 Apr 2014 07:06:26 -0700 (PDT)
Received: by 10.52.119.179 with HTTP; Tue, 8 Apr 2014 07:06:26 -0700 (PDT)
In-Reply-To: <5342E65C.5070309@bbn.com>
References: <5999195E-9073-4649-A224-BF71BA61CBAF@vigilsec.com> <CAG5KPzzqSQ++YpQcnYesecL0GQ0+J0ieMXBrNk6txMAC58xEQQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD0@USMBX1.msg.corp.akamai.com> <6.2.5.6.2.20140406121529.0bd2d730@resistor.net> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04EBD7@USMBX1.msg.corp.akamai.com> <CAG5KPzxihe+k0x0njC+BANacmrrQyfU5RAY_EYcMYW2rx8DZfw@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7120A04ED14@USMBX1.msg.corp.akamai.com> <CAG5KPzzzmJhcPfs0cJuS3f8Lu_Rua9dj0XWaOZ0RQ0Mwyd+egw@mail.gmail.com> <5342E65C.5070309@bbn.com>
Date: Tue, 8 Apr 2014 15:06:26 +0100
Message-ID: <CABrd9ST8rKgRNit3tpL3bqwjMZBOheiyywqY7HpQh_cqAZaYgg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Kent <kent@bbn.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/saag/awDnMhSHggYbdAtOYer1lFPDbEE
Cc: "saag@ietf.org" <saag@ietf.org>
Subject: Re: [saag] draft-iab-crypto-alg-agility-00
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 14:06:34 -0000

On 7 April 2014 18:54, Stephen Kent <kent@bbn.com> wrote:
> Ben,
>
> Sorry to jump on late on this, but as a co-author of an RFC that deals
> with alg agility for the RPKI, I thought I might be able to contribute.
>
> It's generally useful to have a MUST implement alg (or set, if there are
> multiple
> algs needed) for any set of protocols (data formats, etc.) to help ensure
> interoperability. Selecting the MUST implement is sometimes hard, but it's
> worth
> the effort.
>
> Then one needs to have a way for all clients, CA, and log servers (in the CT
> context)
> to express which alg9s) are being used at any time, so that everyone else
> knows
> what choices have been made, when choices are allowed, and to guide folks
> through the
> transition process.

I am not really arguing with that, actually. But in the case of CT,
this information needs to be in the metadata about the logs. The RFC
does not currently specify how that metadata becomes available to
clients (and I'm not sure it should, either).

> I suggest folks read RFC 6919 as an example of how that can be done,
> although
> I'm not suggesting that CT needs to adopt as thorough a model as did the
> RPKI.
>
> Steve
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag



-- 
Certificate Transparency is hiring! Let me know if you're interested.

v2.8.7 | Report a Bug | By Email