Re: [saag] [EXTERNAL]Re: [Secdispatch] SECDISPATCH WG Summary from IETF 106
Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Tue, 21 January 2020 18:18 UTC
Return-Path: <prvs=28260f06d=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 851CA12099C; Tue, 21 Jan 2020 10:18:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=entrustdatacardcorp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6NzdGvcKQDFT; Tue, 21 Jan 2020 10:18:26 -0800 (PST)
Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B09212097F; Tue, 21 Jan 2020 10:18:26 -0800 (PST)
IronPort-SDR: RcVWFl/HC4li5abS2M5cmz3y65SRLSv7Wl5tSilJH21Yi1l4c3tqPucBD42mpm0SVQLM6zzTWB XycSev/y3axw==
X-IronPort-AV: E=Sophos;i="5.70,346,1574143200"; d="scan'208,217";a="7897255"
Received: from pmspex02.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.30]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 21 Jan 2020 12:18:24 -0600
Received: from pmspex01.corporate.datacard.com (192.168.211.29) by pmspex02.corporate.datacard.com (192.168.211.30) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 21 Jan 2020 12:18:24 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (172.28.1.8) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 21 Jan 2020 12:18:23 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oL3hJaGUdVn1IP9eIbeoM7v28mHtlMmmSr3msUiBHaM0ydH5PF0Rdo6yB8+DZPYSDFN3U1eiX6LNVBEFbkjWrynsrlwzVvVLfLUWemwMQQK3e752tf94rrug5PGjJQobUTor4vbXbQBZuRVAOGj21jPjadHHUFF+3qtuV+Cztus036tgEd00piBUkmPA5nGuRfId3YRyLy6zWN7wOqyNdqIvpkcITKCPEGARfsQwTBDcQ8eo4jT2ShTSKTjTId169xgB1FgJymyK7H550VHHMlToTVWnpyhHGF0iJ9WS7QnxgEopCfwVATZQgyA8RuvfBx4YLBnbA833b3hHrpjJ5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J772LbiZsnIUsrsUqgZQP5DiINRyr3GWklgfnKHzaT8=; b=Jl1hodAKz/kun1CW4EdQUNLAp4HVFxaxSmL6G7C7irpc2nf2rJWXJQ1MjWUGWspGP4cLJMAHvqtNeE39dEcqUjMDykDeIsRUI84EgtziZOkC7PJT8SvJ/Mtfexv1ChcBjkPJ5cmq6BZIEd2Gg/nB82cuvfzBsYXg4FQRQI0MoYqKIzHfF0V8rFRBYGffRudjMUXzdTugVs0LZQNBRNjbB9mH4t5SW97p+xEXx2nV4UAmGglcNSQdthUex/ECvuRj/nZ7JKn8rU69Mf/dsMf+DVhsHAcwVDfLBoKMUYH4AUP3Owb2pNUUdhDf3dG+Hye96Dq9LHsU1wsE23gU0JGh7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrustdatacard.com; dmarc=pass action=none header.from=entrustdatacard.com; dkim=pass header.d=entrustdatacard.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrustdatacardcorp.onmicrosoft.com; s=selector1-entrustdatacardcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=J772LbiZsnIUsrsUqgZQP5DiINRyr3GWklgfnKHzaT8=; b=fX4wVStCMeEYrGZr+oeb3IJIzsA7YfJA4kARsosS/CXAwaOYTq4Jlu8HM3NEDFjEzY1NeSckBUR8FHBPcMLkvSTUl0TIhhkAeH5gfZrcxdr7zaUQa8qSKBwH8jqMVkFbBbiUOw9fybiewby79BSFVB0pTLmToJhgo2W5ioYc1YQ=
Received: from DM6PR11MB3883.namprd11.prod.outlook.com (10.255.61.32) by DM6PR11MB3995.namprd11.prod.outlook.com (10.255.61.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.19; Tue, 21 Jan 2020 18:18:23 +0000
Received: from DM6PR11MB3883.namprd11.prod.outlook.com ([fe80::34ac:ed41:2759:3392]) by DM6PR11MB3883.namprd11.prod.outlook.com ([fe80::34ac:ed41:2759:3392%6]) with mapi id 15.20.2644.027; Tue, 21 Jan 2020 18:18:23 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>, Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [EXTERNAL]Re: [Secdispatch] SECDISPATCH WG Summary from IETF 106
Thread-Index: AQHVn1vFDxHCv1ors0i+tXiIXiWbjqfvrqyAgAAb1cA=
Date: Tue, 21 Jan 2020 18:18:23 +0000
Message-ID: <DM6PR11MB3883B6A92EE8946978C6D7E69B0D0@DM6PR11MB3883.namprd11.prod.outlook.com>
References: <3088D698-1616-4A74-9CBC-4A9345E46C15@ericsson.com> <CA+k3eCQbFFc5WFGFrhQNnxS=ipeh9rjRTrRudGi2OaCo3pZXaA@mail.gmail.com>
In-Reply-To: <CA+k3eCQbFFc5WFGFrhQNnxS=ipeh9rjRTrRudGi2OaCo3pZXaA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mike.Ounsworth@entrustdatacard.com;
x-originating-ip: [70.76.144.81]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 17fc2fef-d3ec-400d-127b-08d79e9e4d37
x-ms-traffictypediagnostic: DM6PR11MB3995:
x-microsoft-antispam-prvs: <DM6PR11MB3995ED1F14393B59D3E9D8959B0D0@DM6PR11MB3995.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0289B6431E
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(396003)(136003)(366004)(39860400002)(189003)(199004)(76116006)(66446008)(64756008)(66556008)(66476007)(66946007)(66574012)(71200400001)(110136005)(316002)(54906003)(55016002)(5660300002)(478600001)(21615005)(966005)(9686003)(52536014)(81156014)(2906002)(8676002)(8936002)(81166006)(7696005)(33656002)(6506007)(4326008)(26005)(186003)(53546011)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR11MB3995; H:DM6PR11MB3883.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6Iy6cWK36QcMdw+2TOGDDPuOcGIAV+2Bc5REKfvP28FSJAI53twG1OmuUH/jqvQAJYoWRAifiTKXkA3lPcSqMn2RWfFX17Tpp2EqeTImai/pAzEoYjbenGoJ91z2KyB1vRVmfkPrYVjm02/Nh/4x/TItHECFiVKbzHHUg1+SqyC65i/+Fji2GtJaJTpZHMYme3MfyyaEp5yWXAvUewQJ678U8xsws2+hLj+ob/ydFbTtpWCo0D1PoQYRvV7M5icjdTkVphkzsVwHyZtUhf/w4RqPTj042l6yIOOB5sdBjRhDOjZZsaA3MFmhgr2V2vQ/3zvRQFZ3pgVF0XXCm3HwqKxibZJ3DCsa7kl02QTvqvAtRYT77/GxgNdr/yl9O+WdWwNgbqbcplzTBhSLobd2T9Q0opOFIc5ux51kNF9YbxfmzNtm7nnucv8Ta5V+gbIQ/A4RlhAmzC4jkc4x5kqHuENXMWDJ/Q8Q71VWiWjCULp6k3Lza7rqDti3uPvaRQNxi7KIiwQ0mE1rqJZz9pLPFQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR11MB3883B6A92EE8946978C6D7E69B0D0DM6PR11MB3883namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 17fc2fef-d3ec-400d-127b-08d79e9e4d37
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2020 18:18:23.2311 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: STru4m9K9VmxL5NXKkzFGcJq+aGWdVdioAxrupcOTSJ2S9fOoZ7X2/Uzo7YFTN0ZQx8A7SuEd2VE4Qs2AdoFNATHB8teDBQkVjUO87lVJAifOCGo5mwk45IlfkQcOBpi
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3995
X-OriginatorOrg: entrustdatacard.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/vV3drS03GUnh4GUGcqIHTmB9TVE>
Subject: Re: [saag] [EXTERNAL]Re: [Secdispatch] SECDISPATCH WG Summary from IETF 106
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 18:18:31 -0000
I support this effort! The lack of such a header has been a pain point for migrating applications with client-cert driven auth mechanisms into the cloud. --- Mike Ounsworth Software Security Architect, Entrust Datacard From: Secdispatch <secdispatch-bounces@ietf.org> On Behalf Of Brian Campbell Sent: January 17, 2020 2:43 PM To: Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org> Cc: secdispatch@ietf.org; saag@ietf.org Subject: [EXTERNAL]Re: [Secdispatch] SECDISPATCH WG Summary from IETF 106 WARNING: This email originated outside of Entrust Datacard. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ________________________________ Apologies folks, I'm responsible for the rushed and awkward presentation about reverse proxies and TLS client certificates at the very end of the SECDISPATCH session in Singapore, which is mentioned below with "no draft yet--> needs draft". It took me a little while to get through the work but I'm happy to share that there is now an actual draft available. Here it is in the fancy new HTML format: https://www.ietf.org/id/draft-bdc-something-something-certificate-01.html as well as the good ol status page: https://datatracker.ietf.org/doc/draft-bdc-something-something-certificate/ On Tue, Nov 19, 2019 at 9:34 PM Francesca Palombini <francesca.palombini=40ericsson.com@dmarc.ietf.org<mailto:40ericsson.com@dmarc.ietf.org>> wrote: The SECDISPATCH WG met on Tuesday November 19. The agenda items were dispatched as follows: (1) Problem statement for post-quantum multi-algorithm PKI (Max Pala) drafts: https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/ https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ --> dispatch to LAMPS WG (confirm on mailing list) (2) OCSPv2 - Improving OCSP Responses (Max Pala) LAMPS & PKIX discussions: Draft: https://tools.ietf.org/html/draft-pala-ocspv2-00 --> create a BoF for small focused WG (3) Privacy Pass Protocol (Nick Sullivan) drafts: https://datatracker.ietf.org/doc/draft-privacy-pass/ --> work on charter text then BoF for small focused WG (4) HTTP Request signing (Justin Richer) draft: https://tools.ietf.org/html/draft-cavage-http-signatures --> dispatched to HTTPBIS WG (5) Communication Network Perspective on Malware Lifecycle (Joachim Fabini) draft: https://datatracker.ietf.org/doc/draft-fabini-smart-malware-lifecycle/ --> check the IAB project (talk to Ted) (6) Securing protocols between proxies and backend (HTTP?) servers (Brian Campbell) draft: Looking for support/contributors, no draft yet --> needs draft Detailed minutes will be coming in the next couple of weeks. Thanks, Francesca CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
- [saag] SECDISPATCH WG Summary from IETF 106 Francesca Palombini
- Re: [saag] SECDISPATCH WG Summary from IETF 106 Brian Campbell
- Re: [saag] [EXTERNAL]Re: [Secdispatch] SECDISPATC… Mike Ounsworth