IETF Logo Mail Archive

[SCITT] Re: Issuer signature creation and TS verification

"A.J. Stein" <ajstein.standards@gmail.com> Wed, 03 July 2024 04:19 UTC

Return-Path: <ajstein.standards@gmail.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FE4EC14F703 for <scitt@ietfa.amsl.com>; Tue, 2 Jul 2024 21:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JUXIAzyUvgZi for <scitt@ietfa.amsl.com>; Tue, 2 Jul 2024 21:19:07 -0700 (PDT)
Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30F8DC14F6E4 for <scitt@ietf.org>; Tue, 2 Jul 2024 21:18:56 -0700 (PDT)
Received: by mail-io1-xd43.google.com with SMTP id ca18e2360f4ac-7f63db7a69cso154374739f.2 for <scitt@ietf.org>; Tue, 02 Jul 2024 21:18:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1719980335; x=1720585135; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=O5g1oWNybsOwZiq4tBfCCeoxrLKnSmhGDmJHdEl0MP8=; b=gxMFBt7WdIFJtDWCjD5JK6SqSW4HjfvyvCr4j/mfg1eQwB47u6lMCz0wqBJhwWey8R ckGjhf463FQ7SADxmi/1hxO73pMgrBvEAIe/LDqC3eeXLiZIlsNSFyKxL7WeVAXX5ALp gGjkSbHTNMiDDyaNZAaH1ZFUvIXZasik3tIDiB2ULzhXVRy+8fGQo12H2XAKVKV2MGgI iM0gvGzIzut9kowC4qaT5R5XRm00pJ6BvQOCHdsug+5YrMdsRrXbT3RT8sc/7x2ch7/d MfsKiO3errmk1t68LJczHpE2CTczUHCR3jZfdyDCnPiErz/bJMuS4k3mCqaV4nUXG6Yi X3Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1719980335; x=1720585135; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=O5g1oWNybsOwZiq4tBfCCeoxrLKnSmhGDmJHdEl0MP8=; b=c1RLPhmL/ieWR2KkjhOnEhP3h7Ay42ZHi6IneNXkmBnH50GvxCrjSzK2pAZcAzjG3P NZekSliy+lk5becUws6QcHerUUPteRzjytZXTTCqYERlGN3iNwifUS3Sj2qQEB46S0LQ gxZGeStLaRWuOs7B81aj/Xfr25TL79bzawRyEXbA3wl59q483VuFycipCXdasWsWG9Cp CniLJSB7d/ZnfLkAtoGUwhpkgoc61/siMzmMp6g4H8NjB62XyFpWxXoKwwVH6lWC8koa gT6YBiObuqnLJRLf2HLXhfK8dUI2FzN8zEg2FwTVTmwSxgDEQnz9XtzyVUkZi+jK9RUw 3UJg==
X-Forwarded-Encrypted: i=1; AJvYcCV0KJjWymgcvae8+OU9+OmJEtI9vRKwcH/apveGUFnl1XLpRlsRXGEoqA0yDPRiyljUHvDtOx74ljW1mI8FJg==
X-Gm-Message-State: AOJu0YxpTtzO5L+/Uz5NV44PY19Gw42FvLFzVLMN5mcS/ImMBqwCIN28 UbhGXXPxS7oWWoA7iLe8cFWM9Ml0sG/ILdFWSfzZsf760sbgSN1i7ClxC4Raf4IRNz3cev8hj10 jfvHj5GgnR/rS2ZbEYUI9v5xXrF6JD3wm
X-Google-Smtp-Source: AGHT+IEh9FsVLIYVkj4KNE9fkBH90G5CKAeBYQdlIk9mayrllBj8NoyPK+9mLQ2JDhxVCtctUDB6LTVGBW6ym/fquE8=
X-Received: by 2002:a5e:8c05:0:b0:7f6:2b2d:8ad4 with SMTP id ca18e2360f4ac-7f62edff929mr1142298139f.4.1719980335538; Tue, 02 Jul 2024 21:18:55 -0700 (PDT)
MIME-Version: 1.0
References: <CAMvBLPKW4CJPUV2T-efj4jgtYaK2qzcqX__8UuNC5mLsmQRk-Q@mail.gmail.com> <182E2CEC-4775-4F8A-848B-C20C5D731664@datatrails.ai> <SJ0PR17MB4334D48696B8E7399CBCB606D2DD2@SJ0PR17MB4334.namprd17.prod.outlook.com>
In-Reply-To: <SJ0PR17MB4334D48696B8E7399CBCB606D2DD2@SJ0PR17MB4334.namprd17.prod.outlook.com>
From: "A.J. Stein" <ajstein.standards@gmail.com>
Date: Wed, 03 Jul 2024 00:18:44 -0400
Message-ID: <CAMvBLPKbA9NzCO-dvs1XNhuzNJak9oD7BavJzpycduOygPnNeA@mail.gmail.com>
To: Steve Lasker <StevenLasker@hotmail.com>
Content-Type: multipart/alternative; boundary="000000000000ebab7f061c502092"
Message-ID-Hash: YPARDCJ3OKEFQLAYQHHR7P3JYJKOMHQ5
X-Message-ID-Hash: YPARDCJ3OKEFQLAYQHHR7P3JYJKOMHQ5
X-MailFrom: ajstein.standards@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Robin Bryce <robin.bryce=40datatrails.ai@dmarc.ietf.org>, scitt <scitt@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [SCITT] Re: Issuer signature creation and TS verification
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/YJyBPITaaDsJxrKtx2Ae2ZiRzaU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Owner: <mailto:scitt-owner@ietf.org>
List-Post: <mailto:scitt@ietf.org>
List-Subscribe: <mailto:scitt-join@ietf.org>
List-Unsubscribe: <mailto:scitt-leave@ietf.org>

On Tue, Jul 2, 2024 at 11:03 PM Steve Lasker <StevenLasker@hotmail.com>
wrote:

> What this is saying, in summary is:
>
>    - You must have an issuer identifier, but no specific type is required
>    - *If* you use x.509, you must use x5t
>
> This is essentially a profile, without specifying a profile, or an example
> would be a simple step
>

Thanks, Steve. Going back to my question about normative text, does that
mean for an alternative system with kid to be specified, one needs to
document an alternative system later on with verification procedures to be
conformant? It would seem that is implied by your analysis. That may be
something we want to make more clear in this section then if so. I am
curious if others on the list feel similarly.

v2.46.0 | Report a Bug | By Email | System Status