Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc6844bis-06
Tim Hollebeek <tim.hollebeek@digicert.com> Thu, 30 May 2019 18:40 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 960C812018E for <secdir@ietfa.amsl.com>; Thu, 30 May 2019 11:40:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=AEZcuOhr; dkim=pass (1024-bit key) header.d=digicert.com header.b=QYRdKVJd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id olCb5OEIWWGm for <secdir@ietfa.amsl.com>; Thu, 30 May 2019 11:40:36 -0700 (PDT)
Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B10651200FD for <secdir@ietf.org>; Thu, 30 May 2019 11:40:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1559241635; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:openpgp:autocrypt; bh=qn399naaTJFl6fhVqLb/IgosntAlBX9A8MH2QVwTi9w=; b=AEZcuOhr8rOIoW6px8Fk9DTwQBBoG1dXeDocWCPg1qpPAJN2tq95zu6C5RbqoaCXNHNgG6 5PULugZ3kHwqo8wALm4ucHCrqElHS1PpKZz5A9ZGZ2OLj3l9M3+UETtqDPablskYCZBcST SpjBBmP6680nDXN3vEIXr8Uj5PKOEsc=
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03lp2052.outbound.protection.outlook.com [104.47.40.52]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-239-lSxmm8jYP66r1u_oz-N1GA-1; Thu, 30 May 2019 14:40:34 -0400
X-MC-Unique: lSxmm8jYP66r1u_oz-N1GA-1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qn399naaTJFl6fhVqLb/IgosntAlBX9A8MH2QVwTi9w=; b=QYRdKVJdK1zs6ADQDA233aNLkdP1UsBxMU8OnHp2TCpf3DQ8fbkaT8solixmWo8jQn8+p5lKDJU+MV5LC/HEuweaKwcXpFm+VigqpC8XUQAvo9hxAZyIc94deWhPgP6VC/jvj92YxdRehctbHGIBv4tsmZaajdjMDlVPZ31qt6o=
Received: from MWHPR14MB1533.namprd14.prod.outlook.com (10.173.233.145) by MWHPR14MB1229.namprd14.prod.outlook.com (10.173.101.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.17; Thu, 30 May 2019 18:40:30 +0000
Received: from MWHPR14MB1533.namprd14.prod.outlook.com ([fe80::b9aa:dc2e:2670:8d4f]) by MWHPR14MB1533.namprd14.prod.outlook.com ([fe80::b9aa:dc2e:2670:8d4f%7]) with mapi id 15.20.1922.021; Thu, 30 May 2019 18:40:30 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>, Stefan Santesson <stefan@aaa-sec.com>, "secdir@ietf.org" <secdir@ietf.org>
CC: "spasm@ietf.org" <spasm@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-lamps-rfc6844bis.all@ietf.org" <draft-ietf-lamps-rfc6844bis.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-lamps-rfc6844bis-06
Thread-Index: AQHVFn/sWw2w7u4bbk6vxJcWe04S76aD/m0AgAACRmA=
Date: Thu, 30 May 2019 18:40:30 +0000
Message-ID: <MWHPR14MB153321BC12FEBA375EF9185D83180@MWHPR14MB1533.namprd14.prod.outlook.com>
References: <155917666691.9144.10382733252232760132@ietfa.amsl.com> <3f60c58a-7923-d5da-e500-052588a294fb@eff.org>
In-Reply-To: <3f60c58a-7923-d5da-e500-052588a294fb@eff.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com;
x-originating-ip: [98.111.253.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 010612b5-0b23-4ba2-aa68-08d6e52e4af4
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:MWHPR14MB1229;
x-ms-traffictypediagnostic: MWHPR14MB1229:
x-microsoft-antispam-prvs: <MWHPR14MB1229A4834C59ECE0F3C85DB383180@MWHPR14MB1229.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2399;
x-forefront-prvs: 00531FAC2C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(396003)(346002)(376002)(136003)(13464003)(199004)(189003)(478600001)(4326008)(55016002)(66066001)(66446008)(74316002)(966005)(102836004)(6246003)(6306002)(186003)(52536014)(229853002)(26005)(25786009)(54906003)(110136005)(66476007)(66616009)(53936002)(64756008)(7736002)(71190400001)(71200400001)(33656002)(66556008)(6436002)(316002)(2501003)(14454004)(305945005)(86362001)(256004)(9686003)(3846002)(73956011)(6116002)(81156014)(81166006)(66946007)(76116006)(2906002)(11346002)(44832011)(476003)(76176011)(7696005)(68736007)(99936001)(8936002)(8676002)(6506007)(53546011)(99286004)(5660300002)(66574012)(486006)(446003)(19400905002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1229; H:MWHPR14MB1533.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BDy0AtKRXDvgbazWhYvkovbXLEvqZPz7llhc/phKz+AwknuYdo5Jz86lmwt036F8AOYrVVrS+CQg6gtTYbvnTyhG3xgshT9wofRmvYVcQD3WxPgnm7wJTvezwbMboUw/NnFzM6iXwJjYzzSIZxwNP7Bx97tczGPpkzKp0mU87ejeJFZwmQKr7bU9eVLEzJDW1rVSqm5jidG7Mbq8eXNdGvDLyu8PfD6czNf4oEIUr0+u6RZMALJ/lcMDRDYgUvTY9zWTocjxPc4o0SHsMF6umQp69sOFO7eGr/lgQIzN/oQNMfznKVY3BMbpkBf2OC+y4BBuUhp9JzTcBK47e9jNHIf6slVaBC6t+cpfocG/tdmXiYV+N9ush/0FOL3UAw58RyQzX1SWiCkVhu/rReltOCMvidG1kX7e2ACgUS8llJU=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0051_01D516F5.9084D280"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 010612b5-0b23-4ba2-aa68-08d6e52e4af4
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2019 18:40:30.5786 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tim.hollebeek@digicert.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1229
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/-uuZME4tV32LRZcRvQITHk0h7Qk>
Subject: Re: [secdir] Secdir last call review of draft-ietf-lamps-rfc6844bis-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2019 18:40:40 -0000
Just to make it official, I'm the chair of the Validation Subcommittee of the Server Certificate Working Group of the CA/Browser Forum, and I intend to submit a ballot to make RFC 6844bis mandatory in the event it is published as an IETF RFC. -Tim > -----Original Message----- > From: Jacob Hoffman-Andrews <jsha@eff.org> > Sent: Thursday, May 30, 2019 2:30 PM > To: Stefan Santesson <stefan@aaa-sec.com>; secdir@ietf.org > Cc: spasm@ietf.org; ietf@ietf.org; draft-ietf-lamps-rfc6844bis.all@ietf.org > Subject: Re: Secdir last call review of draft-ietf-lamps-rfc6844bis-06 > > On 5/29/19 5:37 PM, Stefan Santesson via Datatracker wrote: > > A common aspect of standards documents is that they only are relevant > > to those who declare compliance to the standard. This document is > > different as it relies on that all parties (CA:s) are aware of this > > standard and performs the stipulated checks. > > In practice this has been stipulated for public CAs by the CA/Browser Forum > Baseline Requirements since September 2017: > https://cabforum.org/2017/03/08/ballot-187-make-caa-checking-mandatory/. > > In other words, the CP for this particular community of trust incorporates > RFC > 6844, making it mandatory. The intent is that once RFC6844bis is > standardized, > CA/Browser Forum will have a followup ballot incorporating it.
- [secdir] Secdir last call review of draft-ietf-la… Stefan Santesson via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Jacob Hoffman-Andrews
- Re: [secdir] Secdir last call review of draft-iet… Tim Hollebeek
- Re: [secdir] Secdir last call review of draft-iet… Stefan Santesson