[Secdispatch] Request for secdispatch time slot in Vancouver IETF: Client-Cert HTTP Header

Brian Campbell <bcampbell@pingidentity.com> Mon, 02 March 2020 21:51 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D71E3A0884 for <secdispatch@ietfa.amsl.com>; Mon, 2 Mar 2020 13:51:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4TWr67uTqD94 for <secdispatch@ietfa.amsl.com>; Mon, 2 Mar 2020 13:50:57 -0800 (PST)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78D663A0880 for <secdispatch@ietf.org>; Mon, 2 Mar 2020 13:50:57 -0800 (PST)
Received: by mail-pl1-x62a.google.com with SMTP id b22so317906pls.12 for <secdispatch@ietf.org>; Mon, 02 Mar 2020 13:50:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:from:date:message-id:subject:to; bh=hh7shVrPcnnqtsroD1xzj42gUQrdqwjhO9Z1u1hioks=; b=Q1TzUlZ6xuoIzkp+Gb0If6JCIepao5Y2ytoM7Sm5tyMPw5xfyksl9nxD8gXFcHY9Z7 shjJc6t7JV6gu7GhMDkR+kcUKy5iIjxwEuZXNpBtFHjK9Nv8EuNWsWUhyBoMWmELhIoC 2oS0nI8lr/hHdMIBCR2dUdEYsoh27S8xHr6icgxDT3HvUjwCctD9Xno77PfVJub14Ba7 X6+6HKI458NTx+1YyYPwHr5u/pKB8JNH+mTXqJ8U1yBcdwYIdkt1cQjwnratP+w4DzOz wjlq1bjJVFWS/hSZO0FOmabWsh2IHyuvWzyHjG5gcoItGxaNkEXHsrdDV0uylBwuvrMn Wrbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hh7shVrPcnnqtsroD1xzj42gUQrdqwjhO9Z1u1hioks=; b=HUbigFYmoRantm9uabHjB5+AV+vCDIgdkSnTOomXDpFK91gcoGwXv8J1Ph7DYMb7/u nK1kd9AhwKvaFdK6HHN0LaUN6Hfo1f7/TNqmnLSKCgi+s9kWrqWjB6e3tasBFoQDsbfS 2ZRHh2W+LrErktFmF4T8M6BDAe1a+rSUod1ajG55YP1nX93fnRv/Qkd2mhMTk96f8nCW IyrOdlIZvR8xQ2BM0pbqxNnXAKBeVT0rn7c46Q4v/fJ1Y3CvVaZyTZrQ8ji82h4vaE4r bpHTajmPsXj6t54LH6Z73xtDVjQdTUnLmQ9hPIfXAL847pRY7/aqobWiphAhlNCFuKRl 7qvg==
X-Gm-Message-State: ANhLgQ2WNAiXA+1cgKNl1SFlrJ5UTmitQU4zsaNV4VVU2KHkkCgX0Q9L 007N9EUz+BJSVYuGg2MfLXg26H0hgGe1NMJaSu9YyDMEFxDjjwb59j21Em7DXmWkvQrBSGTj8fx rXCpZxBIvIwpnEskX+tILlan4noQ=
X-Google-Smtp-Source: ADFU+vt55Q0aLq0HjOVZgHvTeemKkSkUMh9v8SgLASwCSsmJ82SQZ5wUVciKVyc2ZvzL8lT/vTUhI8auWuqtz2RV5FI=
X-Received: by 2002:a17:902:aa45:: with SMTP id c5mr1070730plr.113.1583185856644; Mon, 02 Mar 2020 13:50:56 -0800 (PST)
MIME-Version: 1.0
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Mon, 2 Mar 2020 14:50:30 -0700
Message-ID: <CA+k3eCTPisEFnxecjzpNAssSbTuUbUxQ+Hm+m+sjq__2Cpy9pg@mail.gmail.com>
To: secdispatch-chairs@ietf.org, secdispatch@ietf.org
Content-Type: multipart/alternative; boundary="000000000000996687059fe62e0c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/7JQLB8Z2vxd_3LUDAKv_mvOSxqI>
Subject: [Secdispatch] Request for secdispatch time slot in Vancouver IETF: Client-Cert HTTP Header
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 21:51:01 -0000

Hello SecDispatchers and Chairs thereof,

I'd like to request some time on the agenda in Vancouver to present on
https://datatracker.ietf.org/doc/draft-bdc-something-something-certificate/
in an effort to gauge interest and potentially find an appropriate venue
for the work to proceed (or just put it and its ridiculously long title out
of its misery).

Client-Cert HTTP Header: Conveying Client Certificate Information from
     TLS Terminating Reverse Proxies to Origin Server Applications

Abstract

   This document defines the HTTP header field "Client-Cert" that allows
   a TLS terminating reverse proxy to convey information about the
   client certificate of a mutually-authenticated TLS connection to an
   origin server in a common and predictable manner.

Discussion around the value of having something like this defined happened
in the OAuth WG a bit before the Singapore meeting (no doubt that's not the
only time but it's the one in which I was involved recently) and an AD
nudged me to secdispatch -
https://mailarchive.ietf.org/arch/msg/oauth/jQ5MAZ1XCvxWbHwqlT3ITEEQoKo/
falls somewhere in the middle of that long and sometimes contentious
thread. I was unable to get a draft published prior to the I-D submission
cut-off for Singapore and got a short "if time allows" presentation slot at
the meeting. The judgment coming out of that meeting was "needs draft".

I did get an actual draft published a bit after Singapore (the one with the
ridiculously long title previously mentioned) and there's been some, if not
exactly an overwhelming amount of, discussion and support of it on this
very list:
https://mailarchive.ietf.org/arch/search/?q=%22draft-bdc-something-something-certificate%22

Thanks.
Brian Campbell

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._