IETF Logo Mail Archive

Re: [Secdispatch] Requesting agenda time for draft-rsalz-use-san

John Mattsson <john.mattsson@ericsson.com> Wed, 03 March 2021 13:32 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F8B13A115C for <secdispatch@ietfa.amsl.com>; Wed, 3 Mar 2021 05:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m8lpB0xqntDc for <secdispatch@ietfa.amsl.com>; Wed, 3 Mar 2021 05:32:27 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60044.outbound.protection.outlook.com [40.107.6.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35C473A115A for <secdispatch@ietf.org>; Wed, 3 Mar 2021 05:32:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iDlQBMbVKkJSFCaWiGkOX1mSF0+HqzW7RsqzrUNumC1H1M0e+euBpTi1HYDycfGB5Ch2rlfJMvTbat28dRuizbt0FhQehAy97TWgLhUbemV1DpI7YLCBkAufOmuld6l6mk24ZGduVp9wx1cbVnqUTnv6MkL/z6y52sw1Mk18McPkzSSXMLCUqEs7mYThSLXVYe0jgIwoT/BnUYq1zgnkgMQXdQY4/wjQgQE7waMEpViKuv3tOKg6MitDma98AYy7U1F7swUNscbYnsVfc1vrLQqpI6VMtvLqtHdFA2DwF9S6r58RhKDsKQQeX2SH55qfkRgoxJIP1VG1XxsErHRPlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AQ+c/Sy+McP83KQZvfcKJmNVlFGGwGGHtVJy8KGx7X0=; b=kay9bU397I3ujODgOL3BJzv9fH4kAyrC2R6Gols35yeyssY/JErK9Dr954voype+dfTMel0/icDMDJpouAAA30ilVIvN9v2Eb0yME10VDOz6G2EPidkOEDIgpTpULcm+JH1TgKyZIFpcO2gHi+DiD/uoClVnGeNV+dAoy+i2E+z97HYvi3MLlFnT3SsfaLipyS55qlL72oR1p+frJVFaHkZWEckgh3ywH/kXIXJM7Ykgabaz7JcvlQyqXdMLu7d6Oj1E/5GZJMWHej5WrobsiODbVqCvsxSBWUiprC0gnx+HuM3Tg4olZH82hQqfnXAcbekB1JY3CszxVBgfICLSIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AQ+c/Sy+McP83KQZvfcKJmNVlFGGwGGHtVJy8KGx7X0=; b=jUfgPJRuHoO0yw7i1yS+i6pqe2Fg8/gVM0pLMnspdNnmtYBuJWGMNwZNDolTAE4AfR58BCyWR/yOwSnSIB/wMHYeWzsr1NVMsz8nkBIRY/JpdG8E/K3YE2FHbx+JUL8HcVzUxih4kiEApyjvJxGjhU+aQqJSmUo9SJPKEc+ousw=
Received: from (2603:10a6:3:4b::8) by HE1PR0702MB3610.eurprd07.prod.outlook.com (2603:10a6:7:7f::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.8; Wed, 3 Mar 2021 13:32:22 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::69ab:83ff:dd6e:3536]) by HE1PR0701MB3050.eurprd07.prod.outlook.com ([fe80::69ab:83ff:dd6e:3536%4]) with mapi id 15.20.3912.017; Wed, 3 Mar 2021 13:32:22 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Martin Thomson <mt@lowentropy.net>
CC: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] Requesting agenda time for draft-rsalz-use-san
Thread-Index: AQHW+wyJezb1AHqFOUaUt+h0/CBr6Kpx3QeAgAAQXgCAAJCMgA==
Date: Wed, 03 Mar 2021 13:32:21 +0000
Message-ID: <0475F1DC-2242-44B6-8A70-29A23C1C67E1@ericsson.com>
References: <619EB16E-48E6-459A-A63A-18A805F75D34@akamai.com> <b8378d08-5ee9-43e1-8260-29803b0ac243@www.fastmail.com> <20210303055500.GB56617@kduck.mit.edu>
In-Reply-To: <20210303055500.GB56617@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.46.21021202
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [81.225.97.222]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: acfc68e8-a3a3-41f7-11e9-08d8de48c662
x-ms-traffictypediagnostic: HE1PR0702MB3610:
x-microsoft-antispam-prvs: <HE1PR0702MB36103E45BB98AA757E3A815189989@HE1PR0702MB3610.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: famPfEZDngEZblWh+zJdqILfzNuFr3IqxcWZxt4t2ZpLUfRd+gIENe7DLtY4eoOjL73/Nw4e6BEns3CR+y64gItW8c2z8iH/g96awmHKxbljgYvBmZyr3X8lA7i4QGu5THNs1w79fpZ5x3Bfw6UY1dDJI0qnvK7tR+VmkGbUpmAbOFqkLrDQvsycu2lOZSSkdNVWzz0jSsBB1R1BBSIM7yMg/ZV4+0lrrRA3G17et60WCt5JFcLpPU8FSkV+fjI5U/QTdPVgt/L5I1usWYK3dEa76CjVpbEVQW0DaPUp1kWWSUCAmWV0y7tHiV6b4YietCIw+feiAzkfJnf/4Vhoz0L3HzbavjjoLRcbIXl3zDfIP8uaDLOrecEpz+yJGm2ky+p03pSoe/ja3FHIoNmo3jW7C5qBQlUAlB8RsEdt5BrNgd+HAhA8jEF7uicmJxUi1RWXPFF4i1T7aMDjclACE7cAZ9CgU+J120f9nIi1qjFEcZDvyOkz2wkqFx8pc6ygSOXnR7Y3e8cutoJz2z8LhI44k+oYM7JjTvzdMoKcBihPUhwK95ztIBrVGyEdR2rclzeKSfZCpoPkgpKW6bcbYpQc2A1rkue1f9cduVAyPP6VZJhtNdvzfTpmXJjKrdN3LRr4pSCkyz4rDCMR7chpdA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(136003)(366004)(396003)(39860400002)(2616005)(83380400001)(966005)(71200400001)(8936002)(6486002)(36756003)(44832011)(4326008)(2906002)(8676002)(66946007)(6512007)(76116006)(66446008)(66476007)(66556008)(64756008)(478600001)(316002)(110136005)(5660300002)(33656002)(86362001)(6506007)(26005)(186003)(53546011)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: slF+qnBlxZHeHDN3yXfHeJoIsS/uQC+l8rkX7NCF5qOZlK60Rxry95hsEvfbuIvcX/SQ38/kDT5aeNul01JtOwfYHXFXEQZayDpUE9EFEBYAe9VoM5VoEubZ54ADRIdzjw4Y4+f5+Qmpvgwf8oO+IDnsSEm0hHz/PYDBZxDshh2cClhKdWVsDugSyYdFBPswW2htVzU+ILR9JFML5gC0/Ijhlzfa0Fqhs81ZAecjM9YHMUYA72w1ebqM5HFV2H0IRxwR5Qv1EgqsCNtIbkadJvw2dUhmgp9HT9sqB7l27YBB8Rdq4iq2dg3gCma59esVbfp5GYpIi7o0IpJjGC8rwGTeYBivrSGIwrB/Q6GaBVJE3IDhRbvlat5tfjPnpmIjVBEHg3EG9fVyMTbSvrueTG213bYTpBsCr+dJsqrk5CNxKWy7DUF/42QRNb2O2x6Zjk+7I0djVoP7T2MjI52wKhwU0eShVxkZUbqyYbvIiVWvebzDZti+jx3kpxETfJRYh+HVG4WUYyjLGnBQ4/AnUEp754FJWWMEf/3diSYmsQRPYmJmPgLOlx95qltgdVuwwJzAcIwOchbhzoekKukzkAj4eLRML/7RBGIQX0ych3DDRkfiWDRZF2SA7Y3gQ0kOMGEolTmeMmiqAUZZzL1Ql/6xLdE2OAvhAuNvDSxU8MUMDISoVIk6+JT8ZjylQ9P4WurD1jnG16Farbsw+IOPt6Od1renoffeWbowLU99cIyJXOzDQ/NJWFzNXm7ywSLL46x8J02PzA9/KmaeHhQnsY0rNv57aLd65aETXf8Ao4ChHq9MSG7FYxOsnxUQZW1+6kdE5fa+ODPamlnf1wb319hpXp2BpW6moDayHVL791C5mA6Bt5uM5f08fmikSc2U4AyyNCNT7GFaCyIIb/hOaQcLSEAEBcea9GiempHQ07zNzXTZMvJo7gG4T5IZt/XglXBtBB37087EnWAWmw2xZblgskgfidn8vqsS7R0rCxnNubHXE75fwIKiAGDDrIVBw5vanbvQhI1jT7hsSv8ZStyiaZNC9AnI1aaxacTKWflpLkUBBYPJXP9RZHR5ZJVrPRQTKUW+gKnkcUn3VS7umS1d4JEOPPznhIPHLbvecj7J5sJokS92UBrtShMC2wMStJSsD2/JAFmUeB4QGzJJH6bHc8RGb2BBwvoK10nCBa6wB1VlhcYKbwrrAegFDfEC6X/kAjN+PeDwhNwer/w4T3IPn2zEazWj/LJC7IkGMsCtFdfDRYVVzOzK97aRDrgM2BZnYaXQ6T71+uGiPT76rLELHDzrBAwQ0qO/yXiFIczqy3LO+naSRdYi67XTB9TF
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <5F811FF0BB894249B07D6DF9DCB62B0A@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: acfc68e8-a3a3-41f7-11e9-08d8de48c662
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2021 13:32:21.9522 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dYopGrmtVS2nd0BtvhnmFPirMBRmssBDbRfa3xoQ6HAV74bGMvAUqdCvA8meLPC28BsdMSA5wDjbsYc35t7lYXq15Y/aDqiHX1bb0E+dMX8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3610
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/J64qe5jSgJk4HCx6Odu5q8eL8FM>
Subject: Re: [Secdispatch] Requesting agenda time for draft-rsalz-use-san
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2021 13:32:29 -0000

+1 for draft-rsalz-use-san
+1 for Ben's list of things to do for updating 6125

RFC 6125 is important. I think draft-rsalz-use-san and Ben's list of things to do for updating 6125 should be part of RFC6125bis done in a WG.

John

-----Original Message-----
From: Secdispatch <secdispatch-bounces@ietf.org> on behalf of Benjamin Kaduk <kaduk@mit.edu>
Date: Wednesday, 3 March 2021 at 06:55
To: Martin Thomson <mt@lowentropy.net>
Cc: "secdispatch@ietf.org" <secdispatch@ietf.org>
Subject: Re: [Secdispatch] Requesting agenda time for draft-rsalz-use-san

On Wed, Mar 03, 2021 at 03:56:25PM +1100, Martin Thomson wrote:
> What Rich is doing here is good.  ~~SAN~~CN is dead and we should ensure that our documentation reflects that.  (Even at the time of 6125 it was a holdover from a previous era.)
> 
> Is now the time that we get to talk about other updates to RFC 6125?  Because there is no IP-ID reference identity in RFC 6125 and HTTP had to define one just to document what happens in practice: https://protect2.fireeye.com/v1/url?k=6c98cf38-3303f613-6c988fa3-866038973a15-d092f6bd04e72169&q=1&e=aa803440-e857-4dee-a5fe-3c4ab8ff3e81&u=https%3A%2F%2Fhttpwg.org%2Fhttp-core%2Fdraft-ietf-httpbis-semantics-latest.html%23https.ip-id

I do have a longstanding item in my list of things to do for updating 6125
in this manner.  (Note that
https://tools.ietf.org/html/draft-ietf-dtn-tcpclv4-25#section-4.4.1 has
also had to define an IPADDR-ID.)

I *also* have a longstanding item in my list for doing something analogous
to 6125 but for client authentication.  That, however, is a much more
open-ended question that should be a separate effort.

> I don't want to get in the way of making actual progress here, but knowing the difficulties with getting 6125 done, it might be safer to do this work in a working group.  I have no opinion regarding whether it is a new one or UTA.

I am hopeful that the UTA chairs can provide some thoughts here.

-Ben

> On Fri, Feb 5, 2021, at 02:43, Salz, Rich wrote:
> > I would like to present https://datatracker.ietf.org/doc/draft-rsalz-use-san/
> > 
> > This updates RFC 6125 to remove commonName as a way to identify the 
> > server; just use subjectAltName.  It also limits where the "*" can go 
> > in wildcard certificates. This is a simplification of widely 
> > implemented existing practice. It may even be de facto what's mostly 
> > done. Perhaps the wildcard limitation is controversial and I'd be 
> > willing to remove it.
> > 
> > 6125 was AD-sponsored. I think this could also be, or perhaps it could 
> > go to UTA. I would not present any slides, and think 10-15 minutes 
> > would be enough time.
> >  
> > 
> > _______________________________________________
> > Secdispatch mailing list
> > Secdispatch@ietf.org
> > https://www.ietf.org/mailman/listinfo/secdispatch
> >
> 
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch

_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.org
https://www.ietf.org/mailman/listinfo/secdispatch

v2.23.0 | Report a Bug | By Email