[Secdispatch] Re: Request for Review and Adoption of Internet Draft: High Assurance DIDs with DNS

Jacques Latour <Jacques.Latour@cira.ca> Thu, 29 August 2024 12:57 UTC

Return-Path: <Jacques.Latour@cira.ca>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DC32C14F5ED for <secdispatch@ietfa.amsl.com>; Thu, 29 Aug 2024 05:57:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.007
X-Spam-Level:
X-Spam-Status: No, score=-2.007 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cira.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5P3PgsDhxBs for <secdispatch@ietfa.amsl.com>; Thu, 29 Aug 2024 05:57:16 -0700 (PDT)
Received: from CAN01-YQB-obe.outbound.protection.outlook.com (mail-yqbcan01on2110.outbound.protection.outlook.com [40.107.116.110]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C956EC14F6AA for <secdispatch@ietf.org>; Thu, 29 Aug 2024 05:57:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rrmes1WeMynK4k0khu08RCd4iCn69koEUoGoUra0w9tnCWuGGQ/vciAkOCq8i83ojlTMfqyCMtFmBnQc+4fkxXRG7y0XnXK+PJJX8LExJ2wm/6gCwvz9ajsgmzcG74OjMMGfV+QOc893ijikXNxp5f7MQa3U8vUIQTjBjpI2oXQ/bje576OT7PzsPuBg/BkQwWE+P4BWeH01LUPfmR5kPROo75i26L/eFfdVzikmvxAB+gLZp0KXHJlPWiRao9Ps68nCcDCKWzWKmIUq/ROExNEtlmbDUSB5zVJH97kVILz/Ctu1WTql24gV/dEpSiksfxFS9JevJbjgEg+jA908Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8nhD464s2amOdvtA8K/Dk2MTVQXpJzXdFmy+lpg5EIs=; b=LfyGdX1S3gbCshms8xeKSREfbb3JSmBJs+mwVHtWaMmvsmUAUwQcsdBgtGS9zYI41mTWYQy/qhcYRlqRJpYQTAIZ2gOlaPHi3juEmAYwr9gLMTxosroPLqP9bImF/Kv4R2FwPHzEYvtwRpM+8ERbu4/dwNnfeKARiVff6045va3amz6cNkEX+1S/sP1DkvkstEL/yLLHYnK5SnvEvcP9OsdOCoN4+ef4UDEioTR/lW3fAmDmOdalvXVglWkVKCOXRrexQzZVWbLTcGh534l8tTJfSjfYw2HR3QvlwIqknRi8yIaiAcfq+Yt7G2lxcGZf4knXK53OwjEoH+kekojKaA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cira.ca; dmarc=pass action=none header.from=cira.ca; dkim=pass header.d=cira.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cira.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8nhD464s2amOdvtA8K/Dk2MTVQXpJzXdFmy+lpg5EIs=; b=bbacWE6XGgJaBwPhobfIqtPLWrajhoTq+DgycwP2p8pU3NemhvuMStLF5FkAgk+22/GJJor7NVjDUuzTpFeCfFuNYVUWU9m3UZ1MuNcB+b4XVTXqOB9YHVYUoZfybwrjGlEm/glNBG3f0eF6xhqPuvXJcsyGIYb72ZBYykwakZpa1hM6CszNzW/O4sMdm3tspN4f7a2tpjp8H4bTossVNtZM1Hito84Qx0zabYe49AHWAKHmu4778juU31c1PqNMVws4ilaeEkeqggbr/s0HrNA8nvjEGaCqHdghkINGzVxBJh6aG9thHk4FfB3WPFydY3cLmBsCT7nSkfkoNNjbKA==
Received: from YT2P288MB0252.CANP288.PROD.OUTLOOK.COM (2603:10b6:b01:f4::11) by YT2P288MB0213.CANP288.PROD.OUTLOOK.COM (2603:10b6:b01:f3::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.28; Thu, 29 Aug 2024 12:57:13 +0000
Received: from YT2P288MB0252.CANP288.PROD.OUTLOOK.COM ([fe80::88be:cdcd:def8:17a4]) by YT2P288MB0252.CANP288.PROD.OUTLOOK.COM ([fe80::88be:cdcd:def8:17a4%3]) with mapi id 15.20.7918.019; Thu, 29 Aug 2024 12:57:13 +0000
From: Jacques Latour <Jacques.Latour@cira.ca>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: Request for Review and Adoption of Internet Draft: High Assurance DIDs with DNS
Thread-Index: Adr5hgtZRoPehWV2Tdi/+m8w5NOlRQAjEiVg
Date: Thu, 29 Aug 2024 12:57:12 +0000
Message-ID: <YT2P288MB02523F41AE4C3EBCDE33D38C8A962@YT2P288MB0252.CANP288.PROD.OUTLOOK.COM>
References: <YT2P288MB0252E6E515F3E9A5833C32488A952@YT2P288MB0252.CANP288.PROD.OUTLOOK.COM>
In-Reply-To: <YT2P288MB0252E6E515F3E9A5833C32488A952@YT2P288MB0252.CANP288.PROD.OUTLOOK.COM>
Accept-Language: en-US, fr-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cira.ca;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: YT2P288MB0252:EE_|YT2P288MB0213:EE_
x-ms-office365-filtering-correlation-id: f153d7f5-82f5-411c-2f73-08dcc82a1a00
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018;
x-microsoft-antispam-message-info: 6YIjFTm6QA6BgOlTBzFgGLHkA2+agPrNo8Xe+1kItPkq/2HbDkqJ/lGFsNJovn58NzyKsIOIGvDeVNgXbln71Z1d4Sm+n04fTIzzIv5ybyS9R7rV+zzQTb+bLxrHJ9V5kXsdAhHX2QQONkHfdteSrt5WlH1/jAGqvR62dCR00Ufl2Kg8MXhoTegHmG9++RtIJVKsBSEFVYaAt65duPu+ynyYNpfkcZoyXt35KlEraFM/1NBxj+RzhnFqNITNT1/3zsPILnSlDkKo/bUhVGvh8MhgzBL/B5oG0gMdcAppg/6+iphe3W7wXAKiiVuHTkAsNiUJ4YJXYtRn+9LwMqmdVQoATCZ1gXf+n8CuyiX2GQUDCFyzIYnRz5OAZgrs0tVLhmYLr39w4l9V/B8SWi0D3vo0rFmeU5m765qcM/M7VXSEX6B7N1vf3mUSxmasSNthZhfdqcT3N16zjMDpnNzuvHdo2nfPgHvpIFGycryMVcktNdVBJXy6jgw0g8ZAagwas29O/3WqXdPdDnl8+C7tcez+xsTAcLJJ5PcUIAqeuUNEDjPKPR640//uuS18ardDQLD12N+5/fgA+iqd6SXhG7w7ne7/ChgXti+U6l7eUmA+d0FzCJAKFcsK0XeIM9qA1rkgapZXoJaLImwbnRa3fRgPmF2x9EgIaZHbcfpR1k2hpgQ3UmOTqmCNIXVig+t7atptKd/e4DwQUDZUkPCLxEXY8yIBc6jiTWax4ChxyehiEDJxZRbQYTYba8wiBMkuFlnUJ1FcadFvTbOAXo0hp/53Ik+c9uHSxmhdPbEcz0xaITTG7SZqgiumwIhOB07PQdBxJB0mMvGarwM7xSMwe++KjpsPEy+rHhV2A51LoEmSQ0Tsf2Hl0UhyOIEht0hRm3HK9l6UoMKUS1fka/44ZWsmml+K7A1BrSRO7FD+bBX6490uI9noDiVetMjCGXQqxgD3FikqdYByHm5rpybmkehd6BH0KXQPLp33Ny0BACS3TAfoEanuW26NWGfrTEsuTUPUgGWkhKQuacu660Jo5lww6zRnxcPWTeqv7okXxWNWsBZ34aqtqZWc+ovOe0iI4IQt/yPltPWQ++hknlnAHPT9XdtrXnSYQVNZcFPV7I4ZFsLseKlNMp0RqLmnLSnps+i6vz2H0Hi0OoRWty6ksniKmsbpFD6q8QYu5+C5ysJhRn9Ul1xZl+fCe8OEYcaiRRNPfV9CtTz/1DwnUy1kyOkhrA4UU/PG7OlCPnuwL4qgQ5qNkVIoSkqO9M2tB2gLiC2BKfkrf2dgo5TKjzD6IyjzevNU1AQVt2/iCcKAkYNKDaes2J9+zoL0DolHsIHdT9iPlpnzcVWl9MOxV2d2oKOGG18V43G6S0OH7m2amPQ=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:YT2P288MB0252.CANP288.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: wKHeudvuyLRaAPAN5VXpFP3VTYSGfO8B0spdaza6KmuDp6Cgl5CzxHaaogSJBdhw2lShNjx46nRqXw25KYGHhOrP3HvyX8uwICgFpodgPrwI5U6MpTwoUI1BX2/yqHqCRnoR9O+8mRxM6K/Mo3+49bScO51cuZT0vQ3oOJAFm8IsCLxLeR+nyMfBKx68daXuNCoqyi+z2ApXIc52n3XMfbJ8+7+e9Vn1BkwOIOrCPNUgP3ZcgJx7bZmOiCLWPjyCFIrQnOjVmeqNDcimdv1cseAmSOmIbVVTjpKOG5WU6goNupdfXoNQZQr9U9E0VoyQw0DvcJLxVZLhvijovx6ROhGf/wlDjhrRrUful4lTQN+MSRvVi/7DWRBW/QH28E+8bqr16FkFGtnq61687ohH7uxzEonnpgzM0YqVuCSIpEPb0NfiyW8NuDYR3FN9CgtEi/0vf0gbzjozv3DxBxVvc99J/jV6pjquRZnLcQ1fNHQ+cPg20qYHEqlStbk0pQ0DO/M+9AN/oHHqHZdt+J59O4gaHj8XUqUFCTtE65eCtGsbjPuALnoolzXSIXoc3aiTx2KSESrzTa6eJxisp4dUbqQ5g7NXwJEEi4AUT7WneQqDzM3liZ1r5Zf0+5BGWFP/vqeGD4pqKON96++NdyvM1/ZV2ao2kp63OnOVdpCEJUjikpg3XZmJAhLJdTEo0foOBCORFRtYj5bc8zfV3NZTRPbXkDwrrmgRPmz/NPxsMx40NcJTTh0JbR0+unQtMyJwy1brtEMs1Amulbc2aD6cRBeljakcdxh1MSv3NEEXdBp59GJqfdW3U7qXnqUVlGjvnX65lprr8QOcbOOmCWsDX8sKkuLyGHenGOPv5ESagLL8JW6vj5nPkmPq1jq1UMtK/m1rD626ij1/2ZY39eP5Ori8N/FtJhkZxC0Lai8L7pJkaIJ0Jdn9UO12r098BP33dc7E7Audzk4mmfHJJhcD8Uo4DVQ4ny9OM8nEeeC/uDV5JwqoRnC7y0m8a3g1GH/t37+wJ8SqFtv/rLdUuuZh7BpnDntI+jXY+YsTfMCktv0MqnJsRJUNB5/JYM4xvjDLRb2ckAGKVLpO3TC9zkZdzLhPdthRGxDuu+Ycspy9eq1naQ+pjuMcCmVtdzMM3r8S5pqMzqcZcfvnUd585komIOVIAGWehdQAn7R4HiG6HLQzCtRJh1aSaSNiPqh0nOp+7NlZr5rENwtmJOenjnvsIPULsp692IurjZtgC0ZTAM7RBGMn4DRmxzAYbJdNrNzwH/J8GJ0GtfZ37yjrcOA89YSb1YN/n1NcVCmWbORBp2IwfGe5gcR8OPAmn9Ss3bZ87cWg0o2QSjt2jHBs4Gl9uE8c9HK8ph8x+8BSW4CO5iqKfAjqn/nRsQKUd+PZ5RuSvkRCno0LuOHGlB2fwL/rphbbPi/QWxslZMj1HLGS+He00cH++YIxVr7EQJE6iHU6dBTCS1oGln55b5EPPC5uc/edVMpdu8TG0Wf0Di39ikq6YvA0/4EZIez61Y6cup9iBX45KN+QRZxbKfpKEM/PCXJdzHuFy+nbjcnXISQJ84apEgc4aTafoyFCcl8ZhKuOTQrwgJJVJRZf9oBE6PivDoW3+PQz6+sGPu6NhT5CWaTGJ/pEzD18wHo647viAUcO
Content-Type: multipart/alternative; boundary="_000_YT2P288MB02523F41AE4C3EBCDE33D38C8A962YT2P288MB0252CANP_"
MIME-Version: 1.0
X-OriginatorOrg: cira.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YT2P288MB0252.CANP288.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f153d7f5-82f5-411c-2f73-08dcc82a1a00
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2024 12:57:12.9980 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f349b30c-7550-4f17-88da-269417631f54
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tpQwHp1cHbCptmnVhKHTXC8oe0A7G+mkZhItGzwYG9LMte/QkIUjalBSaw55Sl10Az2LAtHW8OxwC9C0L/2ZRw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT2P288MB0213
Message-ID-Hash: AAZ4G65CAC7ECLWOFFN5D46DURB3YGOB
X-Message-ID-Hash: AAZ4G65CAC7ECLWOFFN5D46DURB3YGOB
X-MailFrom: Jacques.Latour@cira.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdispatch.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jesse Carter <Jesse.Carter@cira.ca>, Mathieu Glaude <mathieu@northernblock.io>, Tim Bouma <tim.bouma@dgc-cgn.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Secdispatch] Re: Request for Review and Adoption of Internet Draft: High Assurance DIDs with DNS
List-Id: Security Dispatch <secdispatch.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/UjWIfTtH8DkfNE8KAR5ME-A2IuE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Owner: <mailto:secdispatch-owner@ietf.org>
List-Post: <mailto:secdispatch@ietf.org>
List-Subscribe: <mailto:secdispatch-join@ietf.org>
List-Unsubscribe: <mailto:secdispatch-leave@ietf.org>

Hi,

ACME recommended this should be sent here for considerations.

Looking forward to see what you think and where home is 😉.

Jacques


From: Jacques Latour <Jacques.Latour@cira.ca>
Sent: August 28, 2024 4:30 PM
To: acme@ietf.org
Cc: Jacques Latour <Jacques.Latour@cira.ca>; Jesse Carter <Jesse.Carter@cira.ca>; Mathieu Glaude <mathieu@northernblock.io>; Tim Bouma <tim.bouma@dgc-cgn.org>
Subject: Request for Review and Adoption of Internet Draft: High Assurance DIDs with DNS

Hi all!

First time asking for an internet draft adoption.


·         https://datatracker.ietf.org/doc/draft-carter-high-assurance-dids-with-dns/

As one of the authors of the internet draft titled "High Assurance DIDs with DNS" (draft-carter-high-assurance-dids-with-dns), I am writing to request the ACME Working Group to review and consider adopting this draft as part of your working group.

The draft proposes a method for integrating high assurance Decentralized Identifiers (DIDs) with the Domain Name System (DNS), aiming to enhance the security and reliability of DIDs by leveraging the established trust infrastructure of DNS. We believe that this integration aligns well with the goals and expertise of the ACME Working Group, particularly in the areas of secure and automated certificate management.
We would greatly appreciate the opportunity to present this draft to the working group and discuss its potential benefits and implementation details. Your feedback and guidance would be invaluable in refining the draft and ensuring its alignment with the broader objectives of the IETF.
Please let us know if there are any specific procedures or additional information required for this request. We are eager to collaborate with the ACME Working Group and contribute to the advancement of secure and reliable internet standards.
In terms of support and reference for this draft, we have the following references that may help justify our ask.


·         https://dhs-svip.github.io/requirements-for-decentralized-identity/TrustArchitecture/

·         DID Specification Registries (w3c.github.io)<https://w3c.github.io/did-spec-registries/#dnsvalidationdomain>

·         Trust DID Web - The did:tdw DID Method (bcgov.github.io)<https://bcgov.github.io/trustdidweb/>

Example DNS implementation:

$ dig _did.trustroot.ca uri +dnssec +multi

_did.trustroot.ca.      3518 IN URI 0 0 "did:web:trustroot.ca"
_did.trustroot.ca.      3518 IN RRSIG URI 13 3 3600 (
                                20240905000000 20240815000000 17999 trustroot.ca.
                                4CJsquY7BEcA2YX1iWHIKzXx4lEvWa7k8JWNbp4zu3dp
                                KQXdwZ73geTKgzfNz9g5+HyckxTyNyz8LU8lA+G4lg== )

$ dig _did.trustroot.ca tlsa +dnssec +multi

_did.trustroot.ca.      3527 IN TLSA 3 1 1 (
                                CEEAD59AAE176DDD8889DF0B02083CB393D07655CBA9
                                D668EA334ABDBDB72A39 )
_did.trustroot.ca.      3527 IN TLSA 3 1 0 (
                                302A300506032B6570032100C300A443F0427440AC90
                                BDA85B4F97896879564A7AB649B976FA7D15FEAFC225 )
_did.trustroot.ca.      3527 IN RRSIG TLSA 13 3 3600 (
                                20240905000000 20240815000000 17999 trustroot.ca.
                                z/E+jECtQzNi0zcBcrVa8P8UKiHx5SHcSEmN2vR6Oe4t
                                nfvjso/8/ZXo/IlWtoqgIYrCeJJ9NLFTu/q0cGwUIg== )

Thank you for your time and consideration.
Best regards,
Jacques, Jesse, Mathieu and Tim.




CLASSIFICATION:CONFIDENTIAL