Re: [Secdispatch] Marking SPKAC as Historic

Eric Rescorla <ekr@rtfm.com> Fri, 11 November 2022 13:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F908C14F73F for <secdispatch@ietfa.amsl.com>; Fri, 11 Nov 2022 05:13:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QiJpXqLku_k6 for <secdispatch@ietfa.amsl.com>; Fri, 11 Nov 2022 05:13:09 -0800 (PST)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5046C14F607 for <secdispatch@ietf.org>; Fri, 11 Nov 2022 05:13:09 -0800 (PST)
Received: by mail-io1-xd2f.google.com with SMTP id z3so3527330iof.3 for <secdispatch@ietf.org>; Fri, 11 Nov 2022 05:13:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cMsc/z2mnXHh5yiHA4lnZV0JEDVHLBKX3NBB9Gsqj1Q=; b=atEkGKFHncUGuQF/YFIBJ1rz0fw8qPQT6IKtoUCpHgjJWxy9uVEgB2QyBSx7N1CZ68 r8SqBJddAJpNymi49J/8aQJU/BGCTnJZDesbZjmQmR8ee5BQPOFMyXkITWrUGIaSQEO/ 2pwtl8mveTaE1UUwg+Q6TcO+oYRFEuNgdh89z7RFO5t5pM1hnClQWhMOF3sW2xBCIEvL B13mjA7ReXogozLzP1JRBW5pNSzvv5/R7HAhyUzZpwB+mJiVhTbcxB3yZZpOnoW/vmCl weLbH7inCEp7GhpbELV5ih4O58VPpY9y0YQ0a9C1K4DUEXELHaE5cNsuALTkKwQVe42G h0Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cMsc/z2mnXHh5yiHA4lnZV0JEDVHLBKX3NBB9Gsqj1Q=; b=SB+78BkqFw6DyLvtbCT15ZNMfOQOHf0y4N3x4tgG09utoD1LzXE1G80eCRlvAxmxan 3hU4sbqMlr11Ehd9S/Ws2wPzpVY0K/KPegzF094DWILeXNm1HTU9lgeIAPVzcEMx/76e q2d26NVCvID4wYLCSNsvDCvOSI3hsO5xVpT2ybu43E/VdXwBWNg5ruGhML8najy6gJDj XLzf2qgMzu75sLcNlSnBbaNia0xxFfXVB+6GxkNdt7pvrmga5dHTrOZpcVAxCs7B788f KANejuK/F1U6cjPdaH4griZw04yPd+go1tjWxi+Iqwio0LbwZt4buHQrAdqZLoW/vCx/ ml5w==
X-Gm-Message-State: ANoB5pmB8p8/1nlxs+H9KiQuAO/vqdj6GgYLrvKWKwpBjFG8fUrhG9KG u/z5AZyzi3IECb2DXFPgbWG8DokS4B9zv2YzF6vxwA==
X-Google-Smtp-Source: AA0mqf7Bh9CsSiS1KNm4Amu8xlVGU4KUksgoJ2sl8uHUN9WMFgmLLOQqHH9DBuvjM+L+p5Q62izzu3MDCQKEbUiAxag=
X-Received: by 2002:a5d:9441:0:b0:6bb:f826:cf78 with SMTP id x1-20020a5d9441000000b006bbf826cf78mr909147ior.216.1668172388965; Fri, 11 Nov 2022 05:13:08 -0800 (PST)
MIME-Version: 1.0
References: <CAHbrMsAPOw-PRHOh9OO1fU3tkN2ywWvAihG-2xWyu_SPgTYzLQ@mail.gmail.com> <584441.1668168367@dyas>
In-Reply-To: <584441.1668168367@dyas>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 11 Nov 2022 05:12:32 -0800
Message-ID: <CABcZeBOBcyoxL27++FTOgiTLckB8LfdfwncXWRNmriGvkfLTug@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, secdispatch@ietf.org, Roman Danyliw <rdd@cert.org>
Content-Type: multipart/alternative; boundary="000000000000ab3edb05ed31a653"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/tEWgesFpYfAOV6gcXtjaJ654vYQ>
Subject: Re: [Secdispatch] Marking SPKAC as Historic
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Nov 2022 13:13:13 -0000

On Fri, Nov 11, 2022 at 4:06 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote:
>     > I want to float the idea of marking the SPKAC Informational draft as
>     > Historic, assuming it is completed and published.  I think that might
>     > accurately reflect the consensus of the IETF regarding SPKAC.
>
> Why?  Because MD5?
> because you think there is something better that already exists?
>

I'm not Ben, but at a high level, I don't think having a format like this
is that useful
at this point. Modern practice involves binding signatures fairly tightly
to whatever
protocol they are used with, and a format like this doesn't help much in
that case.
For example, you wouldn't want to reuse SPKAC with something like
TLS Exported Authenticators or WebAuthn because those need to specify
the protocol bindings and have their own encodings that make more sense
than importing ASN.1.

The original use of this format was for certificate issuance, but the
community
has standardized on PKCS#10 CSRs for that.

-Ekr


>     > Marking a document Historic at the time of publication is unusual,
> but it
>     > seems logical when we are (finally) describing a format that has seen
>     > little use since the 90s and is not recommended today.
>
>     > I imagine that the sponsoring AD can choose the status without too
> much
>     > process overhead.
>
>     > --Ben Schwartz
>
>     > ----------------------------------------------------
>     > Alternatives:
>
>     > ----------------------------------------------------
>     > _______________________________________________
>     > Secdispatch mailing list
>     > Secdispatch@ietf.org
>     > https://www.ietf.org/mailman/listinfo/secdispatch
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch
>