IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

Carl Wallace <carl@redhoundsoftware.com> Thu, 29 July 2021 21:27 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 937D13A088D for <spasm@ietfa.amsl.com>; Thu, 29 Jul 2021 14:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RseHs0FwouYk for <spasm@ietfa.amsl.com>; Thu, 29 Jul 2021 14:27:18 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 935543A087D for <spasm@ietf.org>; Thu, 29 Jul 2021 14:27:18 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id h10so4982665qth.5 for <spasm@ietf.org>; Thu, 29 Jul 2021 14:27:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=AiMvm8piHX+QQOIzff/vK+6TcRrXJOO428vGvvr01fM=; b=H4Tdrzo0oSQo3dREH2m/y4nxd9bilRFzPnQXisO5tjlBtyfx00QhfI1jrsgr1L3Jz0 jgZjf7R3DC22pMCaOnrs+9+Swx50oIkqdI9htsEwdJ5le5l+2Is/VQ7xOecf9FF9nou6 OWLFNycv7SdZcTNM0kT8FftOGC6AOVDQkt7zg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=AiMvm8piHX+QQOIzff/vK+6TcRrXJOO428vGvvr01fM=; b=Q0eNYL4w0yirwVI5yQW2W4/odPp648cbQElnaxnKGtWpmpaPkOHR3jNK0MUNSasG2w ngHS4SLNLrju1VOLFp4SkHAbKkqDLbxIjp4ys/kMe550lW+AlxeGS69B4Nc1EaOn6L1l 8dJIJ8hg+zfhyKkuNXUbxHJUQRaIvq7cGbc1Q4I6enTZaXLwAcTWz7UX68HQE6b0ccjI FKFN3eQ9appOGIpUx/ClJLeYZ/fOUj88zL4VxFvq6HAPGfnbIw/pdYOJYaoW0JvxOFgC v0S17ucMxKXKqPvs/n4UNdzCzvSbU2eATpak9wxci79CMEcZDe8oMmVBWo6S53Fm5ThO eW4g==
X-Gm-Message-State: AOAM532Mp6+ZqSH1lAaDcHTcvoDsO6KXJiwaS7FI9D14UgkgYhQmadAc fa+XAsCZzajq/5qRqX2IA5CvYw==
X-Google-Smtp-Source: ABdhPJxmhjkXO7kRMNEj6mUUT/+LVbI4LKv50Gi7V0wwiMGVcE0tIydEUODdSdj3usiDR5a+owZXxw==
X-Received: by 2002:a05:622a:608:: with SMTP id z8mr5976534qta.358.1627594036974; Thu, 29 Jul 2021 14:27:16 -0700 (PDT)
Received: from smtpclient.apple (pool-173-73-191-214.washdc.fios.verizon.net. [173.73.191.214]) by smtp.gmail.com with ESMTPSA id j24sm1774146qtr.52.2021.07.29.14.27.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Jul 2021 14:27:16 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail-D16A7C1C-FA92-4150-85E9-74606FFB1047"; protocol="application/pkcs7-signature"; micalg="sha-256"
Content-Transfer-Encoding: 7bit
From: Carl Wallace <carl@redhoundsoftware.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 29 Jul 2021 17:27:15 -0400
Message-Id: <CC5594C7-5338-40FE-8366-7CC7A994F8B7@redhoundsoftware.com>
References: <CAErg=HFqfek5titw0R_yp2aZBZJQiWXVhRWc1g9O+bst_2tkyA@mail.gmail.com>
Cc: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, LAMPS WG <spasm@ietf.org>, "Cooley, Dorothy E" <decoole@nsa.gov>, Deb Cooley <debcooley1@gmail.com>
In-Reply-To: <CAErg=HFqfek5titw0R_yp2aZBZJQiWXVhRWc1g9O+bst_2tkyA@mail.gmail.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
X-Mailer: iPhone Mail (18F72)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/0WW_nQYlhDROoVdqkq4eXjalWl4>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 21:27:31 -0000

Sure but given cert lifetime management is relatively tight now and the implementations you likely care about more easily updated, EKU2 could be written to match reality and be deployed without glacial delay. You’d just need a new OID and some processing language. 

> On Jul 29, 2021, at 5:04 PM, Ryan Sleevi <ryan-ietf@sleevi.com> wrote:
> 
> 
> 
> 
>> On Thu, Jul 29, 2021 at 4:27 PM Carl Wallace <carl@redhoundsoftware.com> wrote:
>> [CW] Then write *that* spec so that we cut out the folklore stuff and all work from the same sheet of music. It’s not abstract spec “purism”, it’s what the spec says. Make it say something different.
>> 
> 
> Check the footnotes in https://mailarchive.ietf.org/arch/msg/spasm/bV34V37xxxuHhbR85qR1NG47gq0/ to see how well that's been received in LAMPS/PKIX previously.
> 
> The resistance to updating the spec to match widely-deployed reality is real, unfortunately, but that doesn't change what implementations have been doing for the past 25 years and will continue to do.

v2.23.0 | Report a Bug | By Email