Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02

Carl Wallace <carl@redhoundsoftware.com> Wed, 11 January 2023 18:37 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 192D2C1345E5 for <spasm@ietfa.amsl.com>; Wed, 11 Jan 2023 10:37:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFmgF0qeXrqU for <spasm@ietfa.amsl.com>; Wed, 11 Jan 2023 10:37:25 -0800 (PST)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F33A9C13A04F for <spasm@ietf.org>; Wed, 11 Jan 2023 10:37:24 -0800 (PST)
Received: by mail-vs1-xe2c.google.com with SMTP id a64so16666725vsc.2 for <spasm@ietf.org>; Wed, 11 Jan 2023 10:37:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=content-transfer-encoding:mime-version:in-reply-to:references :thread-topic:message-id:to:from:subject:date:user-agent:from:to:cc :subject:date:message-id:reply-to; bh=Kx5mhlFEHGYULpvUHM/9TyunnwqvWI2b/KC+gIMPHoE=; b=XQ56cbacNIxIgq+Wqu1QSIoFaQv2cv8n9kp6QiL4enBitO51HYMUddKWHOgCpBa9Xx d0yhiKWEVq229cv5CsuHH20e/AmwoTK1piqKWsYXYIviMSUVaAG2LRZsDQWTrz0pXJlC ttguLLiB1jE3NbZQ1z7dqVQ/SHegTLPBq+A7A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:in-reply-to:references :thread-topic:message-id:to:from:subject:date:user-agent :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Kx5mhlFEHGYULpvUHM/9TyunnwqvWI2b/KC+gIMPHoE=; b=XzjpzJHqZ8knB07ISo8ZTWjPR8EpEbVQGUev1HqGY96XbfuRi0TQAizrNPZmvJ+aKU 50LK5/cqKDvp/ejDqP8rlQG6l304P1Umv+dXD27QpT5SFhe/6dNG7VGMFyZy8hDunLym 04OV9lk827wkRZkxN2OFqKn43NxmiWgIGiYyHIkRSXgDHe5DRjDM2s4g17aZAAcMDFnP Ho24GFBdpTdNXBxcyVum3RpNdqAhdS3wayd/vy0t7B/44hUGy8ZRdFD0KkgXk36dqSrh ovPhqNZeFS0moSJJtT815pa1nKEbpRazw/UTBeC+CZUzWiRC7ufVTWAW0CSFLMnuNorp TUAw==
X-Gm-Message-State: AFqh2kp2ZrapgtxZ9B8z/e0fnyY2DWkXjMIdHI9gCLmJ/oNNZoy6XmNd KkvQ5KFdPIe1nyBjWDtt1ZaodjqsZ0Zp32u62J8=
X-Google-Smtp-Source: AMrXdXvsG8BYMUJucNFBmbl53KB9KyixKGgDtYpjtXkiKulG6A1L2iRIJZnimLFRe6M2U7VYUY+itg==
X-Received: by 2002:a05:6102:559a:b0:3cd:f167:24e5 with SMTP id dc26-20020a056102559a00b003cdf16724e5mr3189052vsb.15.1673462243935; Wed, 11 Jan 2023 10:37:23 -0800 (PST)
Received: from [192.168.2.16] (pool-74-96-253-253.washdc.fios.verizon.net. [74.96.253.253]) by smtp.gmail.com with ESMTPSA id m8-20020a05620a290800b006fb8239db65sm9481920qkp.43.2023.01.11.10.37.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jan 2023 10:37:23 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.69.23010700
Date: Wed, 11 Jan 2023 13:37:23 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Santosh Chokhani <santosh.chokhani@gmail.com>, 'LAMPS' <spasm@ietf.org>
Message-ID: <13F9CFC3-48F8-4E0D-8502-0CC34F389593@redhoundsoftware.com>
Thread-Topic: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com> <CY8PR14MB6123610E43DD6548A753DBADEAFC9@CY8PR14MB6123.namprd14.prod.outlook.com> <017501d925ea$77640980$662c1c80$@gmail.com>
In-Reply-To: <017501d925ea$77640980$662c1c80$@gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/3OQwx8tUyWatdfoK1hiTBXo8aSQ>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 18:37:29 -0000

FWIW, I was not addressing global uniqueness (that was discussed a fair bit during previous discussion of this draft and is a different can of worms). I was noting lack of uniqueness for a given person, possibly even within the same organization. 

On 1/11/23, 1:28 PM, "Spasm on behalf of Santosh Chokhani" <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> on behalf of santosh.chokhani@gmail.com <mailto:santosh.chokhani@gmail.com>> wrote:


I am not a fan of what us being proposed, but I support adoption.


To answer Carl, I have heard from various folks in various WGs that names are NOT globally unique. In light of that, having the extension is a good thing.


The proposal is a solution during the transition period. 


The reason I am lukewarm on it is that it brings in two or more path development and validation into play as opposed to single certificate (hybrid or composite).


-----Original Message-----
From: Spasm [mailto:spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>] On Behalf Of Tomofumi Okubo
Sent: Wednesday, January 11, 2023 12:52 PM
To: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>; LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02


I believe there are use cases for this model and I support the adoption of this draft.
Thanks and best regards,
Tomofumi


-----Original Message-----
From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> On Behalf Of Russ Housley
Sent: Thursday, January 5, 2023 3:02 PM
To: LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>
Subject: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02


Do the changes that were made in -02 of the Internet-Draft resolve the concerns that were previously raised?


On behalf of the LAMPS WG Chairs,
Russ




> On Sep 15, 2022, at 11:44 AM, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> 
> There has been some discussion of https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/. During <https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/.&nbsp;&nbsp;During> the discussion at IETF 114, we agree to have a call for adoption of this document.
> 
> Should the LAMPS WG adopt “Related Certificates for Use in Multiple Authentications within a Protocol” indraft-becker-guthrie-cert-binding-for-multi-auth-01?
> 
> Please reply to this message by Friday, 30 September 2022 to voice your support or opposition to adoption.
> 
> On behalf of the LAMPS WG Chairs,
> Russ
> 


_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>
_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>


_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm <https://www.ietf.org/mailman/listinfo/spasm>