[Spasm] Let's focus
Richard Barnes <rlb@ipv.sx> Thu, 26 May 2016 20:04 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C1812D5C2 for <spasm@ietfa.amsl.com>; Thu, 26 May 2016 13:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HD_fFaanKhid for <spasm@ietfa.amsl.com>; Thu, 26 May 2016 13:04:46 -0700 (PDT)
Received: from mail-vk0-x22f.google.com (mail-vk0-x22f.google.com [IPv6:2607:f8b0:400c:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B43912B069 for <spasm@ietf.org>; Thu, 26 May 2016 13:04:46 -0700 (PDT)
Received: by mail-vk0-x22f.google.com with SMTP id f66so117078590vkh.2 for <spasm@ietf.org>; Thu, 26 May 2016 13:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to; bh=Ofa/3vsGdYiDouofaOaDwYt4WvXuw/+KhQRVfpGoybM=; b=F3nCyvXWbid/MYkRYQX0RPc1e9O6b0auzgbbwTPA+WR9eLRrJz8PK/qezzACeUOc7a AqXZzCnRa1hUdW+3AgicWhozp3OrWIvPvgrb46tXc5hzKr4X6Bmx7PNNQVHjQjFgD2wC pvRKnqblfWEOrt4CTaykckJ4qUgcswn8tjedBPJkPT5MT6R3rtAnMOcu130/It8zfn3W mbxnlYAzVNmjnoDWeushlcWal9z0DEbC1CbkRnboEbmo5SRrukf7QxsNbsx2sZUF38oU gDm2/EjavGMFxYUcDF3+t0RwBFZvLx05gE7WB6BFqmJrCD9emA9X/x3+zGo9YXH98Yw0 pnZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=Ofa/3vsGdYiDouofaOaDwYt4WvXuw/+KhQRVfpGoybM=; b=JnIWzkkUyUlIA/Fh71rteetEK16gjPZu9RqiAh1UtIanpazlxUU/11DOJ98hla28TJ cU1i8xvwu0bAIgB+xCVwS7ybAryv+bxGPnZLsmPw4XXBcxTKEUv5RUduU5OWdjD5xnsw 3S0T2DMhpNKqj0/+SfGnaYrfU42Xs8q9IdH3DlfbhYYAhqEJMN9YfXmp3dLaIR148+gn TVB91PlXJRF5fIplwtCECMIkhh8R5kUJXPHa4p+QeDdoqnwl4xD+c+oguOhbIsgdVcZk RaQG99L7cCMYzCfqA8wYeMMiEno3J4SX2jXS96jGvPNeK43vB1sWKTSDNCsttELgfnPf 3t9A==
X-Gm-Message-State: ALyK8tKl2hLCNHbVFdwICOzEC/4vQDprsHA51pScf6fMnvgxKxQuQXMp8/W0UioM7OsKsqT5ZTebuJ3ZaQ0R8A==
MIME-Version: 1.0
X-Received: by 10.176.7.70 with SMTP id h64mr6447228uah.97.1464293085536; Thu, 26 May 2016 13:04:45 -0700 (PDT)
Received: by 10.31.48.71 with HTTP; Thu, 26 May 2016 13:04:45 -0700 (PDT)
Date: Thu, 26 May 2016 16:04:45 -0400
Message-ID: <CAL02cgSHWvmmhCqv1Dz8wfiGsOqOXWNi150suR-5xqt3F8ppcw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: spasm@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c12339a3608540533c44d14"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/3zZzKa2lcT3gGJOskVrnODPBgM0>
Subject: [Spasm] Let's focus
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 20:04:52 -0000
Hey all, I'm concerned that the proposed scope [1] for this WG is (1) too broad, and (2) inconsistent with the participation so far. The breadth concern is evident in the ambiguity of the name "Some?" This group should identify some concrete, practical problems in the Internet they need to solve, describe them, and demonstrate that they have the right set of stakeholders to develop, implement, and deploy a solution. I'm personally most concerned about the "fix the EKUs" milestone, at least as it's realized in [2]. From the perspective of someone who works a lot in the Web PKI, this sounds like a request for a feature that has negative value. The incremental value of the proposed feature would be to allow "everything but X" CAs. Recent experience in the Web PKI has driven home how harmful it can be to have divergent sets of RPs relying on the same PKI, so allowing CAs to be more unconstrained is moving in the wrong direction. I'm not dogmatic on this, but in order to be persuaded, I would need to see active interest from some real CAs, and from the logs of this list, I'm not seeing anyone who's a current participant in the Web PKI (apologies if I've failed to recognize someone). I'm also concerned about the "SRV for cert stores" milestone, though I admit I'm not as deep in this space. Looking at the proposed doc, it seems like the SRV adds any value over just looking stuff up at a well-known URI, e.g., adding a "x5c" attribute to a WebFinger resource. Anything that requires special DNS magic (and SRV counts) is going to face significant deployment barriers. So I would be happier if this were a "define a simple cert discovery mechanism for S/MIME" milestone, rather than being bound to a specific mechanism. Overall, it seems like this group should focus on moving the ball forward with regard to making S/MIME deployable in today's Internet -- fixing papercuts around AEAD, i18n, and cert discovery. The PKIX stuff is unrelated and addresses an entirely different constituency. --Richard [1] https://datatracker.ietf.org/doc/charter-ietf-spasm/ [2] https://tools.ietf.org/html/draft-housley-spasm-eku-constraints-01 [3] https://tools.ietf.org/html/draft-bhjl-x509-srv-00
- [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Wei Chuang
- Re: [Spasm] Let's focus Stephen Farrell
- Re: [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Stephen Farrell
- Re: [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Santosh Chokhani
- Re: [Spasm] Let's focus Richard Barnes