Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 30 July 2021 16:40 UTC

From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] Call for adoption for draft-ito-documentsigning-eku
Thread-Index: AQHXgmuKk2sKcjNKq0GeFl8+0k2LC6tY5gWAgAK2AYD//99ggA==
Date: Fri, 30 Jul 2021 16:40:47 +0000
Message-ID: <2F429632-ABDF-4A93-9EE2-3764519C272B@ll.mit.edu>
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <19561F5C-1EED-4D7E-81EB-210A2B47556C@vigilsec.com> <E1B3DCF1-DE9C-4FD9-AD2C-F86D5B0C374A@akamai.com>
In-Reply-To: <E1B3DCF1-DE9C-4FD9-AD2C-F86D5B0C374A@akamai.com>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/16.50.21061301
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3710493647_468974833"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3dd824c2-0401-467b-0dd0-08d95378c8c6
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2021 16:40:47.8270 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN5P110MB0701
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_11:2021-07-30, 2021-07-30 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2103310000 definitions=main-2107300111
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/A5crp7p3IzVvvR6v8mrOwFVY-Kk>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 16:40:58 -0000

> This is tougher than I thought.

It does seem tough enough.

> Ryan has more in-the-trenches experience with these things than most,
> and perhaps more than most of us combined. 

I wouldn't bet on it. ;-)

> On the other hand, defining an EKU is pretty small potatoes, and there's likely not to be much cost
> to the s/w stacks because they already have to make the cert, ku, eku available to the application anyway. 

This is where one disconnect is. 

Merely *defining* an EKU is cheap. The cost to the s/w stacks is negligible, as far as I'm concerned.

The real cost is in the certificate management. 

And [in]ability of principals to carry multiple certs. E.g., think of how many Signature certs PIV or CAC token can have.

> On the third hand, the idea of CABforum starting to address email worries me -- will membership
> open up to allow email app providers? I guess that's really not our concern.

It may well become one.

> So I support changing the charter and adopting this.

I do not know. I don't support it, but I'm not violently opposing it.

Attachment: smime.p7s

[lamps] Call for adoption for draft-ito-documents… Russ Housley
Re: [lamps] Call for adoption for draft-ito-docum… Salz, Rich
Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Tomofumi Okubo
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Tomofumi Okubo
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
Re: [lamps] Call for adoption for draft-ito-docum… Santosh Chokhani
Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
Re: [lamps] Call for adoption for draft-ito-docum… Salz, Rich
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
Re: [lamps] [EXTERNAL] Call for adoption for draf… Mike Ounsworth
Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
Re: [lamps] Call for adoption for draft-ito-docum… Daniel Kahn Gillmor
Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
Re: [lamps] [EXTERNAL] Re: Call for adoption for … Russ Housley
Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
[lamps] Call for adoption for draft-ito-documents… Russ Housley
Re: [lamps] Call for adoption for draft-ito-docum… Yoshiro YONEYA
Re: [lamps] Call for adoption for draft-ito-docum… Corey Bonnell
Re: [lamps] Call for adoption for draft-ito-docum… Brown, Wendy (10421)
Re: [lamps] Call for adoption for draft-ito-docum… Stefan Santesson
Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

Attachment: smime.p7s