IETF Logo Mail Archive

Re: [lamps] CAA Semantics for S/MIME

Tim Hollebeek <tim.hollebeek@digicert.com> Wed, 23 May 2018 16:50 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EDC212E865 for <spasm@ietfa.amsl.com>; Wed, 23 May 2018 09:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.599, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqvkB79VpW0H for <spasm@ietfa.amsl.com>; Wed, 23 May 2018 09:50:49 -0700 (PDT)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515E712E05D for <spasm@ietf.org>; Wed, 23 May 2018 09:50:49 -0700 (PDT)
Received: from [216.82.251.38] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-15.bemta-12.messagelabs.com id FF/2A-23913-8EB950B5; Wed, 23 May 2018 16:50:48 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTe0hTcRTH97uP7VpOrtPyZBp1ISlrI3vQIqi IsAUSBRnkgrqrmxttU3ZXGEUJRQ+1MlOrZa6nmc4KW2XYy5WVc1jLWA97mfZSoyLC7EX3+luv f358ON9zzvf8Xgyp2auKZ4Qcp+Cw81ZOOYB6MNyr177eTxvHnXs7Xl/Z3aLS7/qwH+mLnh1A+ vLQMv2Pj6YZtOGC64nKcKf6M2E4erSPMOzu2EwaNtbXU/PoDNpiN2XlLKXNtS/XZhdvQTnnWp +qclHp+jwUwVBsAQk/T2fkoQGMhi0k4GzwBpIFDfsMwZGeuTIr2XEQunSTkDmWTYdTlYF+Jlk jnPSUqfIQw8SwWgjUcDhFB+ere2jMqVDde4vEXiNhZ3OPSmY1uxgeHSqise9hAj4d8fUnRbDz 4Uefn5IZsYOh1+8Je8XBo053PwMbC+3BZiXmQfC24yeN8xfDgU++cJyDQFsuhTkR7rrzEWYvA W2bJmDWwoeSElIeAtirCOpKd4UNkuF52WUa80r48jmowrwOmnZsDMeHQdX2dgoXXyLhYPl9Eg sJcN7bF+56VgnbGispfKTLobhKHk8WOhDca6ikC9EY1z/bc0kayboR1L57TLv6DyoamvZ1Ujg pA9yhZiXmZCip6QrHx0DFoW7SJd0DyY6GG63c/2GZp8Lerw3h0hFQnN+uwjwJuhs/ooNoYBUa JQqO1YJDO2GSzuSwZJqdNt5i1aakjNfZBFHkMwUrbxJ1y7JstUh6mRsUClSHXl0x+tAQhuAGq ZcW0kZNlClr+RozL5qXOFZZBdGHEhiGA3XAJWnRDiFTyFlhsUrP+7cMTCQXq36zT5LVYjZvEy 2ZWPKjKcx3b1EByfjeF0tri7xqKHuWXYiPUw+R+7FygXmV/U+73x/mLkqMj1EjhUKhicwWHDa L83+9C8UxiItR2+QukRa7849rlzQQIQ0UPE7KAzn5v1J8LkrYfCfqYiggPrw+0Z9+8UJSc2e0 qcyW2vvEox2bfixp9809jaGIJdnzBT9xu7xpqLtdM6pses2CuoIKfeui9DbjzCvbDGmLtjg9r pmHXzSsr1995sRg0hssvZbWMTtNjJq2tSq1VfmtQdeUOGvydEP0Qn1+S3lF28sRc0Z67Em5IR 9HiWY+JZl0iPwvg6n9JSsEAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-13.tower-163.messagelabs.com!1527094247!158051991!1
X-Originating-IP: [216.32.180.56]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 37161 invoked from network); 23 May 2018 16:50:47 -0000
Received: from mail-by2nam03lp0056.outbound.protection.outlook.com (HELO NAM03-BY2-obe.outbound.protection.outlook.com) (216.32.180.56) by server-13.tower-163.messagelabs.com with AES256-SHA256 encrypted SMTP; 23 May 2018 16:50:47 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=j8ZNm3W48Ub0KeiI8WFgEKbGA59DHzJPpWb5/LJVjN0=; b=KrP4VrsWDy4Al7eH731syPsv6fWZFU8ls4mVIBnpgCvVBitCzeJJTC3EZkywWTuOwacDLYuukgm/37fVtGa3p8mOJLXGAFs5ZMSB9Cv6efiwmnleAM2JcN8S2f8hZg/uptOjvYh/W4AWIKJSoZ9XTqt2O2MJE31eussweVKXbt8=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1268.namprd14.prod.outlook.com (10.173.162.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.797.11; Wed, 23 May 2018 16:50:46 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e%3]) with mapi id 15.20.0797.011; Wed, 23 May 2018 16:50:46 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>, Phillip Hallam-Baker <phill@hallambaker.com>
CC: SPASM <spasm@ietf.org>, Eric Rescorla <ekr@rtfm.com>, Wayne Thayer <wthayer@gmail.com>
Thread-Topic: [lamps] CAA Semantics for S/MIME
Thread-Index: AQHT7LFMDXXTmEgBBkmQhc7Ojkm90qQ1xoiAgAChw4CAAAsBAIAHH63Q
Date: Wed, 23 May 2018 16:50:45 +0000
Message-ID: <BN6PR14MB1106F6479B32DA5F272CD881836B0@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <CAPh8bk-dtfqcf35m=Jwyv7Mm2mrFXe8xgiEKfvj7_W8PB-=+_A@mail.gmail.com> <CABcZeBPY__PZ=jeS6xjzhPZLhn3bf6Nkh=2oLTiNpSxTL5kEQQ@mail.gmail.com> <CAMm+Lwgxm5AsjGUDGoanwSrKvBCabEqs6rDEiBA7UFbmiA4w5w@mail.gmail.com> <CAErg=HEGomBCEaqEtqmc6E0XBiBR29DNwkhADJY+FcneFLjP9g@mail.gmail.com>
In-Reply-To: <CAErg=HEGomBCEaqEtqmc6E0XBiBR29DNwkhADJY+FcneFLjP9g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [173.71.184.143]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1268; 7:JP80JfsK5TiSg/XpIEOmw0SbvpqkhcaB8MSTDELlLaQVF3cohHQ+lwKSDuiWERXkHJRF2DOQMZY7DYQPoHbV3aVAmUmIvbD9SdAlgYhluSgjG5fDa1O0A8wJy7FvbGTletZ2MsO9Ee8UDvtKH1f/r7tKyxrletbiwFQ6B8/ZY1OFMmvuOXxXj4wMBTjbo751m167xL3FLjQUbYEdNo6rKwzm+tulAtvPIbPrhrzrzZl7v44hoSvcY9O3DA2R46L+
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1268;
x-ms-traffictypediagnostic: BN6PR14MB1268:
x-microsoft-antispam-prvs: <BN6PR14MB1268B303069ECD26CBFF4918836B0@BN6PR14MB1268.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(228788266533470)(85827821059158)(211936372134217)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231254)(944501410)(52105095)(93006095)(93001095)(149027)(150027)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:BN6PR14MB1268; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1268;
x-forefront-prvs: 06818431B9
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(376002)(39380400002)(39860400002)(346002)(199004)(189003)(97736004)(236005)(3280700002)(9686003)(6306002)(54896002)(2906002)(55016002)(6246003)(3660700001)(446003)(86362001)(8936002)(81156014)(478600001)(81166006)(5250100002)(966005)(25786009)(229853002)(74316002)(6436002)(186003)(68736007)(99936001)(26005)(486006)(106356001)(5660300001)(53546011)(606006)(59450400001)(44832011)(33656002)(6506007)(8676002)(14454004)(790700001)(6116002)(3846002)(11346002)(99286004)(476003)(316002)(7736002)(4326008)(110136005)(66066001)(54906003)(2900100001)(53936002)(93886005)(76176011)(102836004)(105586002)(7696005)(39060400002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1268; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: AjbeWvu1JOTgwRwcU/D45o2oIb8acZ5Fjg6WbggqnR0RnbnBNo7ypnEEwndg3bKN1y0aTb8sSQrI1Ohr+2EQqBtixSlEFipOm53gGqsPUuPF22xCb0wF7whlskLR3whQNEvEc06kU+mAiDyho/+F6uG333yW4CEx9DTTVikhzvWjGpPqiph/FSFRXESF1w69
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0195_01D3F295.3220B6D0"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 1b1b0d58-8bfe-42ef-0d5d-08d5c0cd5480
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1b1b0d58-8bfe-42ef-0d5d-08d5c0cd5480
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2018 16:50:45.9908 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1268
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/BwgtycScuF1X6WjOuZZrLTKyEjQ>
Subject: Re: [lamps] CAA Semantics for S/MIME
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 16:50:52 -0000

(chair hat off)

 

The charter issue seems to me like a simple enough issue that we should be able to resolve it here on the list.  I was actually the one who suggested it should be handled in 6844bis over on m.d.s-p, and was surprised when Wayne correctly pointed out it is out of scope.  I think we should take this opportunity to fix the charter to include it.  This seems like the most appropriate forum for that work.  It doesn’t smell like a CABF thing.  Though coordination would be useful so we produce something they can easily consume.

 

-Tim

 

From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Ryan Sleevi
Sent: Saturday, May 19, 2018 12:03 AM
To: Phillip Hallam-Baker <phill@hallambaker.com>
Cc: SPASM <spasm@ietf.org>; Eric Rescorla <ekr@rtfm.com>; Wayne Thayer <wthayer@gmail.com>
Subject: Re: [lamps] CAA Semantics for S/MIME

 

Seems like it would be better discussed in a place with open access and participation? To avoid capture by CAs by having a diverse set of views represented?

 

On Fri, May 18, 2018 at 11:24 PM Phillip Hallam-Baker <phill@hallambaker.com <mailto:phill@hallambaker.com> > wrote:

Perhaps we could have a side discussion about this at the London CABForum meeting if folk are there.

 

 

 

On Fri, May 18, 2018 at 1:45 PM, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com> > wrote:

I agree that this is out of the proposed charter. If the WG wants to add it as a charter item now, that seems fine.

 

-Ekr

 

 

On Tue, May 15, 2018 at 6:00 PM, Wayne Thayer <wthayer@gmail.com <mailto:wthayer@gmail.com> > wrote:

There is a vigorous discussion about CAA and S/MIME certificates happening over on the mozilla.dev.security.policy list [1]. It has been proposed that this issue could be addressed as part of rfc6844bis, but I'm reading the LAMPS recharter as being too narrow in scope to permit this. Does this work need to be deferred to a future LAMPS recharter?

- Wayne


[1] https://groups.google.com/d/msg/mozilla.dev.security.policy/NIc2Nwa9Msg/RGx4A5HBBAAJ

 

_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://www.ietf.org/mailman/listinfo/spasm

 


_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://www.ietf.org/mailman/listinfo/spasm

 

_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email