[lamps] New version of draft-becker-guthrie-cert-binding-for-multi-auth
"aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov> Thu, 05 January 2023 19:41 UTC
Return-Path: <aebecke@uwe.nsa.gov>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88529C1524A2 for <spasm@ietfa.amsl.com>; Thu, 5 Jan 2023 11:41:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.758
X-Spam-Level:
X-Spam-Status: No, score=-2.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_GOV_DKIM_AU=-0.759, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uwe.nsa.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xcFRsWeXL9q8 for <spasm@ietfa.amsl.com>; Thu, 5 Jan 2023 11:41:53 -0800 (PST)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on2055.outbound.protection.outlook.com [40.107.91.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B3CAC1522D9 for <spasm@ietf.org>; Thu, 5 Jan 2023 11:41:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lrltgxuerfT+i3BnhKKGI+mqjiQZeGPvPvYrBP4ugvt7wFxdlf4JkVvCJc/bL418fAoDXao7/8TOCgqAXdlr4r9vHQ99trXKMyLEqWk3/HL4x3oRsxNpOj6dlpceW/S/5ZoLWKL+0O0HZFUmE/IWb8Rvn+7xHyjYcYoveCGavM3BXoERrNsnHm/w+6Fl1KFO2FRrbZMfbtZxpKNmIEWXVhwX2LpSwo7z2xaYSxhc3oxozCli2Nc/Pk+XUQ3vDWfkX3V9wSVxxJDZeSGlcJEUDTbHzyeFEv9lmkCW9Wo+j5VAtYrOgBJqu80B7i+FPiqtFZG1aDC0ApZWWbR/fpmryQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=REnCwANUz1ufnkMsm1cGwKjxFpbhXxRtk48MurY9Q2A=; b=HTSCmOPou5xZnuJoD8Gm8V00D8aLJhbRLzom8QsnNBMwcKgDrNVmiQvUx7LnmEiz8xJ0jd1qopk75p9fYB44WqHlCZfT20auhfnZstwbD1EYZd9E/NJLRRGMCKZdtTYvpN+fmXcvyn3P/VA/oqKTZigryEYVZBQpUhjzD67M7kC25v57819XfqELSZI3ZevajDadsZ0tBuRoWWqv8UosMqt4R3fHHWoNnZMVDz+pI8XLHY7up8APu5X4HkERhtWvQMrYQfMvbUQu514GrchON5CRQICpSIqab4u7qJgE7ctnBvgUcalf3HMjfgYc4YAhYQdSF9JxcpKocIa2sKWkfA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uwe.nsa.gov; dmarc=pass action=none header.from=uwe.nsa.gov; dkim=pass header.d=uwe.nsa.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwe.nsa.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=REnCwANUz1ufnkMsm1cGwKjxFpbhXxRtk48MurY9Q2A=; b=gMp5JToQlYwvH/2KxUqyVv0np+ycpCEsfk5h8l5bhPFpGHhDpuG/FohM4CgjQ3oie91vryyYB2+hi5drce4avJ8bXf2HgOLLUR5p/jqxiz04XwcQzsFbSUapO6T65EiMdHMTnD5/7+TiVQ7zQEGoKNxlIe0IxPdDgN7G/56rfZgzg6OAr9ksZe53RFVHgTO0afLD4RjAk3E+XE3dDOgYGonaQDk/TY1QGfEi/rN2O1LDECxMWC/RA5pbz/Nmsax3bK3ziri8v34VALwa69oIgSPTtm6GesOcVuBb/WBwYWkwE/jEYl0Cd6YRk7RpKXFipCMLhu4FzJKJuHF73OsGxQ==
Received: from SA0PR09MB7241.namprd09.prod.outlook.com (2603:10b6:806:7a::24) by MN2PR09MB5660.namprd09.prod.outlook.com (2603:10b6:208:213::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Thu, 5 Jan 2023 19:41:49 +0000
Received: from SA0PR09MB7241.namprd09.prod.outlook.com ([fe80::971b:6838:1a6f:1f16]) by SA0PR09MB7241.namprd09.prod.outlook.com ([fe80::971b:6838:1a6f:1f16%4]) with mapi id 15.20.5944.019; Thu, 5 Jan 2023 19:41:48 +0000
From: "aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov>
To: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: New version of draft-becker-guthrie-cert-binding-for-multi-auth
Thread-Index: AQHZIS4g6ZReXWC2W02KYNxcPbszUg==
Date: Thu, 05 Jan 2023 19:41:48 +0000
Message-ID: <SA0PR09MB7241FC5F8D0D90B334BD98B3F1FA9@SA0PR09MB7241.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uwe.nsa.gov;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA0PR09MB7241:EE_|MN2PR09MB5660:EE_
x-ms-office365-filtering-correlation-id: 4ec26864-b3fc-438f-fd6e-08daef54e2c5
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: K8BPmB9bwt59KHW0aFj7bbq1RsUQjJlKJsAzzdFcbhhy+cEB847oX14hpIfjfCDiUkv/fiF9LdKpvl3Dvk3LBrAy6toU+7PrQecYhc3lSBTmXU27UKf3SNRN29bEaXgzyD0CWzT+kRIL2RbsJl93rusGBuiCr9xnV0cli/PDOK7U1vanKI2pnfNEMjseDdk3dFgG5K6ODqWN+EwMAe8fEzzJPXF+L3hmkZi2TsKdGceAO4JUVyWFZwfe03w6uc2BC+7JIayc7D+f0CuwRULdeav7PYjNugwj3c0eNJlwnA4fEHgR9wrX1e+agLf4/j+RJi3yi9PzDyp5hWCZZyp8QuiXGnevaR5IYCZgbmag5MwGj5967Dl6VZ0ZVng0atirkxteby7lHVoiN6h/qs4d/HrJcY/i7qFveBGtsaSNyA2FQTe3ghWzEHOaTlENm7owI2WUN0JtZeJ4f5AuaoFpLsGUNn1mWtN094BrQ+/GNXov6rtci8NwGzepqq2oi/QQ/LkpD5higsSIIdao3JAqQZqa6LWS8kt3XkzMjjv2aVA+ZSGc+Mq79y/HjIjoeUDCjEjZ+90+qE0yHDQOWpvBX8Go5ComRBtgbCqg71BgxxIoTvYUFTuybVPQ65ryuSvnRUDEHAoj0FBxfrn38qQapvRtoG86cbm/6mCmyCqbzpLVXTwm8lKh8fQyHzxw9CruXFJqAImmXlXEqTzWDSdBSQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA0PR09MB7241.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(396003)(136003)(39830400003)(451199015)(186003)(9686003)(82960400001)(38070700005)(41320700001)(38100700002)(122000001)(86362001)(55016003)(83380400001)(4744005)(19627405001)(41300700001)(91956017)(52536014)(8936002)(64756008)(8676002)(5660300002)(66556008)(66446008)(66946007)(66476007)(76116006)(508600001)(6506007)(66899015)(6916009)(7696005)(2906002)(71200400001)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: g/EEGLSZTpINf/Nl+t8kjd29tpg+TAFlDbl3XKRJAtStoOBEh4U7RkhCBr1bJ6GVRYKvNWUzy7L/4JrxYJ4UgcCI+IuO2HLU8BgpCOnCKFtE83tarDlmkwZqBn9yiqbIriPL2QCi2PBq3j+AYkhdV+XV7GKez3TFhuIsPdHS1BHTnUPnJ7BEtZvRzwS0O5oVmr9iIBOwuAnAIqLWxRMvNeyuPje/R5JfFkLrpQU8kFmcdqy+2pWFC0AW8WDzcZgxZ1s0RomlTdQSoyLGfzd+Rm1XstK/U2UFirkDRWcojQChY4VJrTQIRyCVrWlxSO/lTrSyk1/M02GIZtRbc0VFjeOmiwz9Dy2w6sXAKkOKIhtp32Xw61ZH+z9R+8c27oCYKJKuPFebgR4E4m2csvg5CUZslpxp4dVE8muXAatvjPgiHYhmCk/OcFkx2jN66W69SLvZ/7KxUCRrsNjiSwOie5lGuwNvdb7yHk8P7d8V7lAIJMtZWzjuLq6Ff0CSU6h0rXB8ZeH8M3bz+qiZPrli7mJbcyvnkNkWl55PquzgMUsogxSKrO9FRYJ8k0wY6r2SK2MwcynVZG1zglMS5DYdmcVprI0GAbQ+heGU6lMswhal4U/V8i7yfamu1n0DVhFE6Jgij/ma4sSrhCKKdh78wzUC4RN1ky4gis9LLVKnQGhYmoYdtl3V90iTHaLTICvs0T0Qg6jwsEyBuPh+sg0Ds3eJYGEnb0vOwgigs74twsnBAtaOD3ozLmr0x4Ehuj+r/tFvnrSi3SPgaz21fBb6hRJXhCBnaTywo0njYyxraoPIO3ifVtylpYGuJFYy5GPUMdFxLdpBDdRQ0/aRhk4KYUEjYx22KWEgJKqgYIBrUmd8c5PJR3GcAVQUcHgEBO8acdZFO+UAdQVGoVGpV0cPqzt/NZvN70p7boowUzexuTIA20/utwWfwx2VzSOtp/I0PMgS1hV1fQleegDT4dg/u7DrSm773hVuB77P6il2X5ZCB0FU3MCbUhta/T3VvqQiV1Op+2nGx1DkNSOa7G9Xj/9EawLG6CSpkSbQIY1d3EGXXikvKIyeJ4/LUPDAgdq5evjX3jGwGmlhEEJf2WdZeNOs/nm5n8LAwj69rJVczx5Jih8JhpmLJR4lI7IjdNeR1SlHam9/ZeEH//+CXxdAPM3q05v/h/v/3zMLC1vNDzEQ3/o7TsInDw81b6MHFNubgLqat16Jiu1mELtQAjR9SHkIxepg7ibx7bytVuQLcxRufca5GRY+YbkDIINGS8qM+jG1+ZH9rEM6k+bY6gexYvwYpQ1O1rFeF+LBz1mnStHWYz1FdjamNsuPWS+8Kj+0PM52AYiLHOVaHyKOdeFEspWX6cKk2gpB1WtbXiZm/8U5lwu4tXRT69qrNGpboVzmd5k8+AcvhlQ6vMY+6bQqZQxwp5MBU9dx9WOTFwRcGHzQLxoalIlnvKLIhyd/6viI3ssWD6MikhNOvuu4ybl0ZyQXltaoMOimjSX8Mw/5RFcEmYgSwhMPfz0YSKrQkyyZ6LzR7kpVl1p4hyDBAzzZvGHhGgalZ6DV4E4bWqVgq6nw6ubyjk0VNAgg966yBirZEuQJO/yJZSjs4bHmNwihbTe8ATkRRPuuY/7God+xv8DNrc5AgaBC3zjXFfhbUeG7
Content-Type: multipart/alternative; boundary="_000_SA0PR09MB7241FC5F8D0D90B334BD98B3F1FA9SA0PR09MB7241namp_"
MIME-Version: 1.0
X-OriginatorOrg: uwe.nsa.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA0PR09MB7241.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4ec26864-b3fc-438f-fd6e-08daef54e2c5
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2023 19:41:48.6639 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d61e9a6f-fc16-4f84-8a3e-6eeff33e136b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR09MB5660
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/EYL6AmDEapb1cIU2pCPziIlXuBI>
Subject: [lamps] New version of draft-becker-guthrie-cert-binding-for-multi-auth
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 19:41:57 -0000
Hello all! We have posted an updated version of our work; the latest revision is draft-becker-guthrie-cert-binding-for-multi-auth-02. The updates address the comments brought up at IETF 115 related to using the attribute/extension when multiple CA organizations are involved, and thus managing CA exposure and issuance policy alignment in this scenario. As always, comments are welcome, and we look forward to productive discussion. Cheers, Alie, Rebecca, Mike ---- Alison Becker, PhD National Security Agency Center for Cybersecurity Standards (CCSS)
- [lamps] New version of draft-becker-guthrie-cert-… aebecke@uwe.nsa.gov