Re: [lamps] Proposed recharter text
Ryan Sleevi <ryan-ietf@sleevi.com> Mon, 15 February 2021 22:43 UTC
Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03A993A1283 for <spasm@ietfa.amsl.com>; Mon, 15 Feb 2021 14:43:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.503
X-Spam-Level:
X-Spam-Status: No, score=0.503 tagged_above=-999 required=5 tests=[FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eZMhD8E5mWRd for <spasm@ietfa.amsl.com>; Mon, 15 Feb 2021 14:43:33 -0800 (PST)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714123A13BE for <spasm@ietf.org>; Mon, 15 Feb 2021 14:43:18 -0800 (PST)
Received: by mail-pj1-f42.google.com with SMTP id d2so4738854pjs.4 for <spasm@ietf.org>; Mon, 15 Feb 2021 14:43:18 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6xltiyPeTcFAy/zapzxloVyJe/YmNzZrqqh+NMMPHdI=; b=KG19eSfNj4TIO/9UsgnJLP1HyCTDPKlGikb9FNJNFgwmygh4DxZZoUepnzILVQAnJR PI8H1+OK+3hLaQmxoQyCKtn9F+wvYfbls6V+c4fcY271UbrAK2iOet3VL0h/wj3QdSIG dDOF8kP3rgpc280cyzPyCAt+VOIdeVbLbxC8GKcrsEpgS7J+QWcxKZcDgT23UcfNRbcF 4MgIMwFwV5Eq1PdP5oBD0jXFxGVH3tYU4eXUbmKa/Z8OjizcswF4uBfbPljXrWLsraup XI6/sAJLYcs7eQhDYo8RXZbzfDU7WLFg/CQvkzUGxTD3F8o7NgRIaP+VqZDqaztql+Lc prXQ==
X-Gm-Message-State: AOAM531zBFr7LFh+AHAUxt3CUG47RnlK3CjgXH+mIDX9IiBivHjMGJOD uDd78tWPaHoLRRAydUD7NnB6mo1rPkw=
X-Google-Smtp-Source: ABdhPJyQ5VxySQ3fSDGBCR9/o3KL3PwPtRyiEeIt1LgdhCFT2qsZrQws2U6qKRlryaV9yfwTj/PX7A==
X-Received: by 2002:a17:902:854c:b029:e3:1a18:6fa with SMTP id d12-20020a170902854cb02900e31a1806famr16933952plo.70.1613428997609; Mon, 15 Feb 2021 14:43:17 -0800 (PST)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com. [209.85.216.46]) by smtp.gmail.com with ESMTPSA id s1sm18746017pfe.151.2021.02.15.14.43.17 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Feb 2021 14:43:17 -0800 (PST)
Received: by mail-pj1-f46.google.com with SMTP id q72so4533045pjq.2 for <spasm@ietf.org>; Mon, 15 Feb 2021 14:43:17 -0800 (PST)
X-Received: by 2002:a17:90a:ee8a:: with SMTP id i10mr969621pjz.103.1613428997283; Mon, 15 Feb 2021 14:43:17 -0800 (PST)
MIME-Version: 1.0
References: <CAFTXyYAD00RPhokSAWmyVom=yGCeSBwfzk4moXbvtJ_GdBvOHQ@mail.gmail.com>
In-Reply-To: <CAFTXyYAD00RPhokSAWmyVom=yGCeSBwfzk4moXbvtJ_GdBvOHQ@mail.gmail.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Mon, 15 Feb 2021 17:25:36 -0500
X-Gmail-Original-Message-ID: <CAErg=HFVqTNjKbNHQ4kD3UWY9pBmYsHa=qokgKLdoHKAF6bSEw@mail.gmail.com>
Message-ID: <CAErg=HFVqTNjKbNHQ4kD3UWY9pBmYsHa=qokgKLdoHKAF6bSEw@mail.gmail.com>
To: Tadahiko Ito <tadahiko.ito.public@gmail.com>
Cc: SPASM <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000040e68405bb67b6e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GWLzSFPfWzFFWgcRhe-lcnWTKEY>
Subject: Re: [lamps] Proposed recharter text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2021 22:43:35 -0000
On Mon, Feb 15, 2021 at 2:41 PM Tadahiko Ito <tadahiko.ito.public@gmail.com> wrote: > Hi Ryan > > As far as can I see, RFC5280 is based on the directory system which seems > to be a general and ideal concept. As a result, 5280 seems to have become a > general and ideal "profile" for certificates. Since 5280 is general and > ideal (and too heavy), the actual implementations of PKI became a subset of > RFC5280. > > I'm wondering if we can create some sort of a new Best Practice document > which assumes more specific use cases (e.g. webPKI, PKI with trust list and > without bridge, etc.) while making RFC5280 as an IS, which would fill in > the gaps. > > (I am not sure if other forks will agree on such a document but ) doesn't > it solve your concern? > I think, in the context of an Internet Standard, that approach wouldn’t work unless we had sub-profiles that exercised all the bits that the (other) sub-profiles excised. Otherwise, we’re still leaving unimplemented dead weight in. Don’t get me wrong, I think there is potential value in working to reflect the rough consensus and running code, given the now three decades of X.509 experience, but my concern was and remains that the proposed charter language doesn’t provide any guidance or prioritization on how to resolve the questions necessary to advance to an Internet Standard, which we know have been contentious and uninteroperbale. We can: A) accept it as-is, but lack an objective or reliable way to resolve these disputes that (to this day) are unresolved among different communities B) Try to find agreement on narrowing the community in the charter, such that we have a rubric to evaluate options against C) Attempt to progress to an Internet Standard, but not actually define the interoperable profile that is robust and reliable. Instead, the goal is to rather document the building blocks and semantics that communities are expect to further profile down, including forbidding such features. The distinction between A and C is largely that A attempts to exclude to “a sensible, implemented set”, while C accepts all as valid for purposes of documentation. I don’t have strong opinions on these - they’re all a lot of work. And I am certainly not trying to argue for an inherent superiority of Web PKI vs other PKIs. My observation was and is merely that the “one size fits all” attempt that 5280 captures/inherited from its ITU and IETF spec forbears doesn’t really reflect the operational reality, in code or practice. Such dissonance means it would be a considerable work item to resolve, and we should figure out early, during chartering, where the preferred path of the WG is leaning to, so we can resolve concerns consistently and expeditiously.
- [lamps] Proposed re-charter text for hybrid and d… Mike Ounsworth
- Re: [lamps] Proposed re-charter text for hybrid a… Sean Turner
- Re: [lamps] [EXTERNAL] Re: Proposed re-charter te… Mike Ounsworth
- Re: [lamps] Proposed re-charter text for hybrid a… Russ Housley
- Re: [lamps] Proposed re-charter text for hybrid a… Michael Richardson
- Re: [lamps] Proposed re-charter text for hybrid a… Michael Jenkins
- Re: [lamps] Proposed re-charter text for hybrid a… Michael Richardson
- Re: [lamps] Proposed re-charter text for hybrid a… Russ Housley
- [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Salz, Rich
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Salz, Rich
- Re: [lamps] Proposed recharter text Ryan Sleevi
- Re: [lamps] Proposed recharter text Salz, Rich
- Re: [lamps] Proposed recharter text Brockhaus, Hendrik
- Re: [lamps] Proposed recharter text Ryan Sleevi
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Ryan Sleevi
- Re: [lamps] Proposed recharter text Michael Richardson
- Re: [lamps] Proposed recharter text Michael Richardson
- Re: [lamps] Proposed recharter text Tadahiko Ito
- Re: [lamps] Proposed recharter text Ryan Sleevi
- Re: [lamps] Proposed recharter text Michael Richardson
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] [EXTERNAL] Proposed recharter text Mike Ounsworth
- Re: [lamps] [EXTERNAL] Proposed recharter text Russ Housley
- Re: [lamps] [EXTERNAL] Proposed recharter text Mike Ounsworth
- Re: [lamps] Proposed recharter text Panos Kampanakis (pkampana)
- Re: [lamps] [EXTERNAL] Proposed recharter text Brockhaus, Hendrik
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Panos Kampanakis (pkampana)
- Re: [lamps] Proposed recharter text Mike Ounsworth
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Russ Housley
- Re: [lamps] Proposed recharter text Roman Danyliw
- Re: [lamps] Proposed recharter text Mike Ounsworth
- Re: [lamps] Proposed recharter text Roman Danyliw
- Re: [lamps] Proposed recharter text Mike Ounsworth
- Re: [lamps] Proposed recharter text Salz, Rich
- Re: [lamps] Proposed recharter text Benjamin Kaduk
- Re: [lamps] Proposed recharter text Michael Richardson
- Re: [lamps] Proposed recharter text Roman Danyliw
- Re: [lamps] Proposed recharter text Mike Ounsworth
- Re: [lamps] Proposed recharter text Roman Danyliw