Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02

Santosh Chokhani <santosh.chokhani@gmail.com> Wed, 11 January 2023 18:28 UTC

Return-Path: <santosh.chokhani@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE30EC1527B7 for <spasm@ietfa.amsl.com>; Wed, 11 Jan 2023 10:28:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D8TalCr6tivK for <spasm@ietfa.amsl.com>; Wed, 11 Jan 2023 10:28:14 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 997D9C152705 for <spasm@ietf.org>; Wed, 11 Jan 2023 10:28:14 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id a25so7318194qto.10 for <spasm@ietf.org>; Wed, 11 Jan 2023 10:28:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:to:from :from:to:cc:subject:date:message-id:reply-to; bh=aFpqaC8UVO6401H7KyLhA9sXXU7miTjA/dSq3IEjw6g=; b=LGBUp4PJ1zgM/fiJmcIH+4VFDew+TSjFEJNhe2hoPrxrIx37eN7nm1k9JrT4TAcpdM 8vWARoj3xCk9tsgzM2gVgPKP6wLaTv83/kxFG5e/vNGBNWEBzOxIDkittDI76O0g/KH6 JHMmmHNmFhKs0c8Hz96kWeAoAovpWKdTFYPRXb+y7yuFfSQHJydaYFzAAk9HYBkHNOSN jTl21UZlTGMmX2WWiMu3rAs/YQ5c4Pm4FDTTyVVoE78h1NNWNo3BPAF6rIyM4geQiaZr wvMjW6MM6WxXWOjKFLwI0YkAoTwwMclPOlC3kI2vOYxQA+/q16kIBTFr8GAoOJNKT3UW pPgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-language:thread-index:content-transfer-encoding :mime-version:message-id:date:subject:in-reply-to:references:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=aFpqaC8UVO6401H7KyLhA9sXXU7miTjA/dSq3IEjw6g=; b=5QjzxeAf+den0IGQ45YEIFnYRvf0N5VN/VTFdS+Ayq0aNZ4TcMhcqoC5fkBTdeJfcl AgOi0tt9uhU0ozSLJ2BKBBa3BgqehwMWqQjCRLlcS90q+h1co9HL/klvl33ovC+Z6qVv vkEzfLt4e6dYG6aF6R5BcAemohWhnGUBpWlf7yqQiw7uCoIZoi2hyv6R/b0XJ7sh/uV/ BWCJo5YLGtlge3qkn++3xm6aiDOIdUquYkBmSJzLyTl8GcX/k1Hp1hiv3Pswgec632uG xtArg8E5bHhvRw4sQ3qD8fELiU0fFtxBGyVvWn8wdPwEcBH0aDaDX2kV+nTFzjIeloKU lglQ==
X-Gm-Message-State: AFqh2kp+BBq3rM29ABvw67DRDJdCVR/0UiYTifNDk8GSeaA3t5M55tYP KvbM4dSP28iNThPO6egGtcg95SoH39I=
X-Google-Smtp-Source: AMrXdXu+WnDFNPXHzB6qJQAd3wL1pGIYwIVKHD6cSn692LCduCwdZrGvTau5TqUuhoEzRMrVSXuTSg==
X-Received: by 2002:ac8:7cb1:0:b0:3b1:8ad7:b9fb with SMTP id z17-20020ac87cb1000000b003b18ad7b9fbmr882567qtv.49.1673461693588; Wed, 11 Jan 2023 10:28:13 -0800 (PST)
Received: from SantoshBrain ([192.80.55.242]) by smtp.gmail.com with ESMTPSA id p16-20020a05620a057000b006fa12a74c53sm9260002qkp.61.2023.01.11.10.28.12 for <spasm@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jan 2023 10:28:13 -0800 (PST)
From: Santosh Chokhani <santosh.chokhani@gmail.com>
To: 'LAMPS' <spasm@ietf.org>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com> <CY8PR14MB6123610E43DD6548A753DBADEAFC9@CY8PR14MB6123.namprd14.prod.outlook.com>
In-Reply-To: <CY8PR14MB6123610E43DD6548A753DBADEAFC9@CY8PR14MB6123.namprd14.prod.outlook.com>
Date: Wed, 11 Jan 2023 13:28:13 -0500
Message-ID: <017501d925ea$77640980$662c1c80$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQFljVpxtnCxG7UiG+pMgVJh6HLfMQJdeOP5ASevSnwDQU/WgAETF4RRr0HosdA=
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GiAr6BMiS6tLtdSmy0SPuW-LhkI>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2023 18:28:16 -0000

I am not a fan of what us being proposed, but I support adoption.

To answer Carl, I have heard from various folks in various WGs that names are NOT globally unique.  In light of that, having the extension is a good thing.

The proposal is a solution during the transition period.  

The reason I am lukewarm on it is that it brings in two or more path development and validation into play as opposed to single certificate (hybrid or composite).

-----Original Message-----
From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Tomofumi Okubo
Sent: Wednesday, January 11, 2023 12:52 PM
To: Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02

I believe there are use cases for this model and I support the adoption of this draft.
Thanks and best regards,
Tomofumi

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Thursday, January 5, 2023 3:02 PM
To: LAMPS <spasm@ietf.org>
Subject: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02

Do the changes that were made in -02 of the Internet-Draft resolve the concerns that were previously raised?

On behalf of the LAMPS WG Chairs,
Russ


> On Sep 15, 2022, at 11:44 AM, Russ Housley <housley@vigilsec.com> wrote:
> 
> There has been some discussion of https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/.  During the discussion at IETF 114, we agree to have a call for adoption of this document.
> 
> Should the LAMPS WG adopt “Related Certificates for Use in Multiple Authentications within a Protocol” indraft-becker-guthrie-cert-binding-for-multi-auth-01?
> 
> Please reply to this message by Friday, 30 September 2022 to voice your support or opposition to adoption.
> 
> On behalf of the LAMPS WG Chairs,
> Russ
> 

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm