[lamps] New drafts available - non-composite hybrid authentication, and binding certs
"aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov> Tue, 22 March 2022 18:16 UTC
Return-Path: <aebecke@uwe.nsa.gov>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E6A883A0EED
for <spasm@ietfa.amsl.com>; Tue, 22 Mar 2022 11:16:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_GOV_DKIM_AU=-0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=uwe.nsa.gov
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ZwwpnPhzw8wi for <spasm@ietfa.amsl.com>;
Tue, 22 Mar 2022 11:16:44 -0700 (PDT)
Received: from GCC02-BL0-obe.outbound.protection.outlook.com
(mail-bl0gcc02on20628.outbound.protection.outlook.com
[IPv6:2a01:111:f400:7d05::628])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id F295C3A0EE8
for <spasm@ietf.org>; Tue, 22 Mar 2022 11:16:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=kGAWM6HFY8X/gWmHIA9hoVSbvSYYRQgA5u3LxurBxs4zsMZX3kobr3wHMdqubnjIaulOMfmrTk9Iu8tpt0lBc7o36lNy2CAhxQT5qOV2L661pcGCg/Y+ODyV+R0h9kPW9DMpKHgq96szmqFx2y+Cz1jnzkRSlORBxJX1aqTeEvSJmfWIi/xgqV6R8cwqEyvO3zrZH920SEUadGomUJLhWmhJDXF+SCJneJnSXoZGQR0sIStxaFR0M7kYfzUM8xaSodUziLtXoY4b5cK28yAiznVyJIjxge2gdJ1LzDDliKq6OjopvjLjp6Jx/XCcrWx3V0OKI8GfjMPr4PlqlgMJ0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=ku1VPfDj2fJPZE5zbMbg9A/lTlXpnOp4f9+1lAC7woQ=;
b=k13KuHRL7wFqhmA2noKO2l360SfrKQhWaxCRB/b/e9hYKtLg89paqyZx+BT30ZENj+ipeC2FqaRMj9aWLcYbKHOs+VS3nenvbEgKMkqkLxm57Nyt0MwR7MRNv+0Wgde1x130+IjMxVlnEZVFsGFAIGsjdonG1v+gQRPAEZgPdX7eZOXN2vEIX8JcS+g9jNc6VHFaT/rp8JkjaqVR3Ng/H8smbBqOWzK3jzvUx8hcr4NqWm9GD+9iIUm1YgaoXNZ5KiFjyAJWq8zF2gjbohNjBvEQ5lg4CnafgoVSyVKGfn6/1REWBgybb63ZdSIe94U3/h3dVwKo4Ev8XJHzLFvTXA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=uwe.nsa.gov; dmarc=pass action=none header.from=uwe.nsa.gov;
dkim=pass header.d=uwe.nsa.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uwe.nsa.gov;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=ku1VPfDj2fJPZE5zbMbg9A/lTlXpnOp4f9+1lAC7woQ=;
b=GKooTFsL7xqsu91+xQVK9u/54v6G8r+p6aO7qsh6lBVK/rkSrQIDTHsMiFG92AcnX3YDbFtQYh9m0gSdYCJEL3I0MB54MNV/JpRwrTadlO9fnqknXPIqyr6PrJ2DAYlA+RyNoi1mnkwVWBzF+YPWGl9yo2V454wYn1AfF3O6E3WuDDgGmtoIXyUKkWoQSDbn1sBYK2K67WWgDbp18SFJH+rJvE/WpLODBN7B8J4sf7n3Ct1V9qNR6UnjQPFPD5/pd5qoIAQLtLa5Eat0lEm+tiTrl7mlwdaMv5oHjcTJDfEX0795F9HoNIMnh5nniCwppHKisWSgpt5I2tabaXU+Jg==
Received: from SA0PR09MB7241.namprd09.prod.outlook.com (2603:10b6:806:7a::24)
by SA9PR09MB5119.namprd09.prod.outlook.com (2603:10b6:806:4d::9) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Tue, 22 Mar
2022 18:16:39 +0000
Received: from SA0PR09MB7241.namprd09.prod.outlook.com
([fe80::c1c7:6c2b:3f1d:bbb4]) by SA0PR09MB7241.namprd09.prod.outlook.com
([fe80::c1c7:6c2b:3f1d:bbb4%7]) with mapi id 15.20.5081.023; Tue, 22 Mar 2022
18:16:39 +0000
From: "aebecke@uwe.nsa.gov" <aebecke@uwe.nsa.gov>
To: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: New drafts available - non-composite hybrid authentication, and
binding certs
Thread-Index: AQHYPhZsKWTcCtspaEezW3V04zRZ9g==
Date: Tue, 22 Mar 2022 18:16:38 +0000
Message-ID: <SA0PR09MB72412B7DA4F1DDA68A40AD1EF1179@SA0PR09MB7241.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 06b63ab2-5743-accf-2bf2-0a18c712b5fa
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=uwe.nsa.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1191c17f-dd27-43f2-b823-08da0c301bc8
x-ms-traffictypediagnostic: SA9PR09MB5119:EE_
x-microsoft-antispam-prvs: <SA9PR09MB511972E5A6FC4B2EC86915B1F1179@SA9PR09MB5119.namprd09.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: t79qUq9pAoccjd6z8rW5PCl9EPlukrqEAoogKJs57miCWsuNTvbOhc/cmTBJS/8hsRf4KKZ7/P+Kl4XI5reHdt5Eo/MIqDztAXlucDFcQ15zdlNCG+c9EiWv4GD67K8Pa9uMLVwbm8dH6Vj6JkCrqlNZY+vc49Uq0aciLTQNFaMmvI/F8zNSXWz6n5KijyoU+dZTAWrRF4dcaU2fbnq27SYxLZ/LFtbfcP+Rji9qMJgbm/ByF0wPMtZHggIP0JuPKeshkyR69FOPHe9OixxoVrl508se+G0iKkvAPgZWrNlCrP8wDH5nB2llybGqsB2IMDjB0snag1lF/YRgKJkmWXmqcOkQ6yJ2FRdHFOiVrVwrjCJJ0gkk2TwsteNlQJRlG9cKKZoUJb63RO4wchDOQtHIqiEwQbZe/x16vdAjj4gOBO0VnYZyzYSAlOjNZPcEitc882yoKYS9Jd+Bif3Pep67nc1PIDPdG2M7Cq8jvIY7AzKRtteMdDDKTErY8bNi5lufxTsKyJ/RcZMD1XWUh1m8R2AO9qV6EcstlV3pgKtUFLYobRkRX4g7qNz2xXzMHDcaCklCAmJB37XzsRkwliYe3AX4JXIUEuw8HD1Py3u7oRPLWw9R9VpeBAFg5PtgW5aTPD2yC8/Rk+nV8rn1PGbHYWXlcDaf2kPoOWvhBC3Kpcel1aAd7va2amAAOjRxxbVsVTNC9SPe4BE7abDkuzqFL170AC2rmLctONbs0mt9OYzY8jfeaM4anoH0t36OB3Y6/ZW8fmLgX+j3Sz4ZFQBvUvgtAkveZhy+i9u/4Tg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:SA0PR09MB7241.namprd09.prod.outlook.com; PTR:; CAT:NONE;
SFS:(13230001)(4636009)(366004)(6916009)(33656002)(55016003)(64756008)(66446008)(66476007)(66556008)(8676002)(66946007)(76116006)(122000001)(38100700002)(91956017)(38070700005)(52536014)(8936002)(5660300002)(7696005)(316002)(82960400001)(166002)(86362001)(71200400001)(6506007)(9686003)(966005)(4743002)(508600001)(83380400001)(19627405001)(186003)(26005)(2906002);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?hQfmpyjSCwoFXMatocE7GhFvT3mqCm9uQ/ntxaZiWxJo1lLYRFZCxlRcsp?=
=?iso-8859-1?Q?KzksAJ0jRQjrVh+u8ciMF7ZlBwmR/N4Psp5wuBwKQS8l0qzQaSOIYeAkLu?=
=?iso-8859-1?Q?Iw4iAtNug3QHDC3Vu9RstdmPk199kTlBRg3JbQLLLdZjV32fyFVufS8sPv?=
=?iso-8859-1?Q?r7Fq1Z0gOprQTgcp1+pm5FABcABwXQ4IPqa//YYGhvOIsRsuKt4ssVswAU?=
=?iso-8859-1?Q?6C5xASkMy/NLCkz08EWJznEWFngf5WLKbr2hdHGaeeZwqyvDwYBoTVDAsU?=
=?iso-8859-1?Q?8IS2vg5/bJafc0I885ylsjsIq5KS3ukpAaAoMy5KcH7evcyQaBq4JOqolr?=
=?iso-8859-1?Q?6cby4VJsFzbAC2E+KX1lLM6a2cNRzzUrVYB77THuBkEWKLsxRpfryNfRw0?=
=?iso-8859-1?Q?2FJRU+S89u9Hr8bvRJtexgAUZoNVZBqjza0YHZlWH4OZfkLvElwedli97P?=
=?iso-8859-1?Q?MpeAQVHsfy/P871IZt8P68c1s8103HF/eXuQ+2CBDeMfmfGXNTcG9hR2it?=
=?iso-8859-1?Q?J1eoMKqj4ESsJtmhmNBb7IjHoBW0A+i+37PhlLItGl8qSLQtVAyPGdRy2z?=
=?iso-8859-1?Q?Qf9tVHi72dxnKj3OJouDHxMgME7hv0q6Xh6WvfKmyhsPjpawbC45spIEev?=
=?iso-8859-1?Q?gAXJPA7u7oMKOMUf+1fw3T/vYE1WOUsNXwc3eJ7/VFKG0P54oZXiLpEP+G?=
=?iso-8859-1?Q?ZCNahsn15mYGI2znlAhEl7bUM8Evn+5C8pFQu4UVkERfC2XBLnvzz1TFnc?=
=?iso-8859-1?Q?Zpfu+jNpoAC7t8WNWutxfITKUStKt0fvyX+7OglI3rI85jaiYXaHhyVitz?=
=?iso-8859-1?Q?5X7HvmafyvBbneodojaYs/EhXJd1jcNCn+1FyrRdgOHtR0IPw4SVqqTAO6?=
=?iso-8859-1?Q?Mqg+CzYhNHF8vvFdiAQXJjB+vNxi6Xy8R0Rp/ELHCrnN+A98bm0mr36IYU?=
=?iso-8859-1?Q?HboVxgpUGy9KAWl5ZpD03uaY9FTH6iTqj8XY7lOm3i26WWjzDQ2x7OKDUM?=
=?iso-8859-1?Q?hj6FFv9AMHp35QifxgTrA3WcM93m1r9QB2E6iDzcZSc+mk3MgWtSG82fwO?=
=?iso-8859-1?Q?yqyE7HR+GD1mJHHbTRDvGTHPDvZEMngWI0drgoKFOQvoJFju37FcXraymI?=
=?iso-8859-1?Q?5YdmuIKE8pwTOMD2HLX31spo0dEYmyQYdBaX9pe/V8+i4M0OhsDViaoqId?=
=?iso-8859-1?Q?ZNvCCZFLO5snYzPyPMOKVqYlXczaiyscCpjzPi3Zxw+KYSdaP55Uhe3tRN?=
=?iso-8859-1?Q?5s1vfj1AgitNr4t5a7idn8oEOlQoZCYfXUHDwTToQoRMkpxCC1TjrnFSky?=
=?iso-8859-1?Q?9DtG9e1FkYsHHiIcXApkwn1iRqa41cuI+lQORcb5JrHMvToKPVwLJ3uPRJ?=
=?iso-8859-1?Q?B8RWTw56clptWDCXz21FiMkRoH6SYV8Tn20sOfI70Psr1ZbNPMvPgiDkYk?=
=?iso-8859-1?Q?L43uy9kACiuX7gkFmrUoiwq48IryaVAuCwhBajy0jp92cQu9A+fUe352XW?=
=?iso-8859-1?Q?SuoRaAxUjuksE4lB+bz5ht?=
Content-Type: multipart/alternative;
boundary="_000_SA0PR09MB72412B7DA4F1DDA68A40AD1EF1179SA0PR09MB7241namp_"
MIME-Version: 1.0
X-OriginatorOrg: uwe.nsa.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA0PR09MB7241.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1191c17f-dd27-43f2-b823-08da0c301bc8
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2022 18:16:38.9355 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d61e9a6f-fc16-4f84-8a3e-6eeff33e136b
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA9PR09MB5119
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/IQ4KvIaGqK-4G1dQt0jSOgMkJdI>
Subject: [lamps] New drafts available - non-composite hybrid authentication,
and binding certs
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime
\(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>,
<mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>,
<mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 18:16:49 -0000
Hi LAMPS, Two new drafts related to PQ migration are available here (note- these drafts are an update to the talk we gave at IETF112 in November) : https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/ and https://datatracker.ietf.org/doc/draft-becker-guthrie-noncomposite-hybrid-auth/ The noncomposite-hybrid-auth-00 draft is an informational draft that gives a general overview of hybrid authentication, and details the solution space of what we are calling non-composite type hybrid solutions for authentication. The cert-binding-for-multi-auth-00 draft defines a new CSR attribute, bindingRequest, and a new X.509 certificate extension, BoundCertificates, which together provide additional assurance that multiple certificates (used in non-composite hybrid authentication) each belong to the same end entity. Please feel free to provide any comments and feedback! Regards, Alie Becker + coauthors Rebecca Guthrie, Mike Jenkins ---- Alison Becker, PhD Center for Cybersecurity Standards National Security Agency
- [lamps] New drafts available - non-composite hybr… aebecke@uwe.nsa.gov
- Re: [lamps] New drafts available - non-composite … Ryan Sleevi
- Re: [lamps] New drafts available - non-composite … Kampanakis, Panos
- Re: [lamps] New drafts available - non-composite … David A. Cooper
- Re: [lamps] New drafts available - non-composite … aebecke@uwe.nsa.gov
- Re: [lamps] New drafts available - non-composite … Ryan Sleevi
- Re: [lamps] New drafts available - non-composite … aebecke@uwe.nsa.gov
- Re: [lamps] New drafts available - non-composite … aebecke@uwe.nsa.gov
- Re: [lamps] New drafts available - non-composite … aebecke@uwe.nsa.gov
- Re: [lamps] New drafts available - non-composite … Michael Richardson
- Re: [lamps] New drafts available - non-composite … Ryan Sleevi
- Re: [lamps] New drafts available - non-composite … aebecke@uwe.nsa.gov
- Re: [lamps] New drafts available - non-composite … Michael Richardson
- Re: [lamps] [EXTERNAL] New drafts available - non… Mike Ounsworth