Re: [lamps] WG Last Call for rfc6844bis

Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 12 October 2018 21:16 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 613BB126BED for <spasm@ietfa.amsl.com>; Fri, 12 Oct 2018 14:16:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.012
X-Spam-Level:
X-Spam-Status: No, score=-0.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2oGZxMDmXmcU for <spasm@ietfa.amsl.com>; Fri, 12 Oct 2018 14:16:18 -0700 (PDT)
Received: from mail1.bemta23.messagelabs.com (mail1.bemta23.messagelabs.com [67.219.246.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D75A4124BE5 for <spasm@ietf.org>; Fri, 12 Oct 2018 14:16:17 -0700 (PDT)
Received: from [67.219.246.196] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta.az-c.us-east-1.aws.symcld.net id C4/ED-08487-02F01CB5; Fri, 12 Oct 2018 21:16:16 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTa1BMYRjHe/ecPXtSJ6et9EgMO4OROTu7DGL cxgyTD2QYH8jt1J52l23Lno11m0lII6koame67EwuhS9WhhK1DIlCDJVIySCT0cR0YXDOvuv2 5Zn/PL//c3nfeV+aULtUEbTgsAs2K2/RUKPI1olVNm7i6Po43fVM/+je922q6OOdxSi65FnCY iKmvHxYEXOgpoaMqez4olxFrFearfHJji1KU87gbSqlqAw58rNLiDRUkY+OoFE0yR4loKNvv+ II8qfVbJ4CsksEGajZTgTfetORDChWB89q73pNoewU6Dr1QClrgl0EneklXh0ieV43d5LYo4f W2jM+vQTOth5TyZpkJ4O74JxXM+xGaBnJpvCw5wjaLw5RMvBnV0P5nZveYYgdA4ONFxR4WDi0 95R6NbCh0PX4PoV1GHx480OJ/RugeMAj5WkpPwnaqjhsGQ8tpVneEwN7UwWvhp6QGHDwuaCAw HoFvBzJUmBTC4KXR9N8w6KgtOCxr8AC7or7Smwqk0znT6gwmACV2V0kBjcIeNtY72sbCf0PDv uAm4LcgTyEb9sA+ZUeKhdNd/5zPKfkI+TOp93VCqf3ooLhXlEPiU3roaG9DWEdBeXpP1VYT4c zro8E1tPgS+4L8v+8StLz4bIBZydBflaXr3I2ZDT3U2UooBLNireZjSZ7Em+2cHqdjtPrZ3Bz uDk6Lb+bS9CmipzAi3ZOr+V3ilpxV1KCxaC1CvZLSHqWhhTVsquo4bTRg8bSCk0YE7+jLk4dF J9s2GXiRdNmW6pFED0okqY1wLiY+jh1sE0wCo5Es0V6278x0IGaUKZYxoyYwieJZiNGjWgpfe zFoUKC7i7MlOInb8x4+1yKmXJUk9ZkqxARzgQGScWsXGxKtf5p/fvntKDxESEM8vPzUwemCLY ks/1/3ovCaaQJYXrkFQLNVvufDXql5RTScrXL6+Tl7PxfFJGGGL/mO+8fLfjWZAm6InhmXKsZ 2L5xZKFrXnV3x9awDFNO7L7XYZvrPw0s+xrp8AzPqxheN8i7Nk0+WdTnfOTsFvroPRyfM7R2V X/etuL+aWhc1ENb7LklbmXTir0rjeltV26NnZnn/Dl1YfW76qDY5YkBUwIKc+tiiX26g0+b1o yZ+11DiiZeH0XYRP4X8DwXVDQEAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-13.tower-404.messagelabs.com!1539378975!281403!1
X-Originating-IP: [216.32.181.114]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.14.24; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 18333 invoked from network); 12 Oct 2018 21:16:16 -0000
Received: from mail-dm3nam05lp0114.outbound.protection.outlook.com (HELO NAM05-DM3-obe.outbound.protection.outlook.com) (216.32.181.114) by server-13.tower-404.messagelabs.com with AES256-SHA256 encrypted SMTP; 12 Oct 2018 21:16:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ro95zv3Tsuql+DQhCxCj4REHWRY6fZ3VhC+SLk+RW74=; b=ndvHRI/rb4h325Pja8GImzk4ke4xqVuKHe4sl7C/DtOHkcafLVYBvamn/k0Gq97WLIqt3caFjakoShrre/nl7G8z6kghhCV9U3MNurIhwAbFhxzhSvhpCDyMdu43S8p4eEfCOM9B0gEq8dwH3w6aQo2zoyQ3H5SfeTcRD3zCFeY=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1585.namprd14.prod.outlook.com (10.172.147.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.21; Fri, 12 Oct 2018 21:16:13 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::14a4:c8e1:5979:3ae1]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::14a4:c8e1:5979:3ae1%2]) with mapi id 15.20.1228.020; Fri, 12 Oct 2018 21:16:13 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: Russ Housley <housley@vigilsec.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] WG Last Call for rfc6844bis
Thread-Index: AQHUYYx49OvVTNXTEUG4xpwbXU/0E6UaadrggABC3oCAAXDVAA==
Date: Fri, 12 Oct 2018 21:16:13 +0000
Message-ID: <BN6PR14MB1106E657320C80078F537A4F83E20@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <F72DABEA-234C-4644-914A-81FBCC86D11B@vigilsec.com> <BN6PR14MB11063B4401B3C6BEBAF7A68D83E10@BN6PR14MB1106.namprd14.prod.outlook.com> <CAErg=HE4iNQGJnyB7Jjm8AK-wmzQZa188cF=XcJqG1Bsp65cng@mail.gmail.com>
In-Reply-To: <CAErg=HE4iNQGJnyB7Jjm8AK-wmzQZa188cF=XcJqG1Bsp65cng@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [98.111.253.32]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1585; 6:2uNZxKys6FNxCSGM2+7OrPtEUe+4sUxMbYho33vS6AjlF76NHdgRt1juzDqALh4UTa5tD1EUNmnTVcM73Wcbd/mDWVDFoeT+7VHhYHVsH53i3pazJUK5FnFZCXz9TexuK+G8gO6LMfCBvURUVUgfURdSZRbJKBq+OlGHdLblTRoWQWyruVQvLeqKWjB72HyFYEG6fOl81VbmFBsOv05uHYLdmoen8HM5hpC5+3ODiO0G5+dvef0RgfI9ps1fy+Coe0R4YcbgoNti+jC6ssPlWcF3Mw4YV3b7PlBy4E8A0iGliOwmwBJvNZIUpAZQ9xp+DDqj0w4yeHagIFB8ogY/+dJ/WkiBY8PYQw6pAaQv1e72yPelvDUPwnXgfXzKTWmv+ErP8dpYJ18F5IE8PB/ycOCZprVUyAVj2/0xnnSRAW5JMYxpW09DtMzjaKGgxRL+gqG2qTMlRJuzd0u55nEBKQ==; 5:ZdYLaHph+zKM6UddyjK7mYteoReYL7mUq0vLDZmE1RQXbU48omAPP0zNMz1NKVOV0SsmdL8dS4CELP/uaTMdtmePq1YqbSKLyF2mCopnmenCjEq8VAElM9DISy4o/Tce8soggMinzBBK8SDLLL+yuCNrCcjHVFRkedByPBHO3OM=; 7:V/c0AxDf6KArCxLC2go+XSIqx5R5NoeVLA0NMGyqq8A7MUyHm1jM45kGPUm/21QakVMRy80uwfVmkQ80BnXuiHrJC1UwiMvJnHaHQdsRa2+11Y07pjKbRksSEzbeB2C3g+1nCUJmKQV8oLvXzvAQ57Z2Y6RSUDz9dQgbTHE4BKdE9ouWOUUto8O34ZvDp8d+0vtb1rnCEaOi6A6GeI81y89ktdLiTGCHwYDTUs9mB5Zp5kvAko+/KtQFy8JNEhjh
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 53fe5536-feea-4215-37b5-08d63087f0d2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1585;
x-ms-traffictypediagnostic: BN6PR14MB1585:
x-microsoft-antispam-prvs: <BN6PR14MB1585E66DFFC32865922CDE9283E20@BN6PR14MB1585.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(100405760836317)(269456686620040)(21748063052155)(28532068793085)(190501279198761)(227612066756510)(258766100185102);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3231355)(944501410)(4983020)(52105095)(3002001)(10201501046)(93006095)(93001095)(149066)(150057)(6041310)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051); SRVR:BN6PR14MB1585; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1585;
x-forefront-prvs: 0823A5777B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(39850400004)(376002)(396003)(136003)(189003)(199004)(13464003)(5250100002)(14454004)(7736002)(86362001)(7696005)(105586002)(54896002)(229853002)(6436002)(236005)(25786009)(55016002)(54906003)(6306002)(106356001)(9686003)(316002)(6916009)(81166006)(2900100001)(8676002)(81156014)(99936001)(8936002)(2906002)(606006)(5660300001)(6116002)(6246003)(99286004)(74316002)(790700001)(66066001)(3846002)(476003)(446003)(478600001)(256004)(11346002)(53936002)(102836004)(33656002)(486006)(26005)(68736007)(14444005)(44832011)(966005)(66574009)(4326008)(71200400001)(71190400001)(76176011)(186003)(97736004)(53546011)(6506007); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1585; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: f+GwuiIcf3Iq+L2h3mJnmEwWArN7rPww6bD0ecWfKzbplfTiq8eGL6QRo6f0pnLxYE2skU3sXUxOepcl6SMuKfBv+MrIZ62RSd4bQEwP5t2Ni3M49s5VuaqohPfXkbqMke193KGQoytmjrUsVyg2qCaLmgqL70PFZYopNAsep9YyCn+/iVvydhxZ8n08GEih8XSXd5/2NekZpD3zwtRAi5cecoT4L3mkOZoG6w/qx0j5uJk0Lbbj2sgOhBfR1/EW0RKZy6GeXd7VLUkBHJVQ47uCbYdJaAA9mbT2kGGHEvsMUcVBwt3aItWhTvcIbGUXqkipTtSIjqDMx6MQNwApfbI7/Vur64/8KgoBigujJE0=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_06AE_01D4624F.3A9EEFA0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 53fe5536-feea-4215-37b5-08d63087f0d2
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2018 21:16:13.7159 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1585
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/v5nIhLOB1eHR6VRM9r-5C4ZSAu0>
Subject: Re: [lamps] WG Last Call for rfc6844bis
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Oct 2018 21:16:22 -0000

Your characterization of what the Forum “wants” is at odds with previous discussions in London, where working with IANA was explicitly called out as a goal.

 

It also is at odds with the unanimous consensus on the last validation call, where everyone agreed that working together with IETF on this was desirable.

 

-Tim

 

From: Ryan Sleevi <ryan-ietf@sleevi.com> 
Sent: Thursday, October 11, 2018 7:13 PM
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Russ Housley <housley@vigilsec.com>om>; SPASM <spasm@ietf.org>
Subject: Re: [lamps] WG Last Call for rfc6844bis

 

 

 

On Fri, Oct 12, 2018 at 4:25 AM Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote:

LAMPS chair hat off; CABF Validation Subcommittee (formerly, Validation
Working Group) hat on.

Recently at the CA/Browser Forum, allowing customers to use CAA  to limit
the validation methods that can be used for a domain has been identified
as one of the Forum's highest priorities.  I started a thread on the idea
back
in December:

https://mailarchive.ietf.org/arch/msg/spasm/Jse-FslACq3wair2B2_YSwpViNs

While CAs can potentially unilaterally implement this on their own outside 
the Forum with parameters (as in the acme-caa draft), uniformity throughout 
the industry would be desirable.  The Forum also has the ability to mandate 
implementation by a specific date.

This was discussed on this morning's Validation Subcommittee call, and it
was suggested we ask the group if there is interest in including this in RFC



6844-bis, or whether it would be preferable to handle it as a separate
draft.

 

Handle it as a separate draft, and recharter the WG If there is consensus to adopt draft text. The charter we have does not include that effort, and there are more ways to botch it then to get it right. It’s an extension, in theory, so let it be defined as such in a separate document.

 

Personally, I believe such an extension would be better spec’d as Informational (thus, at odds with 6844-bis, which is Standards Track), because what the Forum “wants” is an extension whose namespace is defined and maintained by the CA/Browser Forum, not the IETF or IANA, and not designed to interoperate with other PKIs that use CPs other than the Baseline Requirements. If members of the Forum want Lamps to adopt such work, they should first work through what it is they want before asking Lamps to recharter to consider their industry-specific use case.

 

So no, don’t add a rechartering discussion for WGLC just because some folks had an extension they want to figure out.

 


-Tim

> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Russ Housley
> Sent: Thursday, October 11, 2018 2:01 PM
> To: SPASM <spasm@ietf.org <mailto:spasm@ietf.org> >
> Subject: [lamps] WG Last Call for rfc6844bis
> 
> This is the LAMPS WG Last Call for "DNS Certification Authority
Authorization
> (CAA) Resource Record" <draft-ietf-lamps-rfc6844bis-01>.
> 
> Please review the document and send your comments to the list by 22
> October 2018.
> 
> If no concerns are raised, the document will be forwarded to the IESG with
a
> request for publication as Proposed Standard.
> 
> Russ & Tim
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org> 
> https://www.ietf.org/mailman/listinfo/spasm
_______________________________________________
Spasm mailing list
Spasm@ietf.org <mailto:Spasm@ietf.org> 
https://www.ietf.org/mailman/listinfo/spasm