IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: I-D Action: draft-ietf-lamps-im-keyusage-00.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 17 April 2024 20:43 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84899C14F681 for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 13:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zsQGRH4khvhr for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 13:43:45 -0700 (PDT)
Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02on2103.outbound.protection.outlook.com [40.107.241.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24127C14CEE3 for <spasm@ietf.org>; Wed, 17 Apr 2024 13:43:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gV2q3FlenywQs2tpDiZ//18Rn66I9n8yRuPsDGfZBH0iSeVJwd5WK16+hf9jyn7d5gFC5H9cg1hMOhU86QoUmyK98UQ9PsTulQiH7tU00/8AFz5KnkAtvL8BYNeQmyns/PN+1Yv3aU90WZTBeLtl6jeWUgVeXh+OFgXyiLRSuynH+17/h/PyPHaBwbZpIY+/jxmesuWXtkWbBrvHxhuLWpAXDWUnXayb3yw05NxsOnUGK/yDeStSVM9BjZYsDjTkGmFFqLcTvUJkuH1rZ2szDEeDm3OuqELVAKlXurDvHXpuSdVmCfDvUMOpD8ZBKi2BKGKJeSTY8LRwlcRxqarkNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T/zxAV55q/+kJ5Eogv27nCAtvW7AC1lSflvurR6X660=; b=glSEKCNr+lqVeFM9ja5d9unIINb2QvQBfkx0ptpSuH4dTHW4R22wEs5yPWhRG+8E8tEbwQ0etndvU79EE3KY8gcu6292U4nEb3Wp8laWzehWtzbic8u2zN1ojZN5WDlGXXOt18dOUVUIEVPJaRvWHmGz0VWib1+UBBqYUS3SaPgxsRoc93irq/HSb+6XeR/FX7ZHWXYlBAqrzYk6rH5QDcxClzc+DMSp5Wp3cjBc/gL6DanMrLbYeLbk4P6YGDFTJvqELQoXiZkt80TBMOyKVBw9Ic1lv6ELeA6+VdyxoternjmSCukHjBMa4p+S57xmFO4nVMEJmPkqgkSY0YjcoQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T/zxAV55q/+kJ5Eogv27nCAtvW7AC1lSflvurR6X660=; b=l/D3uLI8+QkwAirUR3LKp3RUdBYNi5cE5UIUV87YtaCuhQB07Io9t+ouhHTUe5hsJjrWDYcknykisAlY8TrnXbL6Z0AGm/sGUf/UwUZyfze961EIFyBeFJFwJ8kyz72DITTmnnYJOoNPlWtkPPMYrSKhGcCQd6jVv05Vdxvx4h9bIf/9UJwmqoZbgZVNr3+rY9pWXtV0Xb9qj5l/COMSYNzHWy7dJgGgIVt9iOV2iRoj6AAdssFmLSx8lVKDbfex5QaVuLDRvQ/P+DyZweFhAtx3KagbMq7nCfjcshgxoq/vBTzSCWykI1ZNSDNYzAcArBQDrF/YsMAZGTpJoWvlAw==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AS4PR02MB8383.eurprd02.prod.outlook.com (2603:10a6:20b:51a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.39; Wed, 17 Apr 2024 20:43:41 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4421:1ca6:59b4:20c9%7]) with mapi id 15.20.7472.037; Wed, 17 Apr 2024 20:43:40 +0000
Message-ID: <e2cb21e4-9eb2-453d-8785-ef2e8bcdf66b@cs.tcd.ie>
Date: Wed, 17 Apr 2024 21:43:39 +0100
User-Agent: Mozilla Thunderbird
To: Rohan Mahy <rohan.mahy@gmail.com>
Cc: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>, Michael StJohns <msj@nthpermutation.com>, "spasm@ietf.org" <spasm@ietf.org>
References: <171320513468.22285.6899802433610546466@ietfa.amsl.com> <B508131E-0554-471F-94FD-4AA2A0A95346@vigilsec.com> <CAKoiRuYCSwdzwKwSXdyLCNm5Z3DzzzLZzSyDO7DGWHTSeUj-fA@mail.gmail.com> <2E8965D1-F0D8-4947-8A6B-19B822EEFA4C@vigilsec.com> <CH0PR11MB5739FF2B9A378DF7ADFF24E69F082@CH0PR11MB5739.namprd11.prod.outlook.com> <CAKoiRuY5Caq_61+99RQiaRkeKUAou=fiLj+HadajzhwhLKOdAA@mail.gmail.com> <CH0PR11MB5739A5999D59A046D056812C9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739690323861CECECA630AF9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com> <0f7f609b-9283-4f59-bb32-375827d3e7a6@nthpermutation.com> <SN7PR14MB64927E6AB1914083C485E0EA830F2@SN7PR14MB6492.namprd14.prod.outlook.com> <CAKoiRuZeuDOG+Hm97mE2jwJ7w4gXjyvpTj7o3nOykQuufRDv_Q@mail.gmail.com> <f8d86a07-6008-4e8a-991a-ac879200b4cc@cs.tcd.ie> <CAKoiRubx4uQ_=USr2DXOHx6LYj9HsX9fNg7xxqF_b8WXexVEcQ@mail.gmail.com> <68fb3e14-701a-4bdf-a493-15038d4b8675@cs.tcd.ie> <CAKoiRuYwVcDpgJLZ8_4fmLAPNcrmikwNvQghgt3-sSwDBYY-Ow@mail.gmail.com>
Content-Language: en-US
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <CAKoiRuYwVcDpgJLZ8_4fmLAPNcrmikwNvQghgt3-sSwDBYY-Ow@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------NQldPSFl8StQrtcgbLwXZYYJ"
X-ClientProxiedBy: DU6P191CA0033.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:53f::8) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|AS4PR02MB8383:EE_
X-MS-Office365-Filtering-Correlation-Id: ffc27443-6988-43b0-94b6-08dc5f1f10a0
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Ujmd9NylLbfFw7gtnQAf1WtLSuebWAC4vrctEgwWkyxtPyqnSik5Se/BXykarIGo/2SfsEYIVePNQ4njKCJl7ZD2ThmPEn823lHKZIA1fPCWr/50eg6fNp6EhWYN6asLaZcf0itLLLGtDTYmsOO7w3QNFXe4zJ4EureIpX/VF6rFp4s5lDh/kSMBJ8DowC2tm4n2h+lPTpn0eAoTSd5uvaFd0xc7QBHtQKFfaRKWRcldp7+/zoP/CdOuPzL5T7ykMDNBCzqXzua+djkbUPvUOlLKZo1nDaSNz928eOPicuhLxVBtUh/pY4OzYTd6f3HyLfv4GHZwCxKBM7ZRIonQMDzUycDlkFe+D+iI/WA0T/Hf7F1AGW8zkxJB/SoQjcmrwdF2L6Jr8XZQx8OZeGDZECMeWtF3jai4lFwpXYJSxRERayoJS5j1To4ZfWqZFgsger/7y9mtDQ1wbxqTlQI9T+Mgnr67bTeGWeY+7QFm1XRYbdxnvX39pE6MGjkYDFyD+ich2EpdepIeR51EoDRQepNDKFR+pvDNelfKUrD+izlWqRfiZwGkB0VcsvdFkMPF37TFPF+r9mP+UzDbQeB9pao0IgM9BcN90e9H4EPglQ57MrtE3s1PCsjFT0sv4LryjfNeezLPOucyVPaHSuPZz8B9/2o22VELm5BcbTWH84k=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(376005)(1800799015); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: hVoPGzC1GEisy9HGckP0o3Vi3l3GPmlwwptES77XdMnENluevAGETWMDNMZ/qESf0EaZ9Y2Fg6dwdA6ww26c0sVxxq37d9qaytD/qqIA2TQNywc3r6q/crAi5a0u11nIT3N/6ATkK/7cXQmrEraaCLbkbWwOaCbGAa8BD6LtQCQgNpSS03btt9zZ9pWmwgexFqwrvY/NCirLe/LOLbSqNtdzhW9bqGYVmuacwySmSYsb7Kb064KgnWkE8gE/+qVYxvc6+AjlKG5fqoEEmJsRIIMJRRkpYkdcjEEaPfwK4mq8g1iy2Aw1kZsxgv+djpZTR/mWRbmxgl8vB3daLfRPQyOQr5gALukT7wkVmgDm412NglmF8TdBsVBVGpaC6XNwHpNUXe5UhwM/+yzpWDvWI6g8UqLuV45nD5udwiLUMikT5DeSC6ryX5PzT2R9HTZ71wVloTl1H/Jv51MjItFnfBdkeoAiI8Oib+gSPNTJtKpfKiN3OEYOKEIbhXk/aJ2GWNoXeNuAC3MNjvlt2DS8Rg+2Jhi6Xs2SyXcHuZctoZVXmtSoGY/qxgwBBQ4RrVim3pgvc2NsZUN4BhisGAOgv0NdE0lypUkWfkrGAy0OQMydKPnkOE9yNhuzcCT/dirLFEjosfdxY5GRaPMaUDyiXUtlRyBMkCs6YFuEMGGg5mvG81+HlySenYrgkoyz9tMNn0EAsv/4egd3UNR8iBn/pHoeA3GBtgvcFfZnBIzFe19fb1zPJVI1/ss9rY1nvTi4R9++JyjRaH6Z/n4YV5+NdNWyfLZBWHt2EaKW8eU2I7vBAMVk/uuP4FXj+4liSp4LmlfBjpJGdnFrBXPvoWDZTLmaGtknM6eVvRQQP6/BSVZZDNqpXF6hT/FYNoJl0xy5ROrASWbqu2dU9xtU/+IWNGahsm5l4V0YD1DYa/vvzUUfij9opv7cDYQNem3kzJSprp8L6BdHsb8EPxdVD0v7CIlg6S//ho5C5Kl+c1vADlLFJsiY3f+h15rQeD4/yv3+exq6uqL8qhiVJCQ1fwwIKGakQr9zf3oMKGX4lJIbXZEaNruxihd45/knVvUFmtZXLmIVEv1rwtEmsIcSxMK8FN2VKXVtAg/t3wHduBzVZeLpxCCKZAb5/l4GbBpbNfiTec7vLJC7rYS2J2s7GoxTIc/ligDcE8HTCIJ28Mf+yofkSllUtjxFsqOo7mGpD9yk64j8ympJsGbsUPhQw2mRSrRnImKAJhphdeKrPgESr2M7lw1vBri7Zd3i0GOf4UVWooOY4p7ishGA/7srKfkXNPgJ1NBX7316n1YVPOTUwVIvJjtAsigfNV2D/GO3M4w4iTmBve/4YM50wDcXuO+EUw1qDQD7X2jBLnUoYKx8R7rnuJ23Wk2SIlzEDn9RLYpnErjIS7Z9nFqCTD+G7523XzfI878A0IZDkXAf9s0Z6dF9rf9/egG3vp4Laf17YhdAX5epmq/Nvb4SIsKhEVwf9JmVeJ7L9NOkdkleBi3TxXY5+GslEoVx9bBCX+T9n6OEE92QsUNmQMscSuAGGOi9mz1z3ULHuejxFycwl32B/0ES5bokWVTj9NTcIB8WlVl5KN9kwhgjBz0a57YFWOf/FIYpHjqN9L9YjNpCwwq9jL69jKxSiyDfe5FK7k1ZYUQe
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: ffc27443-6988-43b0-94b6-08dc5f1f10a0
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2024 20:43:40.8372 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: EWGIfgwEuVV4nroAcgPvOw3pDhXZL8EHxXKCn0HkVbI+tRgHUAt67BPoPN6lZXGT
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR02MB8383
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/KNEdPJonN1Et5s0r_PQSvXEwHS8>
Subject: Re: [lamps] [EXTERNAL] Re: I-D Action: draft-ietf-lamps-im-keyusage-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 20:43:50 -0000

Hiya,

On 17/04/2024 21:35, Rohan Mahy wrote:
> That's not what I expected. Could you elaborate a bit more on why that
> would make self-hosting harder please?

If it requires slow-to-change public CAs to do stuff then that'd
(maybe) make it more likely those who can afford to pay-per-user
get what they need.

> I was motivated to write this because my experience was the opposite. The
> feedback that I got repeatedly was "if we are going to setup a private CA
> for IM user identities we need to make sure those certs won't be confused
> with/interpreted as regular TLS certs" and related variations.

I agree that this'd be neutral wrt self-hosting for home-grown CAs
for a single service. But it might also make it harder to federate
(or whatever ends up being needed for MIMI to enable alice and bob
on different services to verify one another).

Note that I'm not claiming this is a winning argument. I'd need to
think it through more myself to reach a conclusion, but not making
self-hosting harder is a concern - I'd prefer we make that easier.

Cheers,
S.

v2.23.0 | Report a Bug | By Email