Re: [lamps] Call for adoption of draft-housley-hash-of-root-key-cert-extn

Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 31 August 2018 09:14 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAB1C130DCA for <spasm@ietfa.amsl.com>; Fri, 31 Aug 2018 02:14:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfcSio9cqlTi for <spasm@ietfa.amsl.com>; Fri, 31 Aug 2018 02:14:17 -0700 (PDT)
Received: from mail1.bemta23.messagelabs.com (mail1.bemta23.messagelabs.com [67.219.246.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B130130DC3 for <spasm@ietf.org>; Fri, 31 Aug 2018 02:14:17 -0700 (PDT)
Received: from [67.219.246.100] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-4.bemta.az-b.us-east-1.aws.symcld.net id 03/FB-11190-8E6098B5; Fri, 31 Aug 2018 09:14:16 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTfUwTZxzHeXp3vROoOQqO3xqqoU4T2a62GIt Tk2qixJeQ+M+ShYrbYY9eYymkd0T0D3XTKBZfgICxRcAXNIGQ+YbO4HgZk3VDBipBIpDNTjRS QthikLEssl6fU7d/nnzy/f5enzwPQ+gP0wZGKJUFn5f3mLTx5ID5UhL3UnvcYTk7SK6pf7x7A 9rS2Din2YFyKbc3v6j0S0q8cm8UFR/jS6eGCw6hQYcfxTMke4KAgReDtB8tYPRshQaOjPKKoW efIqgbekIphpa1wOP2kEbhFDYbRuYaCIWT2W1Q2dROYH07XAwOU5gz4VnLfEwn2WUQ6DtJKqx j86Dv9y4SN8uDuxfPRZlhFrC7YDaSo8iI/QBme1tirQg2FUbGG2IMbAqEH97XYl4EE8/eUDh+ J9S96lb1dOgcq1TjjfCooRwpuwDbSUN37ahqWCHU1Elg4wkFjQN3SGzkwMuySRobNQg6xr5Xy 2ZAeCJEYfZAa+NNGvNO+PGbkJq8GJpPhkmcfIuA9sCUmpAG/r9mEV7ZCdXNyqxKUAUB12+XEx UoI/ifXTGfR9BTezAYu7Ik+DkwTmI9F/oH/6Axc9DW0UVgXgLfTp1T+RM4+tt9lT+GKxcmo0x HeT20OrGaDtXlYbWKDY72/6k9jxKakS3f53aJciHv9nBWi4WzWjO5TM66ymbm93P55hKJE3hJ 5qxmfq9klvYV7vY4zV5BvoGiz89ZrCm7gy77Xd3oQ0ZjWqSb3FDm0C/ML3LuE3lJ/MJX4hGkb pTGMCbQsdRxhz7JJ7iE0gK3J/qG39rAJJpSdAbF1knFfKHkdmGrF9mZ/qaqKoK592t19HwQO/ +Zrqki9KS3yCsYUnU9ShqrpIkl3ndF3/6NR8hoSNahuLg4fWKx4Ct0y//3IyiVQaZk3Q9KlUS 3V37XOxIdSxMdixwqU8aS+feW4RC6kZm3Slw+t6w1oX5XbnjFp8HwgZzxjWeuOiLlz7MsD6a3 /UQHvl5an3XNZ/M+pY9slpu3Zs/sETeuXj621WA8MWKPzLyesNXLn7vEtPi6vk2hy9Mfhaiup MDfQ21frTGemgzv8PfaV352NWBfax8/vaflxXpiXe21+V++mw0Gho2dJlISeWsG4ZP4fwGrjr nzFgQAAA==
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-27.tower-384.messagelabs.com!1535706855!3452982!1
X-Originating-IP: [207.46.163.17]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 30827 invoked from network); 31 Aug 2018 09:14:15 -0000
Received: from mail-dm3nam03lp0017.outbound.protection.outlook.com (HELO NAM03-DM3-obe.outbound.protection.outlook.com) (207.46.163.17) by server-27.tower-384.messagelabs.com with AES256-SHA256 encrypted SMTP; 31 Aug 2018 09:14:15 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mBR55EuOA7qIP5hIWDiSr+BbsedmzP0vK2lIAMGPbpg=; b=M5FG8CpqL1d/Oul2T0Ny1AXO3zxvIX0Im7xX2usQnRtyhtOHw+6ek8ixlenmX2kg8jVj55dvdrL+/3GcW7wLqYFp67qmGNSi0tV/LPfpd5Br/j1vZtmj6Rry/yyWToukgqvX5pox0teuQ5eqcaaqRgZfN1zArXC8TbNp7CNnqlo=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1124.namprd14.prod.outlook.com (10.173.161.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.17; Fri, 31 Aug 2018 09:14:14 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::b48d:a35d:7a5e:abf9]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::b48d:a35d:7a5e:abf9%11]) with mapi id 15.20.1101.016; Fri, 31 Aug 2018 09:14:13 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>, SPASM <spasm@ietf.org>
Thread-Topic: Call for adoption of draft-housley-hash-of-root-key-cert-extn
Thread-Index: AdQbjCs/bb7j0+7hQhSyHSg1NP059Qlfp6Gw
Date: Fri, 31 Aug 2018 09:14:13 +0000
Message-ID: <BN6PR14MB11064D24DEF23E75E9740EE0830F0@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <BN6PR14MB11060B85F15AE1454EE5FFAC835F0@BN6PR14MB1106.namprd14.prod.outlook.com>
In-Reply-To: <BN6PR14MB11060B85F15AE1454EE5FFAC835F0@BN6PR14MB1106.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [185.81.136.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1124; 6:PAzzSsoOd9Iz1N0Nw5uifypw3qHw+GsX734+3WChGsOu1Q6adYsNRM+O6QkH/PsYgY9qoNA/GKPuZ1Bue3yg43DPGAnIK7S4ar539hcvWzJVLeu89fMg/fjU7qKnUBzorPP6p//ginH42ZkWAIMshqMFxwBYe/A7/qNGzeEUKfgvagKn6C9sVfVk05V5+wAwYgJhlcydSiWGU0CXlVdA+VDOV2FgwPToq49WLHHzTg1CVkjv9S64omTEL4uygwVusAqvv5KdGPI3h6s181ghUATgkwnXcsoDoW4FiTKJdesTPicJZ7qm9xeW1hDU8DfpFJh2nqkzxd5P/RN4FIqHxEmV03C/2HIgzgCtb04VUOrrkheaoTBva4ESYLtb/OdVZg0Dfh9c23rGdfwb3qHG1EtfVIG7yyPx0l1jUSqpjVWW67eSUSzNr5vRKGUfeBVHEJESVzupq/W9kZZw53uTYA==; 5:KUs/x4X30L+t6WZKskcTEFbUqMmUBX2Ke+SXX4IA/51c7K66JOZ6+b/kptfKEsKGcvyby4ePxpwbx2zjLTR2oIBxWA4yqI3wf8MKXrnVLIv7Aq4jXQwibcTdt29+wa+Q7yTVw6d72Ekf1gGmMd9yv3CKPZ67nnAunJ+0qEXzPEQ=; 7:KvXbkLfGqG2zuBJzMKB1GpgOYqvxVql+1Gl2psw45moJdrcIHz1N8qvNwCndy3Xj0WT8r87rLKYQXOXsY4rEStUIV7cqXoxdC0WpU6SoahCwpH0HkkIlLGfjf9j5nrB18aLh6Y5thG1RvAywShvhUUTZdsjpTwzzJ2NauFTXYwMe0DfWXMIF+yL8EiiYdMt/hIZ70AOmJV/WYuqUGMKrtg2IG3uGgWPQjJpSlQK0xVa+cgXekXdBJAhbv1C2l+NP
x-ms-exchange-antispam-srfa-diagnostics: SOS;SOR;
x-forefront-antispam-report: SFV:SKI; SCL:-1; SFV:NSPM; SFS:(10019020)(136003)(346002)(39860400002)(376002)(396003)(366004)(189003)(199004)(476003)(3846002)(86362001)(486006)(44832011)(6246003)(33656002)(105586002)(99936001)(26005)(256004)(66066001)(8936002)(102836004)(790700001)(6116002)(446003)(11346002)(5250100002)(25786009)(68736007)(6506007)(53546011)(9686003)(54896002)(99286004)(6306002)(55016002)(53936002)(76176011)(7696005)(81166006)(7736002)(229853002)(6436002)(14454004)(2906002)(81156014)(2900100001)(74316002)(106356001)(316002)(5660300001)(97736004)(110136005)(8676002)(478600001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1124; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-office365-filtering-correlation-id: 1f8aa27a-98ac-4b52-52f0-08d60f221ec5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1124;
x-ms-traffictypediagnostic: BN6PR14MB1124:
x-microsoft-antispam-prvs: <BN6PR14MB11248044C58BB56A8E5989FD830F0@BN6PR14MB1124.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(100405760836317)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(149027)(150027)(6041310)(20161123558120)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699016); SRVR:BN6PR14MB1124; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1124;
x-forefront-prvs: 07817FCC2D
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: +Wnesw1sd3LOt0xLpp830NJfoJoKMx2imTsetx1WpoG28EwDG2ckOEL6Y38QxeJrFUO2bjUBFtN32UqcP/WHg97WnS5Gxn4gvoA/INQziLUZBcWN74gzG2drp7oit1Z/DVwyo+gsyjxkqnmhZNINGe2q3Debffgw34JaxxxzRaSwiyGx/MisUycVQi+hJpFOnH0M5Zc4rcWJAQ03AWJYFdNhz3Zf3Isr7xF9bo3TbRxfOX5hgksfm7l9tAGfq+GzQFrNSMNgWSiJrsiBKSHQuE7AtrtSjV5IXSZOMirigJ+uLJQyCNcTR0ASQuwy8lf9kbt1wzSU2ANX9+6jAUMbUvzboElq1bUi1pEmhDJiw8M=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_04E5_01D4411B.BA175240"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1f8aa27a-98ac-4b52-52f0-08d60f221ec5
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2018 09:14:13.7145 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1124
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/qQNt5okyRkRYKJ6TuEbDyDo0wwQ>
Subject: Re: [lamps] Call for adoption of draft-housley-hash-of-root-key-cert-extn
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 09:14:20 -0000

Apologies for the fact that the summer holidays caused this discussion to
last longer than was intended; the consensus on the list appears to support
adoption of this draft as the starting point for this work.

 

-Tim

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Tim Hollebeek
Sent: Saturday, July 14, 2018 6:04 PM
To: SPASM <spasm@ietf.org>
Subject: [lamps] Call for adoption of
draft-housley-hash-of-root-key-cert-extn

 

The recently approved LAMPS WG Charter adds this work item:

 

6. Specifies a certificate extension that is carried in a self-signed
certificate for a trust anchor, which is often called a Root Certification
Authority (CA) certificate, to identify the next public key that will be
used by the trust anchor.

 

It has been suggested that the WG adopt
draft-housley-hash-of-root-key-cert-extn as the starting point for this
work.  Since Russ Housley is the author of this draft, Tim Hollebeek will
judge consensus for this discussion.  Please voice your support or concerns
on the list.