IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-dkg-lamps-samples

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 19 April 2021 20:23 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E4C53A428F for <spasm@ietfa.amsl.com>; Mon, 19 Apr 2021 13:23:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=ojXFDxot; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=Cuq7dZOl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JX6MffG6_O0A for <spasm@ietfa.amsl.com>; Mon, 19 Apr 2021 13:23:34 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 868CE3A428B for <spasm@ietf.org>; Mon, 19 Apr 2021 13:23:34 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1618863812; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=5iU/fyMwrD3MjfzgWW+EMDcgR7nZC5vHi4rDssawfFI=; b=ojXFDxotdAtFTLSEQmNr1u/GcS7lCsAvrkuha5jtgvL3DIatqq6moDxig5XCEjv7DqNCi QjFUXNypSaOKEH1DQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1618863812; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=5iU/fyMwrD3MjfzgWW+EMDcgR7nZC5vHi4rDssawfFI=; b=Cuq7dZOl7YBDTMG8Tl0pJ7mE2pGfdl6GxhOHOkZ9vBbQsUuGIW9xfjUFb2fRXIc4cbg7g S4GUhn1GuXwaFtdBmNOfeM2Xn0jrYierbXO6xGfFlWJpl3vB8xDDQgrqmGKKGZIinWcDVqi 4CKngNGLmUpmTa3s6wVmjNNxsetcjFYDm6QGvv/ruLMqbMsv0U814vK8kKnDdgFQAGwa/EZ lN8AgEGzmu0P9DRhAHlIvs4o1U1as5qJ9cmUW+vIUKKUfF3FkF7bzosqEfa0/jgypSHbaI2 CVU+PlQ63/WKw+jOlO4/ZvCmk5SMNqH5SOZheymMMLLozAklIRx2ubiUsjMA==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 93898F9A6; Mon, 19 Apr 2021 16:23:32 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7BF952050F; Mon, 19 Apr 2021 15:58:13 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Russ Housley <housley@vigilsec.com>, LAMPS WG <spasm@ietf.org>
In-Reply-To: <F1531D47-B2AC-43BC-8EE2-897F2D9A0974@vigilsec.com>
References: <F1531D47-B2AC-43BC-8EE2-897F2D9A0974@vigilsec.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Mon, 19 Apr 2021 15:58:12 -0400
Message-ID: <87lf9e59nv.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/NjFa_HJfreCGduMI4prQHh3xQco>
Subject: Re: [lamps] Call for adoption for draft-dkg-lamps-samples
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2021 20:23:40 -0000

On Wed 2021-04-14 17:29:11 -0400, Russ Housley wrote:
> Based on the advice from Roman during IETF 110, I do not think that a recharter is needed to adopt a document that contains a big pile of samples to help implementers.  The existing document is in support of work that is in the current charter, and it can be expanded if the IESG approves the re-charter text that has already been sent to them.
>
> Should the LAMPS WG adopt draft-dkg-lamps-samples as the starting point for this work?

I support adoption of these sample certificates by the WG.  I'm fine
continuing as editor if folks want it, with WG having formal change
control.  I welcome anyone else who wants to join me as editor, and I
also would not object if the WG were to select entirely different
editors.  I will contine to review and propose text and sample
certificates in any case.

I note that the document is framed specifically as positive examples --
things that we expect implementers to legitimately see in the wild, as
well as corresponding secret key material.  I expect these to be useful
in the creation of test vectors (as they already are for
draft-ietf-lamps-header-protection).

The document does *not* contain negative examples -- things that should
be broken, malformed, or potentially malicious.  I recommend that if the
WG adopts this draft, it keeps to this narrowly defined scope of
postitive examples only for the sake of simplicity and being able to
have a finite document production process.  Negative examples certainly
have an important place in engineering, but the scale and scope of all
conceivable negative examples in a problem space as complex as X.509 and
S/MIME is so unbounded that the document would be outrageously large.

(if someone was to curate a bestiary of broken X.509 certificates, that
would be great, but i don't think that should be this document)

       --dkg

v2.23.0 | Report a Bug | By Email