Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
Deb Cooley <debcooley1@gmail.com> Wed, 28 July 2021 18:53 UTC
Return-Path: <debcooley1@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7D313A1BD6 for <spasm@ietfa.amsl.com>; Wed, 28 Jul 2021 11:53:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.846
X-Spam-Level:
X-Spam-Status: No, score=-1.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PaE6YG_fPaPc for <spasm@ietfa.amsl.com>; Wed, 28 Jul 2021 11:53:11 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B653A1BD0 for <spasm@ietf.org>; Wed, 28 Jul 2021 11:53:11 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id 68-20020a9d0f4a0000b02904b1f1d7c5f4so3122882ott.9 for <spasm@ietf.org>; Wed, 28 Jul 2021 11:53:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nmda1kp13jlXSHI094ZiU1hb9XuwtNyeisIPtENo4cc=; b=VmzzyCzmg1bQY3+/3V0u7QVXSYcGAM3+Ljp0LPnTN/pCl/Zb1KqoeQLAgeDxG2VkWB 6cJAPZV/6sSp6wyOA9Jw5t02H10uMtynwC4UFawE2fUZ/7zXY4r3lQzXieEZunFAdWww rFzus3lzhCpBCdtEm1VkWrTVdqYOcOG8kBpy2tdrDkr2oNZa21G3+BSY9bE/sdZ5iHQw lTbhHt3sccLGlcu4yhCAYqqNAuTuQ9VXnaCAJXoeO6rVmurq6caxhO/9JuJHgqNIS5eA E1XzowYwuyNJRd6bhk0PelJwGsuZxYXw/J/b/hfxBbk9Eu0slH7cjKoQnpC9WnHBhZnh 6LZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nmda1kp13jlXSHI094ZiU1hb9XuwtNyeisIPtENo4cc=; b=O25OoQyYVLkIs7QYSupCHWf+htBYshHCh/PoI+5v4r+7niyOtlKcYRJNzBlS8StYQV Q38KOVxmKB+UEDEP6nlRVKt1Cb92YYlr2ItlzWBmVd5W9beuyTZz3pgKv26XNRPQxasH brU3QJn0bgY2r4ybc/7CrQYJZBsVdqdITu61bwUdXlPrK7ONQg0hENuEdbMF0yHeG2gw ubp+rn0yJl1CzSrkaK4TZiyDWa1+t6YV0VSe2gKwuv+OURqwaCCi8S0sUzYH2+yIHa2T y3Pn/U0dFuNasAb4/9cUsFDG3qf/QsudZIlKTvJ8hsUC2xm7jOsBqVbYUA+EGssSE9hs xFZQ==
X-Gm-Message-State: AOAM5326forJV8G07LR+A0YaI6/+V0fZqiLDKSpNUr+OOM0McQHTMgk3 b7wwWmym6OQLwX0C+IyfjQCpEe7EyeuQsuYUfg==
X-Google-Smtp-Source: ABdhPJzdl3Wj1Y587k+qijdNTLZHIddH/flocNnnmfX0qHODbfgROW5xWXqpDjjfsW0ZjqbZtoeCCHdRydNp4XV4AjY=
X-Received: by 2002:a9d:7a8e:: with SMTP id l14mr1008565otn.304.1627498389675; Wed, 28 Jul 2021 11:53:09 -0700 (PDT)
MIME-Version: 1.0
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <CAErg=HF_hcXO=9=KJh5EBEov4ybS_8g4xF=cANL9+83UvP0zvQ@mail.gmail.com> <adf86f46-093f-756f-8292-9b5e088f4344@lear.ch> <CAErg=HEUFV2F8R8g8e6yCDKz_e6RebNyB5Zb2Lvgn4oc3BtE-w@mail.gmail.com> <CO6PR14MB4468A7A5EB138542CEBA5D9CEAE99@CO6PR14MB4468.namprd14.prod.outlook.com> <CAErg=HH4aDgju=8C7Neq_4H19EX8S2inNd9fMAMYH3h95S48Rg@mail.gmail.com> <CO6PR14MB44688BC4188063BCA54E80C4EAE99@CO6PR14MB4468.namprd14.prod.outlook.com> <CAErg=HGDA+16N4xhgMvuQz25DqD+_nkiFC+OuAJMkFzYYqFV0w@mail.gmail.com> <2550c1c3-1400-b380-c9ad-dad59286feee@lear.ch> <CAErg=HGnKMNNyaf-=w+DmqfXg7XYbKD2Ah-WUxf96xNN5Ecikg@mail.gmail.com> <CAErg=HFVx5JTog5_aWOrx3vAm5o=LxHfwxEqkVM8FifYCm2P+A@mail.gmail.com>
In-Reply-To: <CAErg=HFVx5JTog5_aWOrx3vAm5o=LxHfwxEqkVM8FifYCm2P+A@mail.gmail.com>
From: Deb Cooley <debcooley1@gmail.com>
Date: Wed, 28 Jul 2021 14:52:57 -0400
Message-ID: <CAGgd1OdcLujCJQOaTGvS_Hkqg1=pUP-5Mu=06kqkrgFU3fVG5g@mail.gmail.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
Cc: LAMPS WG <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000063a1ad05c8337f11"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ParE-NJ2NNzd76EZci9iB9R6c5s>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jul 2021 18:53:16 -0000
Just to push on this a little more (apologies). What do you believe is the correct path forward? Abuse of the code signing EKU is worrying. I'm with you on the 'there are a billion different issues' which interfere w/ interoperability - algorithm suites, policy oids, KUs, EKUs, and lastly the trust stores themselves. Do we pitch it all out? start over? Is there a better way? I also struggle with 'if RPs don't parse certificate policies', then why do we bother. I usually get slapped by one of the authors of 5280 (I'll let you guess which one) and one of my coworkers who understands why we have these things. KUs, EKUs fall into that same bucket, for me, at least. It is pretty much a constant struggle in my own mind - prolly more than you needed to know about me. Deb Cooley decoole@nsa.gov On Wed, Jul 28, 2021 at 12:11 PM Ryan Sleevi <ryan-ietf@sleevi.com> wrote: > > > On Wed, Jul 28, 2021 at 11:01 AM Ryan Sleevi <ryan-ietf@sleevi.com> wrote: > >> [5] >> https://mailarchive.ietf.org/arch/msg/pkix/c8aIik0B_7WOaBdGuiURrkvE_h0/ >> > > Sorry, bad paste buffer - this should have been the parent message, > https://mailarchive.ietf.org/arch/msg/pkix/tpTT2hAxqylJh56bTtY9hD1W6yk/ , > which captures this past discussion about "EKU for industry" vs "EKU for > protocol" > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >
- [lamps] Call for adoption for draft-ito-documents… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Salz, Rich
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Tomofumi Okubo
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Tomofumi Okubo
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Eliot Lear
- Re: [lamps] Call for adoption for draft-ito-docum… Santosh Chokhani
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Carl Wallace
- Re: [lamps] Call for adoption for draft-ito-docum… Salz, Rich
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
- Re: [lamps] [EXTERNAL] Call for adoption for draf… Mike Ounsworth
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Daniel Kahn Gillmor
- Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Ryan Sleevi
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Russ Housley
- Re: [lamps] [EXTERNAL] Re: Call for adoption for … Mike Ounsworth
- Re: [lamps] Call for adoption for draft-ito-docum… Michael Richardson
- [lamps] Call for adoption for draft-ito-documents… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Yoshiro YONEYA
- Re: [lamps] Call for adoption for draft-ito-docum… Corey Bonnell
- Re: [lamps] Call for adoption for draft-ito-docum… Brown, Wendy (10421)
- Re: [lamps] Call for adoption for draft-ito-docum… Stefan Santesson
- Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption for draft-ito-docum… Deb Cooley
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley
- Re: [lamps] Call for adoption for draft-ito-docum… Tadahiko Ito
- Re: [lamps] Call for adoption for draft-ito-docum… Russ Housley