Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02

Seo Suchan <tjtncks@gmail.com> Mon, 30 January 2023 18:46 UTC

Return-Path: <tjtncks@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FDF0C17D66B for <spasm@ietfa.amsl.com>; Mon, 30 Jan 2023 10:46:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.596
X-Spam-Level:
X-Spam-Status: No, score=-0.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XRkiluUAQgz6 for <spasm@ietfa.amsl.com>; Mon, 30 Jan 2023 10:46:39 -0800 (PST)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2AEEC16B5B0 for <spasm@ietf.org>; Mon, 30 Jan 2023 10:46:39 -0800 (PST)
Received: by mail-pj1-x1033.google.com with SMTP id cl23-20020a17090af69700b0022c745bfdc3so5424442pjb.3 for <spasm@ietf.org>; Mon, 30 Jan 2023 10:46:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=2nrbzczleBVA6Hd0MxntLgu6Eplsbkh4wZYUm7ar8c4=; b=FVjJyTAjCa15aWYlHEYqtA7L2QrvIh6MtP2izSBYsjlpwiAEdXMwUb9yEviegXpFs+ B/7EfTnWc5pTmf6nOUEV8Z2n/1FbNbdYGodijWGrB9wX4910tk3JKE8BaqxFehBOn2wE XARBOJ4mfIUHWM/qSSNyu7XH0MzF21uxyRf9hvETKWJEsP0fXfVBEOtwcehscIxxfEaw apeY8IcMP1MGoy/E8XnqqMCcPExHZbP3vXsxn6dsbp/T4diNx9lWaAdculfxNn/Nky2Y TqNU2pH930OFpHZ6NB4XxDW4joh01IV/98zdSObqVrzh/tmIUu1bEWlMhleYMiJR9QSp pziQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2nrbzczleBVA6Hd0MxntLgu6Eplsbkh4wZYUm7ar8c4=; b=ANTt8U55V3cVNT90IPCXuMTwREwq7PT745M8M5ALTNYThGzw5aqz564/sGmT2Uj1xT tS5CFvBAe2q4ZXHQ9sLjnKs3l79NUevzhUFW/MMKAAj0uWs8eDlzrHlzDLue4dR0bhCT 1yrphfsURfEV+zrjpwjO+zIhOKHRJGsIPWqG6S2/2KRLxZZ049YiI2hGKgnH0ETOzQm6 pDbUavm7XvUCfj4jBGOyA5TAZhCl6f/mWvVH/l8s1DSe6+vnysyQRNmGfeZC6/PewxOd Eq16vp1mtAT0rkbYaAnTjTNEjgIKfVwZOJdGEdRHCIGKcWtnq1XRjPNR/2ZNci3SkAC4 HKqg==
X-Gm-Message-State: AO0yUKVY0l7/YXJdM2i1hpDQxroPqfiUg1KWWX+fHPmuvgDDuiRydYHM IpNMkQ4Bh/MLZGBgeGchU3GAjJot/TMrnw==
X-Google-Smtp-Source: AK7set+1TJv8LygcrK8iwsuKOviuAFpH8LHyypzGN6RTm9X/5aQmQZRCdOGDHWMlFV1DqDtZ+DtmLg==
X-Received: by 2002:a17:902:9a85:b0:196:1d60:b1b1 with SMTP id w5-20020a1709029a8500b001961d60b1b1mr19939276plp.31.1675104398996; Mon, 30 Jan 2023 10:46:38 -0800 (PST)
Received: from [192.168.1.172] ([118.32.103.160]) by smtp.gmail.com with ESMTPSA id p14-20020a170902e74e00b0019309be03e7sm7818664plf.66.2023.01.30.10.46.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Jan 2023 10:46:38 -0800 (PST)
Message-ID: <85c60b8b-72e2-5342-7ccb-d69b84d5444f@gmail.com>
Date: Tue, 31 Jan 2023 03:46:37 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-US
To: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com>
From: Seo Suchan <tjtncks@gmail.com>
In-Reply-To: <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/SsN2bkmGk7ddN63hJsw_rwl-HQg>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2023 18:46:43 -0000

Not sure how it can used safely with backward compatible : If I want 
this to be backward compatible this would be extension on classical cert 
that points PQ certificate: but if one is in position to break the 
protocol why would one can trust this extension will point anything 
reasonable? for example attacker can point another RSA certificate they 
forged, or just strip this extension.

2023-01-06 오전 8:01에 Russ Housley 이(가) 쓴 글:
> Do the changes that were made in -02 of the Internet-Draft resolve the concerns that were previously raised?
>
> On behalf of the LAMPS WG Chairs,
> Russ
>
>
>> On Sep 15, 2022, at 11:44 AM, Russ Housley <housley@vigilsec.com> wrote:
>>
>> There has been some discussion of https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/.  During the discussion at IETF 114, we agree to have a call for adoption of this document.
>>
>> Should the LAMPS WG adopt “Related Certificates for Use in Multiple Authentications within a Protocol” indraft-becker-guthrie-cert-binding-for-multi-auth-01?
>>
>> Please reply to this message by Friday, 30 September 2022 to voice your support or opposition to adoption.
>>
>> On behalf of the LAMPS WG Chairs,
>> Russ
>>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm