IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

"Salz, Rich" <rsalz@akamai.com> Fri, 30 July 2021 14:37 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4FFD3A2C30 for <spasm@ietfa.amsl.com>; Fri, 30 Jul 2021 07:37:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSPB0TEqgIlX for <spasm@ietfa.amsl.com>; Fri, 30 Jul 2021 07:37:39 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FDEA3A2C31 for <spasm@ietf.org>; Fri, 30 Jul 2021 07:37:38 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.43/8.16.0.43) with SMTP id 16UEa2Rl016282; Fri, 30 Jul 2021 15:37:37 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=tdXZjR6GkOIEMZEdlAkZeJ7pJoUDuR2RAi8b6p6GkV4=; b=UxAMdOcoHjE8xna7ATHSjB46nxPCuzJ7CQbJCUjILmDKhKjBGwnRZyoJxinkpvh8N30d 7WfaU0eLO0Ec+DmaMuKO2vCtRTxZUz5UnUe5lZ0uLt/EYurfmP+L/jn7HPvdLB6tWxOp aI/SbVu8tkMxQSoynVTrIPDX7a8wPtNdvxrUZdl+0x47VIafEbiOZKhoer38T2AQ9fPy p65kPfBlQ/V/suDGfW6BcTxxajmAJDjXf8zpKdmHVK872HbUCggWOWk0EnCPHlgL3yCV Dx6vvzUfa7Q551fU15yke/UotjOODVzfCiDxEaNuNtjO/pQHbVoPQFLggTB9ci4aIok7 2g==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 3a46sewy3a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Jul 2021 15:37:36 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 16UEXixr003606; Fri, 30 Jul 2021 10:37:35 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.118]) by prod-mail-ppoint4.akamai.com with ESMTP id 3a36vkmx97-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 30 Jul 2021 10:37:35 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.165.120) with Microsoft SMTP Server (TLS) id 15.0.1497.23; Fri, 30 Jul 2021 09:37:34 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.023; Fri, 30 Jul 2021 09:37:34 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Russ Housley <housley@vigilsec.com>, LAMPS WG <spasm@ietf.org>
Thread-Topic: [lamps] Call for adoption for draft-ito-documentsigning-eku
Thread-Index: AQHXgmt3G2TaIETlvU65cfqCSYBmpKtZOdeAgAJy8oA=
Date: Fri, 30 Jul 2021 14:37:33 +0000
Message-ID: <E1B3DCF1-DE9C-4FD9-AD2C-F86D5B0C374A@akamai.com>
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <19561F5C-1EED-4D7E-81EB-210A2B47556C@vigilsec.com>
In-Reply-To: <19561F5C-1EED-4D7E-81EB-210A2B47556C@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.51.21071101
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F710941C01CDAF49B5E570DB05F34373@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_08:2021-07-30, 2021-07-30 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 malwarescore=0 suspectscore=0 phishscore=0 mlxlogscore=999 bulkscore=0 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2107300095
X-Proofpoint-GUID: G2vlpeBmmakHqxuCXw2G4zKuc5EA3I2w
X-Proofpoint-ORIG-GUID: G2vlpeBmmakHqxuCXw2G4zKuc5EA3I2w
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_05:2021-07-30, 2021-07-30 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 bulkscore=0 malwarescore=0 mlxscore=0 mlxlogscore=974 lowpriorityscore=0 phishscore=0 impostorscore=0 clxscore=1011 suspectscore=0 adultscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2107300093
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.32) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint4
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Sv4goejsYU686E8ye_nC-kgtSjo>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 14:37:44 -0000

This is tougher than I thought. Ryan has more in-the-trenches experience with these things than most, and perhaps more than most of us combined. On the other hand, defining an EKU is pretty small potatoes, and there's likely not to be much cost to the s/w stacks because they already have to make the cert, ku, eku available to the application anyway. On the third hand, the idea of CABforum starting to address email worries me -- will membership open up to allow email app providers? I guess that's really not our concern.

So I support changing the charter and adopting this.

v2.23.0 | Report a Bug | By Email