IETF Logo Mail Archive

Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02

Tadahiko Ito <tadahiko.ito.public@gmail.com> Tue, 17 January 2023 08:37 UTC

Return-Path: <tadahiko.ito.public@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0F35C14CF17 for <spasm@ietfa.amsl.com>; Tue, 17 Jan 2023 00:37:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.073
X-Spam-Level:
X-Spam-Status: No, score=-1.073 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BrY5-7sXp39e for <spasm@ietfa.amsl.com>; Tue, 17 Jan 2023 00:37:37 -0800 (PST)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C2FCC14F736 for <spasm@ietf.org>; Tue, 17 Jan 2023 00:37:37 -0800 (PST)
Received: by mail-yb1-xb2b.google.com with SMTP id a9so16426640ybb.3 for <spasm@ietf.org>; Tue, 17 Jan 2023 00:37:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=q7PPmwk3Rkq2KhxT4MNW+t4cguiQUYFR45SxpBqgcc4=; b=dJiEQmvElWNt5RsbFqqhXK0C5NFNfz/sbyVQaEq5t24lwTHqPc7IJpPNc3ihP8K8WD D1xsiSSU0+xy0ffxvMk7QyfjS0Hn9YoIhY4pClZHCZy03vvUmWbY07ENtp9ik6DN4xTb CH8UXPYnIY/tOvY12g8R28w0ZPt0BhwqgnY7FfcDUFHZ8t6njtwHe/sgqG2Eh3PvSDtu qFiN0Gj1ks6WkMOLtpA2tFvpGJO+BypV9hC5Hw0elHTQOGFpdIUebPihsZXinBaaWVGI dnXc1Idj6C8G8wP4z1slJ+C8+RtSvK6ZwW1S0do57bYgG/3MtgDpwWL9My7K8YTTjnv7 XbXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=q7PPmwk3Rkq2KhxT4MNW+t4cguiQUYFR45SxpBqgcc4=; b=WF2V2wS6tzf1aQrYJvT6TIYgHNCRIxmDewRwjIoDiBhgi50GtEOcOFFJbEMqbAB441 9f2G5LiRsRH4hPZnD0d5UdbDflYYStedY4uZ3MNMRsHeej5sg2PgKLSAoEotA94sjCHw MzM4U91CJTNw0TfL44FY83N7E8OPzSoXqjgrNpYgMVWbPcYeUf2CnaaRNYUmY2mIJTVj xksoiivf63MX2Pvge6pCOPE2EqHJ3YfrKgs7sgvAgYJFAobGH1BH2QkrsJBjw6J9AxYL VVKGzhEr/4cnw9DqGrjJa+XAY2XRBhadFgVc1Cwcms3Rj61NrshcYmcS+PJa/g+Ixa3b JBjA==
X-Gm-Message-State: AFqh2kp6jLb++abC4yCLfckbyWCJrSPzWCEH4IXoHh6WfdCke9xRTreU T8vU9nJaKW23Xh63myxf+oAFoKK3EtFq8zEJC/UcgKTT3uM=
X-Google-Smtp-Source: AMrXdXsqh+ZjlS5zQLsj0/naQMoETA5bHyAT2RNBL2P/+fqOQOGPObF05qqOi7h0eyTUrnm0wA82NYOo6NzGRpCa/fc=
X-Received: by 2002:a25:3f05:0:b0:7d0:ceeb:28e7 with SMTP id m5-20020a253f05000000b007d0ceeb28e7mr337680yba.487.1673944655931; Tue, 17 Jan 2023 00:37:35 -0800 (PST)
MIME-Version: 1.0
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com>
In-Reply-To: <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com>
From: Tadahiko Ito <tadahiko.ito.public@gmail.com>
Date: Tue, 17 Jan 2023 17:37:24 +0900
Message-ID: <CAFTXyYAMUbTjdRchwtA9_zHgg2GuPABM4=5Vip3AVTgMYB4-hQ@mail.gmail.com>
Cc: LAMPS <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000097322d05f2719ca5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/VBeKpv85TG2Vi87wf6LRH87pvqo>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2023 08:37:41 -0000

I support adoption.

I may have misunderstood,

but this protocol allow a PQ Cert to be Bonded to an already issued
classical Cert.

Even if PQ Cert happen to be weak sometime after issuance, we can continue
to use classical cert,

during revocation of that PQ cert, and issuance of another PQ cert (unlike
composite cert), and reduce operational spike.

I believe that kind of operation would help operator for large scale system.



Regards Tadahiko Ito

2023年1月6日(金) 8:01 Russ Housley <housley@vigilsec.com>:

> Do the changes that were made in -02 of the Internet-Draft resolve the
> concerns that were previously raised?
>
> On behalf of the LAMPS WG Chairs,
> Russ
>
>
> > On Sep 15, 2022, at 11:44 AM, Russ Housley <housley@vigilsec.com> wrote:
> >
> > There has been some discussion of
> https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/.
> During the discussion at IETF 114, we agree to have a call for adoption of
> this document.
> >
> > Should the LAMPS WG adopt “Related Certificates for Use in Multiple
> Authentications within a Protocol”
> indraft-becker-guthrie-cert-binding-for-multi-auth-01?
> >
> > Please reply to this message by Friday, 30 September 2022 to voice your
> support or opposition to adoption.
> >
> > On behalf of the LAMPS WG Chairs,
> > Russ
> >
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>

v2.35.0 | Report a Bug | By Email | System Status