[Spasm] Raw minutes from LAMPS meeting
Yoav Nir <ynir.ietf@gmail.com> Fri, 22 July 2016 11:03 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A72F12DC6D for <spasm@ietfa.amsl.com>; Fri, 22 Jul 2016 04:03:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-Q9YOihWQte for <spasm@ietfa.amsl.com>; Fri, 22 Jul 2016 04:03:32 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A62312B030 for <spasm@ietf.org>; Fri, 22 Jul 2016 04:03:31 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id f65so53016194wmi.0 for <spasm@ietf.org>; Fri, 22 Jul 2016 04:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:date:message-id:cc:to:mime-version; bh=yyfY1sOlWTYewhaMBURYfxZs+05UdxR4VclNCIGSyZU=; b=xph2XqtPlhNhfoSmHk8YrojHixcb4lbPYMcJltMrGBypJbNe3FUsJY7mAzmJXJGrPv /IZMkjQDprV878eL1DdX+FhtJPNiPLNlitQopIb+WLugHGxbKSHl2UJ16KWk+X4gmMoo hmPfkr6et7EwH7vNa+gSN0VWinUNn6NYWS3iiIzWJ2McNKRRfMWrWZPuU5fedWAuxamx H3uOR8Cvqc7+/+noKKzDzRATFuKQwDIovLDyOBlohgH1eSp1pf7hGeGVDos/CNMAt3RT 9ewq8rONEAv0h3afqGycdx2npZ/E59VTmRwWOd4SoXN/Rlr+EIZTBCsZm6ZDcYbWd/Z6 bIqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:date:message-id:cc:to:mime-version; bh=yyfY1sOlWTYewhaMBURYfxZs+05UdxR4VclNCIGSyZU=; b=caTWNqhJmZlrtEsZ6/nFxcBuwKBXKuxWfOFFteCD86XTTXJ6Rq5+GaA/LYwfaNUvSY N9sALl/tmR1rC6obWYIbAZDfzbyAB/mV8+E6KOA6U5xOYWzKqzJyy+9MSuM5dH87PJMY jSDj3dIT63BmyAzitZcaD4BjffHCI/o3xH3zbzoj/mWFF9Ule0VkuOg2371HIY6AdnKV a4TgF6n/s/MF1t3PpTGXXK69m11kP9ftWoKgLctv5RaL2YEXraVR1XxGJw7AkiM6YFKY ZmhXIEboSTBXduw1G0qTwq7kGWGBgvIXuICgOQzlkRIuku+VB3BiRE3jcw/S9t5waQOH S5+A==
X-Gm-Message-State: AEkoouvbFZiBL1en+HPDCr1G4yCb3GQe2QnFM6eaRJf03ocSxAt8rHQYSJUZ05NZCO7DzA==
X-Received: by 10.194.113.9 with SMTP id iu9mr389866wjb.118.1469185409567; Fri, 22 Jul 2016 04:03:29 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:176:88f6:1233:79b:47a0? ([2001:67c:370:176:88f6:1233:79b:47a0]) by smtp.gmail.com with ESMTPSA id n131sm8962824wmd.3.2016.07.22.04.03.28 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 22 Jul 2016 04:03:28 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6E0E0DAE-E7CF-4E53-AF1F-8504ECA59D81"
Date: Fri, 22 Jul 2016 13:03:27 +0200
Message-Id: <5B4007EA-85A7-4273-A701-8C153BE72A33@gmail.com>
To: Russ Housley <housley@vigilsec.com>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/XHt9MMSwZSQUFT8qVp_P_MEASlE>
Cc: spasm@ietf.org
Subject: [Spasm] Raw minutes from LAMPS meeting
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2016 11:03:35 -0000
LAMPS Meeting - IETF 96 Charlottenburg I room Friday, 12:20 - 13:20 Agenda: LAMPS WG Agenda 0) Minute Taker, Jabber Scribe, Bluesheets Began 12:21. Rsalz is the jabber scribe. Yoav taking minutes. Seen the Note Well; blue sheets going around. 1) Agenda Bash (12:24) - looking at the agenda. No bash 2) Status and open issues for draft-schaad-rfc5751-bis (Jim) Extension to use AEAD algorithms in RFC 5751 (Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification) Added AES-GCM as MUST; pulled in errata Which version of S/Mime? 3.5 for now. Are example real? Change title or make them real examples. Erratum from Peter Gutmann. ASN.1 bytes don't parse. ASN.1 version of the module? Jim thinks we should leave things alone. Sean Leonard: we are updating the table constraints/information object classes. Therefore, the new ASN.1 module (2002+) should be updated (at some point). However I think it's okay for this S/MIMEbis document to list the 88 syntax normatively. Additional security considerations Algorithm requirements Update section 2.7 advice on algorithm selection Don't use level of encryption that is too low. Header protection? Probably not here. Look at the new email address attribute in certificates Jim will take these issues one by one to the list. Any other issues? Stephen Farrell: We should only do changes that implementations are likely to follow; not just stuff we like. Jim agrees (and has ideas that are not realistic) Sean Leonard: eai topic: I think we should update S/MIME to discuss eai stuff. ALSO, should update S/MIME to talk about how the inner MIME content (which is binary clean) has [ought to have] UTF-8 headers, consistent with EAI. Question is, should there be smimeCapability OID for eai (UTF-8 headers)? think about it... Jim: 822 headers need UTF-8 headers Alexey: yes, but message-global not rfc822, but you can still construct Russ: so you're saying that by changing message-rfc822 to message-global we'll get it for free Alexey: Uhhm, maybe 3) Status and open issues for draft-melnikov-spasm-eai-addresses (Alexey and Wei) https://tools.ietf.org/html/draft-melnikov-spasm-eai-addresses <https://tools.ietf.org/html/draft-melnikov-spasm-eai-addresses> (12:37) Wei presenting OtherName vs GeneralName smtputf8Name name constraint intentionally excludes similar types Updates will take time: OpenSSL in a year. Have not talked yet with CAs. Tero: security issues with having too many forms? Russ: all forms bound to key. Tero: our identifier is email address (IPsec for example). The form is not specified. Russ: that goes in the certs document that needs updating Jim: Need to talk to people creating certificates Sean Leonard: just an observation. It is strange that X.509 (ITU-T committee) provides *two* extension points for extending GeneralName. Historically, otherName (with an open type / table constraint based on OID) is the older one, therefore more likely to be widely deployed. otherName is also more compatible with ASN.1-88 syntax, compared to "ellipsis". 4) Open issues for draft-ietf-curdle-pkix (Simon or Jim) https://tools.ietf.org/html/draft-ietf-curdle-pkix <https://tools.ietf.org/html/draft-ietf-curdle-pkix> (12:47) Jim presenting David Benjamin's proposal: 3 OIDs per curve: ECDH (25519 & 448); EdDSA (no PH); EdDSAph Sean Turner: As an author of RFC5480, I'm a-okay with DavidBen's proposal. I never really liked the SECG stuff that got adopted in PKIX/SMIME ... Sean Leonard: so you're saying OneAsymmetricKey.privateKey (OCTET STRING) contains ECPrivateKey ...that's the proposal, right? Jim: No! Sean Turner: So..... that came from OpenSSL I was just reflecting what appeared to be reality *** A hum to recommend David Benjamin's proposal was unanimously yes. 5) WG document adoption Do we want to adopt Jim's draft on the message spec: draft-schaad-rfc5751-bis *** Unanimously yes (also on Jabber) Do we want to adopy Wei's draft on internationalized email addresses: draft-melnikov-spasm-eai-addresses *** Unanimously yes 6) Wrap Up (13:02) wrapped up