IETF Logo Mail Archive

Re: [lamps] Including 3GPP NF Type in HTTPS certificates

Tomas Gustavsson <Tomas.Gustavsson@keyfactor.com> Fri, 24 June 2022 08:42 UTC

Return-Path: <Tomas.Gustavsson@keyfactor.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 705F8C15AAE8 for <spasm@ietfa.amsl.com>; Fri, 24 Jun 2022 01:42:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.81
X-Spam-Level:
X-Spam-Status: No, score=-1.81 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=keyfactorinc.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZzPVj55qmb7 for <spasm@ietfa.amsl.com>; Fri, 24 Jun 2022 01:42:04 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10113.outbound.protection.outlook.com [40.107.1.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1CEAC157B5A for <spasm@ietf.org>; Fri, 24 Jun 2022 01:42:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=matrcp/pH58rW9i+zLvqTd7VgfhyCgC7rb6bx0VEoxSmYsOyVXsvZIEA3em9LMcX5U87NVSs9f4bqlFUoQpc1kFBEuPjoA2X7VsGLtHBrhc05FouhS7JVByUeL9hqhO9IXnP3eNZoc4Zz6mhxUrtcSOWrgQCelhdTliU4if+3aO5uroaqv67KHQJydtvh525vxLvd0EJIwNWz1NjDk2xGJxC6cm8ZgAag/VfJr6xKShSYLldh8IZFcqGpZ4SN7Q4XMdUDneSKut2iuMBfZu4G+mXbuodkwevYaG+rt3v99/G3kCgl0pAwnRqM7SxQIXBbwPIT8RrS9OYYWuqDslJJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MwCW1wxybZHjEIph85ahLd8y1su2hv3sco8oAeD94SE=; b=NXHB+eLoMMfPVzd4Is7ZKA6e83FQb3Rahn99mvAuXyhk+nN9CESiEb8NwC8OTiK/wJfzZciAJ8sANJSyjal1IC6ajPEl3RkYcR56HcfohOSyO1XFisN/md1Cw6t2NyfjcVprG88gdGr+C9T1JKsGxkYEgmFNnzT9EK3dve50dn8cGvSYjlPlFi/7CtaKds5UgiSe+kAOBQGkCpQMeJSBaSv0PibxroksyXMxsTb+0UknDlo0ZmWckSxznTYNTBN5caHkiCJbfjlnNOv4P/or0ZntdR30S6O09KexcBbbzk+oQ3R3aXKprGO5iX0Y4P+uC71OS00Iq1J/CpN96KLosA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=keyfactor.com; dmarc=pass action=none header.from=keyfactor.com; dkim=pass header.d=keyfactor.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=KeyfactorInc.onmicrosoft.com; s=selector1-KeyfactorInc-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MwCW1wxybZHjEIph85ahLd8y1su2hv3sco8oAeD94SE=; b=gynb9Ew8OVIdqFGBmKxzGvWtk2YgZ5xyRVwVXywf8r+PP+AGY2JGARVDvZSL2dutcWlX0DvE4aXY3f1zFa3kxEIzK+4YXF3QlUknuTeIZGSP7ji013vyoynWKXoFH/+QdhNP6QkuEswu9YPmlCDHmBWl/ubkMUe0jqHDqbqXjy4=
Received: from DU0PR03MB8696.eurprd03.prod.outlook.com (2603:10a6:10:3ef::5) by GV2PR03MB8725.eurprd03.prod.outlook.com (2603:10a6:150:78::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.16; Fri, 24 Jun 2022 08:41:57 +0000
Received: from DU0PR03MB8696.eurprd03.prod.outlook.com ([fe80::e1e9:4eee:b625:2555]) by DU0PR03MB8696.eurprd03.prod.outlook.com ([fe80::e1e9:4eee:b625:2555%4]) with mapi id 15.20.5373.015; Fri, 24 Jun 2022 08:41:57 +0000
From: Tomas Gustavsson <Tomas.Gustavsson@keyfactor.com>
To: Daniel Migault <mglt.ietf@gmail.com>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Including 3GPP NF Type in HTTPS certificates
Thread-Index: AQHYWkD6uYle3rpdB0KY7JUJy0KxLK1diyMAgAADmwCAAJ2fgIAAa2+F
Date: Fri, 24 Jun 2022 08:41:57 +0000
Message-ID: <DU0PR03MB8696C34C94456B8EB7015D6686B49@DU0PR03MB8696.eurprd03.prod.outlook.com>
References: <HE1PR0701MB30509AD4C4E6A9130FF18B6689FA9@HE1PR0701MB3050.eurprd07.prod.outlook.com> <77B15D02-EBA9-405D-88ED-411AD7BB82E4@vigilsec.com> <6148FBA0-7A1D-432B-823F-3694B305DF7C@akamai.com> <CADZyTknaqN=CLcjVcTVuPBVdUWTGhz=f97X74VRniyFx7fqAxg@mail.gmail.com>
In-Reply-To: <CADZyTknaqN=CLcjVcTVuPBVdUWTGhz=f97X74VRniyFx7fqAxg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=keyfactor.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cad5f02c-8470-4aa2-8f96-08da55bd65d6
x-ms-traffictypediagnostic: GV2PR03MB8725:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8ex3pthUgOELJX9omHD5O0e8cHVP22TLXDnndwFiJrFLBHAHh64x9UUi7AehnPOu4FlgWXzfp0QA7AcCanM4XHy349Tk7UsqxYhfbPllt5pI0WU27AMHX3WAISC01rY3lpKjaqf/v/9SmXWiB4TQSK1Q4VU98dv2ua5BXa7Jmg9a0o+iJFXehicRGaFfWOnE+8vySYWAgnti40nP5xz7c1X85iz8MFa6Nld1hmPeFjGKWh2Bm+o4rhv3v2+ko6bZH/s59aA2GlkPFwO3iZWBi6qWqEi2CjWbCX6wpbGFsm+fW0MZuSeIlNCvHm+xFs3gL7I0XRUniesZ1w5Jmx3vmwd/9q5BKoSFVwAFSoqB8O+qDsYZHbYPE/27lox5KeD0jAMPIkDDGSw5NBd7/4OD1gQpYtLCb1XHtjv/D0CCWIC7X4+DnPLTrqOCfvYwRIzvMXCUs1TS84lu+Kd3oQdFzopJiGKeyBdGF8juOe1xx80IS6qwAIU1x/G7EvvCZuJ05SuvLLfQfVOHNsd+hBbNAz2T7KJXwnRzZZICSsbKP7h4XWDgLUi9gcsnIxO1dPFOGlo1qlT888Ed3ZUZGawmWOAYkHbN6XChMQcDcQQRzh/IIP0NtY5szxh41LcCX+/ass6HwCjdDCinVgyQ4aO0bEAKhVHAuJ5vMWBF90N7byQSIxuIII00mzGOFc7OfQ+twpGpducchPeF7YjsTv7JOCIsTdyOxKH3RhspeWBUqqi9y2Wi6NSVHxCCFtK1XE8VigIkFbJQoz32rU2XIWRpcRZaDE/1q3fcpCVR0gXGBwBgHTop4QWMF293fXitKlV1mJNSaIYVyJn9uz4ZEW6fpw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR03MB8696.eurprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(376002)(396003)(39840400004)(346002)(366004)(136003)(38100700002)(186003)(6506007)(66476007)(966005)(26005)(7696005)(9686003)(71200400001)(66946007)(53546011)(66556008)(110136005)(64756008)(38070700005)(66446008)(86362001)(122000001)(54906003)(41300700001)(55016003)(33656002)(5660300002)(478600001)(4326008)(166002)(52536014)(8936002)(91956017)(76116006)(316002)(2906002)(83380400001)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: QmLANWgtRJFgGaDXoOHzN2tyB6Tzpe7tt+FHsYrU6WgXIuSe3MivE3Kx5cqxANiOx8VLdCBm7P031Yep0Y/OHq312TQJj1BNDYh8EpepxvZH7yJFJZsVLKrZ7amo2pBl2KWYtTn1ot6MfnyLRbJsALqf2PxviXvOAzqzhilOpoJ3t2hHZ8dvUA764T+l33u1iz+mtGal6dpjGaVOgR86S2DztnwCWkyTIWBTafESEIio42NHNBtc0zvuL00COvmmXWrFXoi2Ijrhjfz4Gxifpgc9qyPeKyTqE5QLlPri93TUkmlgJSGkTvryWC/lCOCZbj+SBxGrgGK3S7jujNprTzn0BXJvG5+dzk571Y6eo/2xD/7Gmz0V43h4gx9CA+lA0xr4KeztzPJbRmtFrkStUds/1bTU9bfdmKhh9HDJqVvmEx41cU4XJc2TiArcMUjD39Ta8kFY5xEnR39qlTGsFwEUzt5O0NbB+nNyPod0Lflz6y7vvJRCRe5FJYiz5AezzJfnQuOy0gUaO4MiKB/Idli/BhR2MzT/lZUgLHe2xsw0ltDIRJS+Hl3JcUSlXyf8zKFy3HOVNuItrDsvfSw78ClFgaBNjywSi1rkoHUCEgmp2yRSgt3NT6j2vAaYTQIPb5dg5opVCjWl7BtcT7iiRy1TkPPOtqcT+RKcWiJjCLVskS0N5u/6DtjzaU+hYJRzyWeQ3DHDyIZjNjXdMLfUq/0JZ3wAURthxjHjtO4I1X+WxCp54aBFEkxJglDfFZFHkWluyj4A+Jzp7hEIAWTBa5e+9RIZGoj6LGkFf+DH5MygNeTPKEcjPi+tyn3TJdRMYNnWBRfrFopflWfnBLCUwOK8Pkqv+0dXQoOxdx8nHySxKfDePPO6WQHW5IL0v5o3vmHbmt8bfQUSLPEcKD9xLsh++7ZFF+nQ3lBJpUMMb9hkiRAwFDI+A79WPGDTmK9ow2fShja/x18jfABNL6w6gFylHHu8uFp/A6QSwvGdEWxgHQTnOhjIWjP5yn2i2ZUqQxqRQtV2kqtA9U6FW/Z7g2Kt7C2oj1S3d8u4uwegr1fxsyMUER/mXoCEuEEYOoiPIPzSPElRFI5cf424cBIvvNdUeRrbtc+YB6TXwXm9KVP9BgzFCvgUKN7Lp8NRCrBaB/7UWISUpVyLbTKdZ/5HxUpJNZyi+gOWvSO35bMUrHDQl5l2k9l90J4LAH4V5mlqto5hYL4P3Kk4q11pUVEvNkcCcNdlUm9XCs7Pbvv6GPQ4FCGUzCRJNSbXtkht5dNNP6KSmrBAAYQPjpUyWacob1byNW/P1YHBVZJ+F7FYIYOnNw1UoMdLg2qxhiqpJcAf4mUd1jM1p/CSFe8ukjtPz7sDOqrL4LylIo2gn8z6zXQLji5CbyKQubH2die5sp42/0wBsQCCSrCnwJLY4C9g6N4RFSw3xAEQ07Q18VuJHmYReU5NL2OQuGjgXlWirGgdlZGsgjf6huHrDN/h6nzTeILq2ln2BMNjkDyNWjwmb1WrD7kkVrL/vHfMJU30dmkZmQNfPSG3JU9fIWs0nMXGmemwqmM9+TVQfIpW/7p9OWjWeYtRMHjXCX0qPE+PF6TOIej+e+hwqicFsajTjN0WFq9Dq0vb3b5kbx+77jrQQOI=
Content-Type: multipart/alternative; boundary="_000_DU0PR03MB8696C34C94456B8EB7015D6686B49DU0PR03MB8696eurp_"
MIME-Version: 1.0
X-OriginatorOrg: keyfactor.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR03MB8696.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cad5f02c-8470-4aa2-8f96-08da55bd65d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jun 2022 08:41:57.1618 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c9ed4b45-9f70-418a-aa58-f04c80848ca9
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7drzf/nUPiCfggsb2Ly19s29EvHegwPTCUhChO07ki3YghUTlX78hapDx7AxyNkY3QSfCfObI8iqgqCA16xsGbo82ikDjs7caC6NhFQi4fM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR03MB8725
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/E_9lE4v6qYwhcw5CJKZ-TdckNVQ>
Subject: Re: [lamps] Including 3GPP NF Type in HTTPS certificates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2022 08:42:05 -0000

Yes, a certificate extension. Easy, non-ambiguous, I support that.

Regards,
Tomas

________________________________
From: Spasm <spasm-bounces@ietf.org> on behalf of Daniel Migault <mglt.ietf@gmail.com>
Sent: Friday, June 24, 2022 4:16:39 AM
To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Cc: Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
Subject: Re: [lamps] Including 3GPP NF Type in HTTPS certificates

CAUTION: External Sender - Be cautious when clicking links or opening attachments. Please email InfoSec@keyfactor.com with any questions.

I obviously support adoption and also have a question fo the WG.

As the nf type is used for role access base, I am wondering if the issuer of the certificate should proceed to some specific verification. If so, I am also wondering if you have any thoughts on how such verification could be automated, to later use something like ACME for example.

Yours,
Daniel

On Thu, Jun 23, 2022 at 12:52 PM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote:



  *   https://datatracker.ietf.org/doc/draft-housley-lamps-3g-nftypes/<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-housley-lamps-3g-nftypes%2F&data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7C5a5209b66a3e471e314308da55879ba2%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637916338250519726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4mU8VEZ8C9ZaWJErIidzhIKKajUzROiAoniDxj7it7Q%3D&reserved=0>



  *   It is very straightforward.



You left out short :)



I support adoption.

_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm&data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7C5a5209b66a3e471e314308da55879ba2%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637916338250519726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qxFjJc7%2F32phetee1VkbJioI9f7KCa16tfrgGAo1Iy0%3D&reserved=0>


--
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email