IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: I-D Action: draft-ietf-lamps-im-keyusage-00.txt

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 17 April 2024 15:57 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D86A8C14F602 for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 08:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.983
X-Spam-Level:
X-Spam-Status: No, score=-1.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8qv-dDOGjISf for <spasm@ietfa.amsl.com>; Wed, 17 Apr 2024 08:57:54 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16964C14F5ED for <spasm@ietf.org>; Wed, 17 Apr 2024 08:57:53 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 43HAPK5Z016829; Wed, 17 Apr 2024 10:57:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=j14FQgxOhD45aBf247L8hV60 bNiHY0CkhIbLAC69S3w=; b=OgBM9nNn1XDM92Y477QuzuZKT/EvaAiX36tiUeqw 74dJT9HjC321grtbVET5w4aKC/xZJnMRIvJ31sSiifUh7AlyRNJKAMcdjl4m8f3u RHWMWClVeunSiLJ4qDYxqw4Punl2GspwFt1kbMAtARa62Q7b2ZrVDR+Qi4AWzUc5 obZ+AXNQ/V2WZQmhVyD/oGIzkFM7kQx5HidoHPsEZaFDCLInWBxsdPWEGBlGnaEJ DtYgeuFH3IYJjrkvEL7hKYLyDUk/lYbwxxpZyLcbvTRUoMSeTQkVscTYr3v3RX9C nXQf3GpkHsUzp7v5PMd7JPM3Xv4i2/XqBGf6xr1+BbeZgw==
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2101.outbound.protection.outlook.com [104.47.55.101]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3xfn1n4ncd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Apr 2024 10:57:49 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aRcVZgILA3mkiqLZUZdVuj5CfnQUB6PJGP/K/Ee0lZU3JcmwEmyzs8Gj5G0S/LLA+5OkY4Jj7YYa2gX1jdo75hSvivFJqsWcaJpxyAIbVtubDYjulf4qTY8EZc376uvsqANkHWfnZPxp05WriI4F0GB/GLwAd1W8GzobqSiCRhFDOdG84C7dcklEW5tBHD8r2vTU2L3C49Uvsci7XfB7R9yGnydxrFDClL6Z1azQiows5JqeHFxlb81z73DJaTPrin9x7xihI0VDYfUvNznVKLFrkbLw1AaM808WLtiwIV9xbQeKIqoo64FT6II5ju++AgxE3B75j/H4jilfKuAmdg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LfoFvGtA4LJrI4LbJtgNPLjIzGh0Bj+GmfiOhGf7qvg=; b=RWlGTMU2lBFT6WfMzd030jhCii+RCMlk4ktguIG93PO0wEBsFiulpra6yo2c1uNQGfAKRia1sB1beW3cDG5HUdNiWP7+rWxjwS0BH0O9FljdZpCYIdlPEHyCG9GqJVgg31AoHEeDY4DSiVLnOJLjhDQs3nw2JiytObtM7LfkzTuBntazLKbIwLXurTWDJrNOLvWj12NLEWm9PZ33o0bgY2IwI58KAazlQET4gqaoHaLW0fKcY9K5VGNfgRjMCFcA5x4PN3pWfkZc8GY/45aeV35WtYchjcJvLEJM08RLU1a52IoxYjwiq0sXC2i4/YNzY2P/Dc8jLFSeJ46D1rdZJw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by IA0PR11MB7377.namprd11.prod.outlook.com (2603:10b6:208:433::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.26; Wed, 17 Apr 2024 15:57:43 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::11f2:792f:10c4:f173]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::11f2:792f:10c4:f173%5]) with mapi id 15.20.7472.027; Wed, 17 Apr 2024 15:57:43 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Rohan Mahy <rohan.mahy@gmail.com>
CC: Russ Housley <housley@vigilsec.com>, Rohan Mahy <rohan.ietf@gmail.com>, LAMPS <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] I-D Action: draft-ietf-lamps-im-keyusage-00.txt
Thread-Index: AQHaj2K/Z6MrXXukZkyhEzxBIY0fbrFpze+AgAAJFYCAAWpP0IABQbaAgAAY32CAAAUosQ==
Date: Wed, 17 Apr 2024 15:57:43 +0000
Message-ID: <CH0PR11MB5739690323861CECECA630AF9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <171320513468.22285.6899802433610546466@ietfa.amsl.com> <B508131E-0554-471F-94FD-4AA2A0A95346@vigilsec.com> <CAKoiRuYCSwdzwKwSXdyLCNm5Z3DzzzLZzSyDO7DGWHTSeUj-fA@mail.gmail.com> <2E8965D1-F0D8-4947-8A6B-19B822EEFA4C@vigilsec.com> <CH0PR11MB5739FF2B9A378DF7ADFF24E69F082@CH0PR11MB5739.namprd11.prod.outlook.com> <CAKoiRuY5Caq_61+99RQiaRkeKUAou=fiLj+HadajzhwhLKOdAA@mail.gmail.com> <CH0PR11MB5739A5999D59A046D056812C9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739A5999D59A046D056812C9F0F2@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|IA0PR11MB7377:EE_
x-ms-office365-filtering-correlation-id: 798a486f-bf46-4d1a-42bc-08dc5ef71e11
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +C+LTbRbojTvFLsILrHLAnsCghPohAij4lJKITAJpZL3ejxznvQv9hla0qRS8i2ncrILuhV3EVOgJ8Hq2L+IkZLN30+HKGCOwjZriBBF9lKK6f/5CnQkmAmR/BiGW2UdPRbUJwIq+WDTy+aLfI36/9SHmSk8T3n7r/wD1zULZiBKal50vVkpV9lt9xoW+MnOpV4l6Yt3spTu1PF78PQCaCXXr/3oW4MZ0Q1BTwnSMqoQgEM6rcoV5gbqWx3J/lzNzbUGkobPA+KJscixOBK1okvvNdCrRXoLGubyWZNfd6gvNit9xjzVJTPl3pINMkZ//vApx47jcSkjjaeX6YGxMdppK+jLMfKiKfb4lepl7y/MB6DnPhtHYSta4W/9uSnwidT6N49TZdqq2Dms4O73C6P9MF9NGfAI+8KUAbveDMQ5ATAsQwS+563qsjk01eTxb/WOXy3IieFOLKxabzabzfWJB+d1u1ew349vionViOLPj5ot5XgmitU1rusPMnRrySFoxy/Vm+tkQxid7T1+6CUsL0zaNfMYPalWd87n3htBy3ePkgl7zFpNx/uI1r9HW2srmq5qtrcSV/c+BCFbstVOSIN+3ThOvFZkTgjzILtPNdSFChNNTKDav+pIThIfLtEsksA/cCVgtIf1tDLHqu3wDdORT6dcKW1FrVbWeGll3JFSWfy/2tw+fdfMBnzYhcDNp7Jf3SpLt3mx00u+Shk5vTiLcAIRloAH1uyGTow=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366007)(1800799015)(376005)(38070700009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Y/deJqVsEk/vm8OT4Bc+37PZjaMIADBGKOnC1nkoDGsmuSbXoQIGUfxFza5aojKDHlH6Dy1AQ7ZLH6HqpgMsfjhN53tpm9rW3UJeGrgHEjuh7vxVqeBAHr9xCHWGefRsdYXuHCApsKMMBclD+rcxlxSuQxkqeDsPWhuO5oNHgcf0B44ak41+mJaUBqFzGVHvqqWZ2b746wqknHgqxr0oO+JxfZQYHmuvF0PZLD6W4yYWWeDQMFsyC0HUuwRXKtbo59jY2EJg8bix2JtX2LG0BVh3vGMesrNRat8Ru8la6sciU+p6Mzj1OyOfp8e7Ce4MwrVMKztwxq0mHGDI42vrQ+2yN2LBkqZhHTD1TV/Jd4FBO0qIs66MaQI+J0sfEcKOhjk7nsUXjJNWyZ23KPRxYVHwMQU+ij+Zfzdf3wz1tROWLquyqmleqR/ECJk5NUZ8YteZw+gUTYhSan3uJ32Qh0iXbkPhDAha3ByLxknnjLuNjrf+VnAadQchEZ99jZJaUhC8NHXV9FrTMaEfVsJrXeOp5wJET5b2ZehKZnl/8QliPvMsj+m+4cJ32Zsr/N96yFGTaJq4hf7ZBGEdSU9PWBvrfpQZPsM99LwQiCONZS/434CQ4TZuWM4tGFy1xO2ntuyGW0llZJ2MN6/B2516EDRMJLIxBhGcQCgGSkiGpMevgTa+T4c8RSJqK7CTWnNtCfIwWFXN4VI8YK4SfVOsY2jWMwV1DO+l/prefzKlnrefy+58MxhHwkVicYRWyzlN/tL9ndzEj19iriuiP+P3ozEdCDhnsy3ef4IRe5fYLDha/nHz87Rt02CYSSXgWcQOY0lmYBrpEnScIZmFXMXpoYQqEXC/DPNY7Ro9kJKWnwaENHBGI6RqLSaJxp26pEjBfYnEY97oaFo9W9km9YVZYVnFhyBPEYeMbx2kkDrJMFuRWCbINT2sTme6dASNEtkxxMJnHC7Nu1QQDnXYR/ToUSM/GJX9eDs1LPWNT0xUcTbyghXwKltdUVisNBLh7uyW+RHxejo3Yu7punTmzErRcx/dpdPftauCtjOLvBhMHsKnTFarvptcxg+QP8im2ptrgVP0ToY7rXuwE7qAP7z2YVlVdoF0xKQoyRb4wdJZBu7f02td3dhsOJU0ADQ2wSj8XkmgkT/LF1gwosQDNyFSqTLbK2Ma5VJ+VPYMu3Qehxy5InPm6OdIaU+x4lfiV8XffVzhkFd9eULdOVxWKBSM/qRGb5cR7QOwEZd2PHfLDd+8DixOsZTvXi3J/aU07GbaKZuYZ9Tr2Nu6C75n2wIQ2J1LCO+Xw4yZKvAftNTQ2kWczJJWki/iVNLJb7s/BTTzYyVhyHFlb9gLZYxOyQJYY3CXErR57ewfEonEwwSU3eK8eV2BB/f66sbXyXUgxu5na6d0OTOCiWu49CPDogwV9Vx4YZzzPxEicJO2MvhSXuhtfqNS5Cj0FJ7PSFK8xLneFdGsTn7BttW26mggEGGyLyT04kyunR0S0x+/0JnzSl4W04OqtVA8y7TIs2h8eoC2nIojTJsDYu7b8aDS9j2rdt8Vf85ujDBLlMyHjWkb4PHmWSzGKChkVSw3HmtiJdwqVogHohB/iRB0Rtu+gIxXzy6nVsgzyA641Q0fx4ioeE8=
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739690323861CECECA630AF9F0F2CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 798a486f-bf46-4d1a-42bc-08dc5ef71e11
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2024 15:57:43.4132 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cX1Y/6JXEp4uSSS4Gm8Vps7IyHRRWiy2fKHuBKpMiJNV4rEUDWZ5pxEwMqjmLrrVASzVifAgXQTMf5mReyI41geM/mu/gKas0tcUp7vLcbU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR11MB7377
X-Proofpoint-GUID: dBd9b3mttkz5k4Z33RWvQv51TrKL7eij
X-Proofpoint-ORIG-GUID: dBd9b3mttkz5k4Z33RWvQv51TrKL7eij
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-17_13,2024-04-16_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=999 priorityscore=1501 mlxscore=0 suspectscore=0 adultscore=0 impostorscore=0 spamscore=0 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2404010003 definitions=main-2404170111
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ac2OUkH1aTcCElzznDIhW-tBYWs>
Subject: Re: [lamps] [EXTERNAL] Re: I-D Action: draft-ietf-lamps-im-keyusage-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2024 15:57:58 -0000

(and IMO, that convincing argument should be in the Security Considerations)

- Mike Ounsworth

________________________________
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Sent: Wednesday, April 17, 2024 10:42:00 AM
To: Rohan Mahy <rohan.mahy@gmail.com>
Cc: Russ Housley <housley@vigilsec.com>; Rohan Mahy <rohan.ietf@gmail.com>; LAMPS <spasm@ietf.org>
Subject: RE: [EXTERNAL] Re: [lamps] I-D Action: draft-ietf-lamps-im-keyusage-00.txt

Hey Rohan,

> “It should be perfectly fine to use this with XMPP, MIMI, or a proprietary messaging system.”

I don’t know the IM space very well, but we hear a lot about cross-protocol attacks if you, for example, use the same key with S/MIME and PGP. Probably that applies to encryption keys more than signature keys, but regardless, I think it’s gonna need more than the words “it should be fine” to make a convincing argument that it’s ok to use a single certificate across multiple IM protocols :P

---
Mike Ounsworth

From: Rohan Mahy <rohan.mahy@gmail.com>
Sent: Wednesday, April 17, 2024 9:10 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: Russ Housley <housley@vigilsec.com>; Rohan Mahy <rohan.ietf@gmail.com>; LAMPS <spasm@ietf.org>
Subject: Re: [EXTERNAL] Re: [lamps] I-D Action: draft-ietf-lamps-im-keyusage-00.txt

Thanks Mike, The semantics of the EKU is an Instant Messaging identity. It should be perfectly fine to use this with XMPP, MIMI, or a proprietary messaging system. Unless you have some reason to do otherwise, a very natural way to express this

Thanks Mike,
The semantics of the EKU is an Instant Messaging identity. It should be perfectly fine to use this with XMPP, MIMI, or a proprietary messaging system.

Unless you have some reason to do otherwise, a very natural way to express this identity would be to use a URI identifier of any relevant scheme in the subjectAltName. (XMPP already has a custom SAN identifier type but that was not strictly necessary.)

I'll take a stab at some more generic text for the Intro and Security Considerations.

Thanks again for the review. I will fix the other small errors as well.
-rohan

On Tue, Apr 16, 2024, 12:14 Mike Ounsworth <Mike.Ounsworth@entrust.com<mailto:Mike.Ounsworth@entrust.com>> wrote:
Hey Rohan,

I’m a novice on the IM topic, but I’ll provide a review of your document anyway (feel free to ignore).

The introduction mentions that the driving motivation is IM apps built on top of MLS, and then says “or others see: MIMI”. Are all IMs considered equal, or is it important to be able to say “This cert is for MikeGram, and that cert is for RohanChat?”. IE would it be better if this draft created the specific EKUs that MIMI needs for the specific IM protocols that you’re designing now?

It would be good to expand the Security Considerations section to be clear about what security is gained by using the mechanism, including what the expectation is of verifiers who are looking for this EKU. Again, I think some discussion of using the same cert across different IM protocols would be good.


Why is it called id-kp-imUri? Why “Uri”? Perhaps this is clear in the mimi arch docs, but could use repeating here.


Typo? The IANA Considerations section asks for “id-kp-im-eku”, but the ASN.1 Module defines “id-mod-im-eku”. I think the latter is the better name, to indicate that this is the identifier of an ASN.1 module.


To Russ’ question about whether this draft should also cover SANs: the intro already says
“The subjectAltName of these certificates can be an IM URI, for example.”
Out of curiosity, which SAN type would be used for that?

---
Mike Ounsworth

From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Russ Housley
Sent: Monday, April 15, 2024 4:22 PM
To: Rohan Mahy <rohan.ietf@gmail.com<mailto:rohan.ietf@gmail.com>>
Cc: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: [EXTERNAL] Re: [lamps] I-D Action: draft-ietf-lamps-im-keyusage-00.txt

I thought it was worth asking. I think the xmpp: URI in the SAN would be a very reasonable solution. Russ On Apr 15, 2024, at 4: 49 PM, Rohan Mahy <rohan. mahy@ gmail. com> wrote: Hi Russ, I don't understand why an XmppAddr identifier type
I thought it was worth asking.  I think the xmpp: URI in the SAN would be a very reasonable solution.

Russ


On Apr 15, 2024, at 4:49 PM, Rohan Mahy <rohan.mahy@gmail.com<mailto:rohan.mahy@gmail.com>> wrote:

Hi Russ,
I don't understand why an XmppAddr identifier type would have been strictly needed, since anyone could have put either an xmpp: URI or an im: URI into a SAN without any extensions (as a URI type).

I'm happy to go look at some old discussions, but I don't know the history.
Thanks,
-rohan



On Mon, Apr 15, 2024 at 11:28 AM Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
Rohan:

RFC 6120 defines the way to carry a client name (Jabber ID) in the subjectAltName extension.  Should this document be expanded to address subjectAltName as well as extended key usage?

Russ


> On Apr 15, 2024, at 2:18 PM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote:
>
> Internet-Draft draft-ietf-lamps-im-keyusage-00.txt is now available. It is a
> work item of the Limited Additional Mechanisms for PKIX and SMIME (LAMPS) WG
> of the IETF.
>
>   Title:   X.509 Certificate Extended Key Usage (EKU) for Instant Messaging URIs
>   Author:  Rohan Mahy
>   Name:    draft-ietf-lamps-im-keyusage-00.txt
>   Pages:   5
>   Dates:   2024-04-15
>
> Abstract:
>
>   RFC 5280 specifies several extended key purpose identifiers
>   (KeyPurposeIds) for X.509 certificates.  This document defines
>   Instant Messaging (IM) identity KeyPurposeId for inclusion in the
>   Extended Key Usage (EKU) extension of X.509 v3 public key
>   certificates
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-lamps-im-keyusage/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-lamps-im-keyusage/__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKqOy538S$>
>
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-lamps-im-keyusage-00.html<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ietf-lamps-im-keyusage-00.html__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKn1iEEOp$>
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org<mailto:Spasm@ietf.org>
> https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKhkjFbRj$>
_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!eOQUtDAA8uwHi6mlSlRXJVJrnm_r5CwAKy09oCl_Q3itf786AeEtm2xwcGhxxxWefFHr1_P4naZzm9xvxEoUKhkjFbRj$>


Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email