IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

Ryan Sleevi <ryan-ietf@sleevi.com> Thu, 19 August 2021 16:35 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8B843A0A03 for <spasm@ietfa.amsl.com>; Thu, 19 Aug 2021 09:35:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.645
X-Spam-Level:
X-Spam-Status: No, score=-1.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwGrIzYrpxeP for <spasm@ietfa.amsl.com>; Thu, 19 Aug 2021 09:35:11 -0700 (PDT)
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAE1D3A0A02 for <spasm@ietf.org>; Thu, 19 Aug 2021 09:35:11 -0700 (PDT)
Received: by mail-pj1-f44.google.com with SMTP id fa24-20020a17090af0d8b0290178bfa69d97so5244743pjb.0 for <spasm@ietf.org>; Thu, 19 Aug 2021 09:35:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bO8HSGMKz5S1DWrj6YVvR7bbu97oKBzzpHrtXJFxYuM=; b=ihyZ7pEOANe7mD51Hjb6DZ4sGX3gc8xHBg3e/GNir3jdzHYEFeRJFibWKzyD2eMltu KjJoSUFpNH4MkLjZZ1BybM1KK1v48cXMN/H7FefVnze9h4JXfNwU9h5/97k5Wmob2RqF GJZnCnKMDKd5Kfl2SP8MCiYOOTgazFBEoKpjXLMbxMK0zF8SQhi/f2UQvfGjWzAMDkNt /pRy+E8I+FyZ1cKIeXuoBXcPvi6oVFhr1+qtjDEu8HtIg2brwWq+HPCUt9C6yhWJSPOO Le4u2vT5hBcIQpJgTN3mBjOVcX0lAQQTHf/Drmw8XeNsc3b99uP5eBOFU6NaREdPLml5 KGwg==
X-Gm-Message-State: AOAM533xFxi1R1Q0FFPGGpBhYjTB+70CcpBah28hIqlds34PsxPYMRI1 QW4ShUrFa3UMyZKOd6lJZlBktjZz2mQ=
X-Google-Smtp-Source: ABdhPJxpn4ih0aQTDHhXMKBj/fb3sZBdnCHp8AgwiRWxbiwsC6Ap4gzD2msunyfuvFykTPBC3n219A==
X-Received: by 2002:a17:903:1cb:b0:12d:b9c8:4e22 with SMTP id e11-20020a17090301cb00b0012db9c84e22mr12596254plh.42.1629390911032; Thu, 19 Aug 2021 09:35:11 -0700 (PDT)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com. [209.85.216.48]) by smtp.gmail.com with ESMTPSA id a4sm2647792pfa.203.2021.08.19.09.35.10 for <spasm@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 19 Aug 2021 09:35:10 -0700 (PDT)
Received: by mail-pj1-f48.google.com with SMTP id oc2-20020a17090b1c0200b00179e56772d6so1850910pjb.4 for <spasm@ietf.org>; Thu, 19 Aug 2021 09:35:10 -0700 (PDT)
X-Received: by 2002:a17:90a:d3d0:: with SMTP id d16mr16178584pjw.103.1629390910350; Thu, 19 Aug 2021 09:35:10 -0700 (PDT)
MIME-Version: 1.0
References: <CD589623-52EE-4958-80AB-73F0CFB3A36E@vigilsec.com> <19561F5C-1EED-4D7E-81EB-210A2B47556C@vigilsec.com> <BE91DB62-683E-4AD6-9E0D-B11CCC247E5F@vigilsec.com> <87sfz8m34p.fsf@fifthhorseman.net> <407442.1629223690@dooku> <D8AF50F7-05EF-40C6-8ADC-2F5E82FEC910@vigilsec.com>
In-Reply-To: <D8AF50F7-05EF-40C6-8ADC-2F5E82FEC910@vigilsec.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Thu, 19 Aug 2021 12:34:59 -0400
X-Gmail-Original-Message-ID: <CAErg=HE1_8jux58_XegD3UXz6ovyrhkc8mxHBdUgL0gNgt1EJA@mail.gmail.com>
Message-ID: <CAErg=HE1_8jux58_XegD3UXz6ovyrhkc8mxHBdUgL0gNgt1EJA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, LAMPS WG <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000696c2d05c9ec22aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/cqmEIiTh-nnh3X1T4veC30uNRq0>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Aug 2021 16:35:18 -0000

On Tue, Aug 17, 2021 at 4:57 PM Russ Housley <housley@vigilsec.com> wrote:

> DKG:
>
> I suppose it does allow many OIDs to be assigned.  I was trying to come up
> with a way to allow simple documents that assign an OID and achieve WG
> consensus to move along without too much administrative overhead.


Is that the goal of LAMPS? That is, such generic assignment seems to run
counter to the (present) charter of being Limited, with known
constituencies interested in real deployment with at least one sufficiently
well-specified approach. The generic OID assignment seems to run counter to
that, and reintroduce the issues of PKIX.

Assigning new OIDs equally seems to run counter to simplify clarify
existing PKIX and S/MIME WG documents; typically, a new OID would be used
to describe new functionality, rather than clarify existing.

That's not to say we can't charter to become PKIX 2.0, if that's the
explicit goal, but it does seem to be a shift from a closed set to a very
open set, as flagged by DKG.

While Michael mentions wanting to avoid stopping work every 4 weeks for a
recharter, I'd be remiss if I didn't mention my goal is to ensure we don't
become PKIX 2.0 where we continue to add to the ever growing, ever
unnecessary, ever uninteroperable set of features that we call PKIX, and I
worry this language would.

v2.23.0 | Report a Bug | By Email