IETF Logo Mail Archive

Re: [lamps] Call for adoption for draft-ito-documentsigning-eku

Tadahiko Ito <tadahiko.ito.public@gmail.com> Tue, 27 July 2021 14:16 UTC

Return-Path: <tadahiko.ito.public@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A0303A0BFA for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 07:16:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIxhDjzVSU7z for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 07:16:23 -0700 (PDT)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B78ED3A0BF8 for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 07:16:23 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id f11so16115621ioj.3 for <spasm@ietfa.amsl.com>; Tue, 27 Jul 2021 07:16:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=oS+9wQiJTq+hgtDN39+u9LEpzNBach6GifAyD0ASV5Q=; b=GfQncR5qd+CjTULXz2p3jrM9oaLL+5OMzq18MZX/ff0OwZ73g7IX4loUJkPCzd39M5 3c1Se3nhYh7KBIDopoHRggdXII7haoAJW2I10pbjywCCy/2pw+EJr7sCO8WJHRZ2jQFe HdX8cLLO1d0m7utAxqFmBOV1YQ8AFgOJhNP5j1DC9NMEfW3wHGuqUI6trTbDNFC6WRg0 CUEy33KCC7DaV+zu0jhdj9BEW+MMETgv5mS/1AEX3Uq73q8kTeSHUisXDnZ6cFrPnQcW dh7kA7E8oMxo++g3LDQi/tnCX/kXq/9KcYydDrEdIAxDxRkdA/yn38nhUIaC/afVyGvp tcOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=oS+9wQiJTq+hgtDN39+u9LEpzNBach6GifAyD0ASV5Q=; b=jwzmTkHB9+m9Gdtf53XQP5o7q48kyPxe0B8PYzBPeV0JNqp5+rBlRGFerU7sE1Bv1h J71AAliDMttQnVfRkRiM6r/77l9rInpTaBfC9zD8DbDwKPYcgD00C1FduBpCGCyr1DkI JIVA5cVLNPbxEG9y8EdgkBk2G9wkBB1EmQ6mwVfF1toZ6LEKg23BGL1a+zV8n5HCDKha HoqBNBa85YdkxPvdc5sui4vsUZNhpUpNgPGOHlXX2UfqRvAchBvKReOHA+KSosCdkQC5 8WaK/guvsU3aBWm5Zbq1kFu9+Wfw1UUStRxoLYAVLOLTo8prESmgwjZOSnzil7kn/9lx oNRg==
X-Gm-Message-State: AOAM533AqBFvPV5guh1haakru8mhQbaGGSlxJXEBOpL/oE/vrFdQELtJ ejCea6rafu32etciFhHx6Jw9rl+irmKTtH8Hy6k=
X-Google-Smtp-Source: ABdhPJwLX1u/b+rjCcOuW/OS/VpHXR1YV8ouRxO03QCemXAmU5mbAMP4mG9UR2+yUTapKcKthMCkyBFhq+9t4RHzzn8=
X-Received: by 2002:a05:6638:25c7:: with SMTP id u7mr21576396jat.26.1627395381580; Tue, 27 Jul 2021 07:16:21 -0700 (PDT)
MIME-Version: 1.0
From: Tadahiko Ito <tadahiko.ito.public@gmail.com>
Date: Tue, 27 Jul 2021 23:16:10 +0900
Message-ID: <CAFTXyYBGCmb71MDkp7teS=pLaqD_YNZkuBL02ei7QkODj9+HEw@mail.gmail.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
Cc: spasm@ietfa.amsl.com
Content-Type: multipart/alternative; boundary="000000000000a0d85e05c81b83ec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/dLVuvq_CcNTJ92XfYpLSQCkK80Q>
Subject: Re: [lamps] Call for adoption for draft-ito-documentsigning-eku
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 14:16:25 -0000

Thanks Sleevi

>>* id-kp-emailProtection corresponds to the use of CMS (RFC 5652) as used
by S/MIME (RFC 8551)
I love to see those correspondances in the real world.
If certs were for SMIME, OID should be id-kp-emailProtection.
However, Certs with id-kp emailProtection does not mean certs are used for
SMIME.
We might not able to make clear 100%, but should be able to make it better.
That was the starting point of our proposal.

I think we need a concept like Basket Clause that does not have a negative
impact on other OIDs.
I understand that this OID alone may not be that valuable, but I think that
this OID is valuable to ensure the soundness of other OIDs.

If after several years, other EKUs for protocol specific Document sign were
assigned (although that would not be our job at least at IETF) and used as
common practice,
it will be great, and we will be happy to obsolete this EKU.
However, in the meantime, we strongly believe that this would be a viable
option for those who want to limit the usage to document signing without
substituting the EKU with id-kp-emailProtection or id-kp-codesigning.

Regards Tadahiko Ito

v2.23.0 | Report a Bug | By Email