Re: [Spasm] certspec work (draft-seantek-certspec-06.txt)
Wei Chuang <weihaw@google.com> Thu, 09 June 2016 17:49 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC6DA12D176 for <spasm@ietfa.amsl.com>; Thu, 9 Jun 2016 10:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.126
X-Spam-Level:
X-Spam-Status: No, score=-4.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f9n-DaYA6-Vv for <spasm@ietfa.amsl.com>; Thu, 9 Jun 2016 10:49:04 -0700 (PDT)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72EDF12D576 for <spasm@ietf.org>; Thu, 9 Jun 2016 10:49:04 -0700 (PDT)
Received: by mail-oi0-x22c.google.com with SMTP id k23so75422500oih.0 for <spasm@ietf.org>; Thu, 09 Jun 2016 10:49:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YGt+LYtP74UTUTsHpuRlenuFRpWSWea523M7MJgWuw8=; b=h0nHp72l6ks49GLtyKX0jhbJftoA8yxJ+aCGJti7xi+Opni8/MWurZI3SInTiVZ1va rYmVID21NrXFF0nYEsLVp/HKFM2sw+Csx1G0boE7+vToDZlbi1xtkcfC/XdSrARjMBZF IwnSLV7Reu2Z7YCNi6GOgt2EKYLW6r39PT8epFWy49yszmmW6id0ytkrI7mqLXwGolzS hnMK//loQM4YW5YaU4DSo8APqnWzBHSzUFKHRhfA2kCXCiCrJq+Hsqp8n7Y4Yi3rUSEW Dp1F+BC1a5c/tSViPQN3NSPETb9ZNx7AsnHbYnaW1T87d7BRLLm1Ze2iu8gexTb6U3Bi K/xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YGt+LYtP74UTUTsHpuRlenuFRpWSWea523M7MJgWuw8=; b=Lwhoq9743DzEXf99uGPqMMxqVtK3fHwQpFka8apWu6jK5sR98HTguu/stiKwyTSp3s RVxI8aoFhkOwkykA9DtKKDYQGVrQin7CAwMdiy2m4zx9zFJMk8g4RT6HNz2IMwbEm87W u44V8yR78CBM4fnYA22o08AVJMtLFZtyCVcOvW6HVkX/WWtL9bDKC46x+Wdgw/fcUA6l a4VhhyrmD7ZzsxAd0Y/UTUeb/46GexHAeaclsGzlEywjEnUQijTqrSIGTg1Kez78i1AP HmPKQgarC3o9+cpyc33EfZg511cb5ebj0KNKLEwdj53ZW2qbX4p6EYMH3FfiM07J24xY 6TNA==
X-Gm-Message-State: ALyK8tLT36DXZtxxcrpzH+IzkDrYw8HkJDnDts5drCb9bwgAr0Zz/5+6auzW8gkFdgR3Qjs2oABn3CRSdMFUylht
X-Received: by 10.202.232.77 with SMTP id f74mr5946216oih.128.1465494543222; Thu, 09 Jun 2016 10:49:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.1.67 with HTTP; Thu, 9 Jun 2016 10:49:02 -0700 (PDT)
In-Reply-To: <f7c50b01-9d68-11ac-c343-9ffff7dbf143@seantek.com>
References: <20160608161629.19935.86198.idtracker@ietfa.amsl.com> <f7c50b01-9d68-11ac-c343-9ffff7dbf143@seantek.com>
From: Wei Chuang <weihaw@google.com>
Date: Thu, 09 Jun 2016 10:49:02 -0700
Message-ID: <CAAFsWK1C4n-9rx+zCr+ig6of3XA=shE1HnvkTyJ6wfVp=BOJPw@mail.gmail.com>
To: Sean Leonard <dev+ietf@seantek.com>
Content-Type: multipart/alternative; boundary="001a1141b0a0abad3c0534dc09d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/g0Dy5p8vhSXYCVaITq1UFpaMbqQ>
Cc: spasm@ietf.org
Subject: Re: [Spasm] certspec work (draft-seantek-certspec-06.txt)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jun 2016 17:49:07 -0000
Just some thoughts about this draft: 1. The title is a little bit confusing, as much of the document is about naming certificates. Perhaps "Naming and Metadata Specification for..."? 2. This document would do best when coupled with work on methods to access certificates such as draft-bhjl-x509-srv-00 that would use it. 3. Modify the ABNF to clearly identify the certspec type vs data 4. Another naming method I'm aware of is CRLSets used in Chromium: https://dev.chromium.org/Home/chromium-security/crlsets This might be something to consider and possibly mention in section 6 "Other Certificate Specifications". 5. Can more motivation be provided for attribute section 8? thanks, -Wei On Wed, Jun 8, 2016 at 9:28 AM, Sean Leonard <dev+ietf@seantek.com> wrote: > Hello SPASM: > > I would like to propose "certspec" as a work item for this WG, and that it > be considered in-scope as we debate the WG's scope. > > certspec is a string specification for certificates. It allows protocols > and systems to identify a certificate in a textual form, and is designed > with human usability in mind (specifically, copy-and-paste operations). > > Previous versions of this draft tried to define certspec as a URN, and > then as a series of URI schemes. Those approaches were not successful. This > draft just calls it a string. You can look at the diffs (particularly the > diff between 04 and 05) to see the differences. > > Thanks to Russ Housley for feedback on the most recent versions of this > draft. > > Regards, > > Sean > > -------- Forwarded Message -------- > Subject: New Version Notification for draft-seantek-certspec-06.txt > Date: Wed, 08 Jun 2016 09:16:29 -0700 > From: internet-drafts@ietf.org > > > > A new version of I-D, draft-seantek-certspec-06.txt > has been successfully submitted by Sean Leonard and posted to the > IETF repository. > > Name: draft-seantek-certspec > Revision: 06 > Title: String Specification for Certificates > Document date: 2016-06-08 > Group: Individual Submission > Pages: 27 > URL: https://www.ietf.org/internet- > drafts/draft-seantek-certspec-06.txt > Status: https://datatracker.ietf.org/doc/draft-seantek-certspec/ > Htmlized: https://tools.ietf.org/html/draft-seantek-certspec-06 > Diff: https://www.ietf.org/rfcdiff? > url2=draft-seantek-certspec-06 > > Abstract: > Digital certificates are used in many systems and protocols to > identify and authenticate parties. This document describes a string > format that identifies certificates, along with optional attributes. > This string format has been engineered to work without re-encoding in > a variety of protocol slots. > > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Sean Leonard
- [Spasm] certspec work (draft-seantek-certspec-06.… Sean Leonard
- Re: [Spasm] certspec work (draft-seantek-certspec… Stephen Farrell
- Re: [Spasm] certspec work (draft-seantek-certspec… Wei Chuang