Re: [Spasm] Let's focus
Richard Barnes <rlb@ipv.sx> Fri, 27 May 2016 13:04 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44B2412D166 for <spasm@ietfa.amsl.com>; Fri, 27 May 2016 06:04:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lZBcCfyM5MbI for <spasm@ietfa.amsl.com>; Fri, 27 May 2016 06:04:49 -0700 (PDT)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B6CD12B064 for <spasm@ietf.org>; Fri, 27 May 2016 06:04:49 -0700 (PDT)
Received: by mail-vk0-x22a.google.com with SMTP id f66so142583855vkh.2 for <spasm@ietf.org>; Fri, 27 May 2016 06:04:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=uBwkMS7YKJCyqkxexoRXS1U8apmoUqI1FJUOq8+r05k=; b=p2RA7QXy6aEdVwQkwimWW8KzCqG2zXcDBQyj1e3yGx3pv3MwYEQNq/LlUzoM4oym4S tmMl29ULEwT7gDCJdkE4P1FjhXTWopgAywVnMaw604ieM5iOY8gJHLdNb0+kA3OK8CMn wnkY+RshOkBcaIIhzhkCk2lBoHxTAXRKWujly8EHJsCSEbb8ANdwUjT2e4z4lfmj2eMJ sf7658TzHK0yIkm7SurgO/HiWhHkaxYZU55SPYr5ree6+V3Bum1Wh8g8BThUsEvtsKm5 7VBXrf2S6lBy8N+pdSF67q4VCJiCHTGAUaR9Jmz6K0tu/kHexwRNI2Arlz8IxxlMyHyq ea8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=uBwkMS7YKJCyqkxexoRXS1U8apmoUqI1FJUOq8+r05k=; b=ZNJIIBHJzsl9dVV/C9Zlnunr8wZFuj+DmWYKo33uFboxDsECPhgNYTvYRFNrgtg4JE 54Ua9wRzhgCTPbcSLCD5i6o18xWsH/96AO1n/0GQU2exfDwy9mXREvcUYB/p/ml5agL1 fEE6ieZBTjy1Y5bCsDHhwu4PnCKXb+ZEV1jNx015DcHHnEkdMFF1/Uc6a7vYSqOVDDKZ Zn8p7Qa6c+5oIEVQAtEqR1Jj8I5so0Pg7wrpalwh0UfvP/YQUrTD1aA04C311CpsOkI2 3pn9hLJzelUibZytqLbiStffH5brf/jLpSrRNn8mEyRRqJ9svfTNvJAt628N5PvNDUVl BSTw==
X-Gm-Message-State: ALyK8tICy7tlwMwbgS2UOnM/NbZvoJBuoyK8dPqgqEmxv5iuX9MzeW4lxvevl5VINDNw2UoRXON8cIMWen9Ngw==
MIME-Version: 1.0
X-Received: by 10.159.34.206 with SMTP id 72mr7256427uan.79.1464354288339; Fri, 27 May 2016 06:04:48 -0700 (PDT)
Received: by 10.31.48.71 with HTTP; Fri, 27 May 2016 06:04:48 -0700 (PDT)
In-Reply-To: <57475B33.3070201@cs.tcd.ie>
References: <CAL02cgSHWvmmhCqv1Dz8wfiGsOqOXWNi150suR-5xqt3F8ppcw@mail.gmail.com> <57475B33.3070201@cs.tcd.ie>
Date: Fri, 27 May 2016 09:04:48 -0400
Message-ID: <CAL02cgQD_xF8tTF_e_X7P3RxQ7tO2QLW=72ismrna4jSNKo8aQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="94eb2c04ca8c2edb180533d28d6d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/gflCCISIYWDclKEWXdzYK3g8tfs>
Cc: spasm@ietf.org
Subject: Re: [Spasm] Let's focus
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2016 13:04:52 -0000
On Thu, May 26, 2016 at 4:23 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya, > > On 26/05/16 21:04, Richard Barnes wrote: > > Hey all, > > > > I'm concerned that the proposed scope [1] for this WG is (1) too broad, > and > > (2) inconsistent with the participation so far. > > > > The breadth concern is evident in the ambiguity of the name "Some?" This > > group should identify some concrete, practical problems in the Internet > > they need to solve, describe them, and demonstrate that they have the > right > > set of stakeholders to develop, implement, and deploy a solution. > > Well we can bikeshed names for sure but moving on... > > > > > I'm personally most concerned about the "fix the EKUs" milestone, at > least > > as it's realized in [2]. > > Yeah, me too. The discussion around that has been eerily reminiscent of > some of the less productive things from the "late" PKIX period. > > > From the perspective of someone who works a lot > > in the Web PKI, this sounds like a request for a feature that has > negative > > value. The incremental value of the proposed feature would be to allow > > "everything but X" CAs. Recent experience in the Web PKI has driven home > > how harmful it can be to have divergent sets of RPs relying on the same > > PKI, so allowing CAs to be more unconstrained is moving in the wrong > > direction. > > Fair point. If the WG is chartered I think it'd have to decide if > that's ok or not. You've kinda got the cart before the horse here. If this use case isn't good, then there's no point to having the milestone. > (Stefan's 1-bit counter-proposal didn't have the > same property though or am I wrong?) > > > I'm not dogmatic on this, but in order to be persuaded, I would > > need to see active interest from some real CAs, and from the logs of this > > list, I'm not seeing anyone who's a current participant in the Web PKI > > (apologies if I've failed to recognize someone). > > It'd be good to see that kind of interest in the EKU work yes. Absent > that, I would guess deployment won't happen. > Again, I think demonstrating interest from the relevant community is needed *before* chartering. The underlying principal of BoFs, etc., is that spec here get developed by the people that are going to use them / be affected by them. If those people aren't here, we shouldn't charter work. --Richard > > > > I'm also concerned about the "SRV for cert stores" milestone, though I > > admit I'm not as deep in this space. Looking at the proposed doc, it > seems > > like the SRV adds any value over just looking stuff up at a well-known > URI, > > e.g., adding a "x5c" attribute to a WebFinger resource. Anything that > > requires special DNS magic (and SRV counts) is going to face significant > > deployment barriers. So I would be happier if this were a "define a > simple > > cert discovery mechanism for S/MIME" milestone, rather than being bound > to > > a specific mechanism. > > From my POV, that's yet another experiment in the public-key-retrieval- > to-support-e2e-messaging-security set of experiments that included the > openpgp-dane one recently approved. (And I'd be fine with more of those > experiments too for reasons stated during the IETF LC of the dane work.) > > > > > Overall, it seems like this group should focus on moving the ball forward > > with regard to making S/MIME deployable in today's Internet -- fixing > > papercuts around AEAD, i18n, and cert discovery. The PKIX stuff is > > unrelated and addresses an entirely different constituency. > > I'm personally if the work here isn't all one effort but a small set of > sorta-diverse efforts. So long as they're likely to be deployed that is. > If that's not likely, then I'd be for dropping them from the charter. > > Cheers, > S. > > > > > --Richard > > > > > > [1] https://datatracker.ietf.org/doc/charter-ietf-spasm/ > > [2] https://tools.ietf.org/html/draft-housley-spasm-eku-constraints-01 > > [3] https://tools.ietf.org/html/draft-bhjl-x509-srv-00 > > > > > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://www.ietf.org/mailman/listinfo/spasm > > > >
- [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Wei Chuang
- Re: [Spasm] Let's focus Stephen Farrell
- Re: [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Stephen Farrell
- Re: [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Santosh Chokhani
- Re: [Spasm] Let's focus Richard Barnes