Re: [lamps] WG Last Call for rfc6844bis

Ryan Sleevi <ryan-ietf@sleevi.com> Fri, 12 October 2018 21:37 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3B112872C for <spasm@ietfa.amsl.com>; Fri, 12 Oct 2018 14:37:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.589
X-Spam-Level:
X-Spam-Status: No, score=0.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DA0XpKkKLBFS for <spasm@ietfa.amsl.com>; Fri, 12 Oct 2018 14:37:49 -0700 (PDT)
Received: from mail-io1-f52.google.com (mail-io1-f52.google.com [209.85.166.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E1E4127333 for <spasm@ietf.org>; Fri, 12 Oct 2018 14:37:49 -0700 (PDT)
Received: by mail-io1-f52.google.com with SMTP id n5-v6so10261268ioh.5 for <spasm@ietf.org>; Fri, 12 Oct 2018 14:37:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xpKhqH2MWG6QtngZAmyXgXSXtcT1k1jKvRlDIOmNBbo=; b=HP9CEFomLzqU0S7A6+B65/RY6EJxj/OHdtF8l/6UtQAZ8S+1w5I3XlBngFSKPH2lkF DGaHC8/UTocF/oI9OZhe2FkB045rxJPSI6+nzne/MwPLczlJIlnSqExBvIPIvytla4Be D3wu5CGJ/MCX6OygFHMSzvopi9HHOmFpwNUE9eyG+/3qRrG7h/cj7aivopOaxb1LtwRy NDmkA4JnyRgkSwJkZAQjOZ6J4OoujXnBfQI3uPLM9CRSfqq700cNE6BTT4Yh2bq26VJZ BV1S1klnp9RWVLJY49iIbstQ/P6mvj5v5v8tsN+UZ5PQcNxFSj+5XZlsUeQvLGYnWARq N0JQ==
X-Gm-Message-State: ABuFfoiLaBwXXgwsP+sGb+bj+A+7POjahZJCmZGWhvk5LE3nQFLgYvg9 IICmOuOKO8U/etNWqbNFPr0+53HTJ9dvuQ==
X-Google-Smtp-Source: ACcGV62a9pSWbgog9Ku08UoO23b3v+8i15iGh+pYdz/d/dCZ0GveRXBk1y3seJzDyPtdBxG9nHi3PQ==
X-Received: by 2002:a6b:e802:: with SMTP id f2-v6mr5355136ioh.19.1539380268426; Fri, 12 Oct 2018 14:37:48 -0700 (PDT)
Received: from mail-it1-f171.google.com (mail-it1-f171.google.com. [209.85.166.171]) by smtp.gmail.com with ESMTPSA id v5-v6sm670540ioe.61.2018.10.12.14.37.48 for <spasm@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Oct 2018 14:37:48 -0700 (PDT)
Received: by mail-it1-f171.google.com with SMTP id 134-v6so20867984itz.2 for <spasm@ietf.org>; Fri, 12 Oct 2018 14:37:48 -0700 (PDT)
X-Received: by 2002:a24:2b83:: with SMTP id h125-v6mr1367296ita.1.1539380267637; Fri, 12 Oct 2018 14:37:47 -0700 (PDT)
MIME-Version: 1.0
References: <F72DABEA-234C-4644-914A-81FBCC86D11B@vigilsec.com> <BN6PR14MB11063B4401B3C6BEBAF7A68D83E10@BN6PR14MB1106.namprd14.prod.outlook.com> <CAErg=HE4iNQGJnyB7Jjm8AK-wmzQZa188cF=XcJqG1Bsp65cng@mail.gmail.com> <BN6PR14MB1106E657320C80078F537A4F83E20@BN6PR14MB1106.namprd14.prod.outlook.com>
In-Reply-To: <BN6PR14MB1106E657320C80078F537A4F83E20@BN6PR14MB1106.namprd14.prod.outlook.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Sat, 13 Oct 2018 06:37:36 +0900
X-Gmail-Original-Message-ID: <CAErg=HHvTygDW3qAYdURS0wtS679kEuFhadyT3LKSjr0g9Da_Q@mail.gmail.com>
Message-ID: <CAErg=HHvTygDW3qAYdURS0wtS679kEuFhadyT3LKSjr0g9Da_Q@mail.gmail.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Russ Housley <housley@vigilsec.com>, Ryan Sleevi <ryan-ietf@sleevi.com>, SPASM <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000006ee8f05780ee6c9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/h2pEdTdH9D8xU3NjB9HKKrfxjvQ>
Subject: Re: [lamps] WG Last Call for rfc6844bis
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Oct 2018 21:37:52 -0000

On Sat, Oct 13, 2018 at 6:16 AM Tim Hollebeek <tim.hollebeek@digicert.com>
wrote:

> Your characterization of what the Forum “wants” is at odds with previous
> discussions in London, where working with IANA was explicitly called out as
> a goal.
>
>
Yes, to register the appropriate strings to be associated with an
Informational or CA/Browser Forum maintained document.

>
It also is at odds with the unanimous consensus on the last validation
> call, where everyone agreed that working together with IETF on this was
> desirable.
>

That’s cool and all, but that’s not how the CA/Browser Forum measures
consent (via Ballot), and that’s not at odds with what I suggested. Write a
draft, recognize the use cases, and if it to be published in IETF at all,
do it as Informational.

In any event, you’re talking about something not on the charter, and doing
it as soon as WGLC starts - and suggesting delay - is poor choice. Does
6844bis address what Lamps was chartered to do? Yes. Does any of your
hypothetical proposal require change to those mechanisms? No. So let’s stop
talking about it in WGLC, focus on the charter and the question asked, and
once there’s something more to discuss, revisit charter revisions and
consensus. But don’t hold up 6844bis to add features to a document designed
to be independently extensible.


>
>
> -Tim
>
>
>
> *From:* Ryan Sleevi <ryan-ietf@sleevi.com>
> *Sent:* Thursday, October 11, 2018 7:13 PM
> *To:* Tim Hollebeek <tim.hollebeek@digicert.com>
> *Cc:* Russ Housley <housley@vigilsec.com>; SPASM <spasm@ietf.org>
> *Subject:* Re: [lamps] WG Last Call for rfc6844bis
>
>
>
>
>
>
>
> On Fri, Oct 12, 2018 at 4:25 AM Tim Hollebeek <tim.hollebeek@digicert.com>
> wrote:
>
> LAMPS chair hat off; CABF Validation Subcommittee (formerly, Validation
> Working Group) hat on.
>
> Recently at the CA/Browser Forum, allowing customers to use CAA  to limit
> the validation methods that can be used for a domain has been identified
> as one of the Forum's highest priorities.  I started a thread on the idea
> back
> in December:
>
> https://mailarchive.ietf.org/arch/msg/spasm/Jse-FslACq3wair2B2_YSwpViNs
> <https://clicktime.symantec.com/a/1/5rpFBqLhTdzu7asMo_-hyYt9-ROTcfJFipkvDJeWLro=?d=MOSPKz9IsX45BNXV-2Y9WUxSSbjbT6KbeBPjG9Uqd-9LoMLTo7L0CYWfW1TOA6DHaEx77jQiY4nM3aORGvs6lEpjUxh40AeENJvZ8SOCZf0Vvd7XnQv-_Hq9Tc5sZDudGkl7Q5PgOzKDKRuU0NF_alaq2vlbS6FxasK3WZDXdRT0M7ongu2XxE143uzc0uek7RezaaA2FvPxzoPuKe2RG-2P1AIRkaM12PC2LPNf8s0V-GQ-CSo1K5laCSRthrcKeL0iichxvcpQmiRwNaK-l_Ex6ajRfaJMAe2C-viv-SRr_9c5p_Wf__HhS5-t4pGzrIwFHO2Rct7wLPjVqCPXzAPuPFj022NG7uuqMZmYgH1mtqQkwROhiDvfAPTkSTztPa6QPzLevszlfMQ3aYVJ5bf4Pg%3D%3D&u=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Fspasm%2FJse-FslACq3wair2B2_YSwpViNs>
>
> While CAs can potentially unilaterally implement this on their own outside
> the Forum with parameters (as in the acme-caa draft), uniformity
> throughout
> the industry would be desirable.  The Forum also has the ability to
> mandate
> implementation by a specific date.
>
> This was discussed on this morning's Validation Subcommittee call, and it
> was suggested we ask the group if there is interest in including this in
> RFC
>
>
>
> 6844-bis, or whether it would be preferable to handle it as a separate
> draft.
>
>
>
> Handle it as a separate draft, and recharter the WG If there is consensus
> to adopt draft text. The charter we have does not include that effort, and
> there are more ways to botch it then to get it right. It’s an extension, in
> theory, so let it be defined as such in a separate document.
>
>
>
> Personally, I believe such an extension would be better spec’d as
> Informational (thus, at odds with 6844-bis, which is Standards Track),
> because what the Forum “wants” is an extension whose namespace is defined
> and maintained by the CA/Browser Forum, not the IETF or IANA, and not
> designed to interoperate with other PKIs that use CPs other than the
> Baseline Requirements. If members of the Forum want Lamps to adopt such
> work, they should first work through what it is they want before asking
> Lamps to recharter to consider their industry-specific use case.
>
>
>
> So no, don’t add a rechartering discussion for WGLC just because some
> folks had an extension they want to figure out.
>
>
>
>
> -Tim
>
> > -----Original Message-----
> > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> > Sent: Thursday, October 11, 2018 2:01 PM
> > To: SPASM <spasm@ietf.org>
> > Subject: [lamps] WG Last Call for rfc6844bis
> >
> > This is the LAMPS WG Last Call for "DNS Certification Authority
> Authorization
> > (CAA) Resource Record" <draft-ietf-lamps-rfc6844bis-01>.
> >
> > Please review the document and send your comments to the list by 22
> > October 2018.
> >
> > If no concerns are raised, the document will be forwarded to the IESG
> with
> a
> > request for publication as Proposed Standard.
> >
> > Russ & Tim
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.org
> > https://www.ietf.org/mailman/listinfo/spasm
> <https://clicktime.symantec.com/a/1/STrHQSx73Sb45xv7Y14pDSX5GabcwkZb-sd6zeIJhQY=?d=MOSPKz9IsX45BNXV-2Y9WUxSSbjbT6KbeBPjG9Uqd-9LoMLTo7L0CYWfW1TOA6DHaEx77jQiY4nM3aORGvs6lEpjUxh40AeENJvZ8SOCZf0Vvd7XnQv-_Hq9Tc5sZDudGkl7Q5PgOzKDKRuU0NF_alaq2vlbS6FxasK3WZDXdRT0M7ongu2XxE143uzc0uek7RezaaA2FvPxzoPuKe2RG-2P1AIRkaM12PC2LPNf8s0V-GQ-CSo1K5laCSRthrcKeL0iichxvcpQmiRwNaK-l_Ex6ajRfaJMAe2C-viv-SRr_9c5p_Wf__HhS5-t4pGzrIwFHO2Rct7wLPjVqCPXzAPuPFj022NG7uuqMZmYgH1mtqQkwROhiDvfAPTkSTztPa6QPzLevszlfMQ3aYVJ5bf4Pg%3D%3D&u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
> <https://clicktime.symantec.com/a/1/STrHQSx73Sb45xv7Y14pDSX5GabcwkZb-sd6zeIJhQY=?d=MOSPKz9IsX45BNXV-2Y9WUxSSbjbT6KbeBPjG9Uqd-9LoMLTo7L0CYWfW1TOA6DHaEx77jQiY4nM3aORGvs6lEpjUxh40AeENJvZ8SOCZf0Vvd7XnQv-_Hq9Tc5sZDudGkl7Q5PgOzKDKRuU0NF_alaq2vlbS6FxasK3WZDXdRT0M7ongu2XxE143uzc0uek7RezaaA2FvPxzoPuKe2RG-2P1AIRkaM12PC2LPNf8s0V-GQ-CSo1K5laCSRthrcKeL0iichxvcpQmiRwNaK-l_Ex6ajRfaJMAe2C-viv-SRr_9c5p_Wf__HhS5-t4pGzrIwFHO2Rct7wLPjVqCPXzAPuPFj022NG7uuqMZmYgH1mtqQkwROhiDvfAPTkSTztPa6QPzLevszlfMQ3aYVJ5bf4Pg%3D%3D&u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspasm>
>
>