Re: [lamps] WGLC for draft-ietf-lamps-cert-binding-for-multi-auth
Russ Housley <housley@vigilsec.com> Fri, 27 October 2023 19:23 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FD11C151079 for <spasm@ietfa.amsl.com>; Fri, 27 Oct 2023 12:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.907
X-Spam-Level:
X-Spam-Status: No, score=-6.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZRsqp1sZVF2 for <spasm@ietfa.amsl.com>; Fri, 27 Oct 2023 12:23:03 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAB4BC14CF0C for <spasm@ietf.org>; Fri, 27 Oct 2023 12:23:03 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 2EB8F1CDB1A for <spasm@ietf.org>; Fri, 27 Oct 2023 15:23:03 -0400 (EDT)
Received: from smtpclient.apple (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 213AD1CD92A for <spasm@ietf.org>; Fri, 27 Oct 2023 15:23:03 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7D91F74E-F0AB-49AC-A57A-DE7C67E27251"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Fri, 27 Oct 2023 15:22:52 -0400
References: <SN7PR14MB6492A1D61CEAF12CE6F1568083DCA@SN7PR14MB6492.namprd14.prod.outlook.com> <0C31783B-871A-41AD-A876-304EAAD6FBBC@vigilsec.com>
To: LAMPS <spasm@ietf.org>
In-Reply-To: <0C31783B-871A-41AD-A876-304EAAD6FBBC@vigilsec.com>
Message-Id: <B291073C-D0F6-4390-99B9-33D715A88777@vigilsec.com>
X-Mailer: Apple Mail (2.3731.700.6)
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lwId14Cy5Q0Fw3tY7Sh50JhSLGM>
Subject: Re: [lamps] WGLC for draft-ietf-lamps-cert-binding-for-multi-auth
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2023 19:23:07 -0000
Looking at the IANA Considerations, I think the ASN.1 module should have place holders for the three OIDs that will be assigned:
id-relatedCert OBJECT IDENTIFIER ::= { id-pkix 1 tbd }
id-relatedCertRequest OBJECT IDENTIFIER ::= { tbd }
id-ad-relatedCert OBJECT IDENTIFIER ::= { tbd }
Also, I think the first one should be id-pe-relatedCert, and the second one should be id-aa-relatedCertRequest.
Russ
> On Oct 27, 2023, at 3:01 PM, Russ Housley <housley@vigilsec.com> wrote:
>
> I have read the document and checked the ASN.1. I think it is ready.
>
> Russ
>
>> On Oct 27, 2023, at 11:39 AM, Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org> wrote:
>>
>> Hello,
>>
>> Since there have been few significant comments or suggestions to this draft
>> since IETF 117, the authors have requested to proceed to WGLC. Since people
>> may be traveling to IETF 118, we’ll do a three week last call.
>>
>> https://datatracker.ietf.org/doc/draft-ietf-lamps-cert-binding-for-multi-auth/
>>
>> Abstract
>>
>> This document defines a new CSR attribute, relatedCertRequest, and a
>> new X.509 certificate extension, RelatedCertificate. The use of the
>> relatedCertRequest attribute in a CSR and the inclusion of the
>> RelatedCertificate extension in the resulting certificate together
>> provide additional assurance that two certificates each belong to the
>> same end entity. This mechanism is particularly useful in the
>> context of non-composite hybrid authentication, which enables users
>> to employ the same certificates in hybrid authentication as in
>> authentication done with only traditional or post-quantum algorithms.
>>
>> Please send all comments to the list by 17 November 2023.
>>
>> For the chairs,
>>
>> -Tim
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org <mailto:Spasm@ietf.org>
>> https://www.ietf.org/mailman/listinfo/spasm
>
- [lamps] WGLC for draft-ietf-lamps-cert-binding-fo… Tim Hollebeek
- Re: [lamps] WGLC for draft-ietf-lamps-cert-bindin… Russ Housley
- Re: [lamps] WGLC for draft-ietf-lamps-cert-bindin… Russ Housley