Re: [lamps] DRAFT LAMPS Recharter Text
Dmitry Belyavsky <beldmit@gmail.com> Mon, 14 August 2017 14:12 UTC
Return-Path: <beldmit@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4BCE132055 for <spasm@ietfa.amsl.com>; Mon, 14 Aug 2017 07:12:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8lzQ4oBbk9e for <spasm@ietfa.amsl.com>; Mon, 14 Aug 2017 07:12:49 -0700 (PDT)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 503231321ED for <spasm@ietf.org>; Mon, 14 Aug 2017 07:12:49 -0700 (PDT)
Received: by mail-wm0-x22c.google.com with SMTP id t201so38431802wmt.1 for <spasm@ietf.org>; Mon, 14 Aug 2017 07:12:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z/cEHwWFtsS7VBP8d9+co8eTo4HxxGPN0UAliMI8CwM=; b=tRTlidHLKMR8geix1qvh25s1DkY8YYOqozFwOn0c1GYMJoNRCYr2XPKZUrmMlyKkTf LZnkctHQHi+MiZw11uX6Z3ahHIna4CIPq9yslNDqzw8x/pevQuSlqJ922Yguto5+XuQJ 14nHKs7VcgAUvTYSvCNjTstrksOHwTaSoKeesNClAZqx19ErVBK/bK0wCeha/Q/UFHzY XE12yR/lW5KeM9q3Dkv+T84xYqyGd2R+fLygyaz5UbYis+GBLtWVbx/4emYJKvZ90VgQ YJHas8GwhqyPCoSHV+Naa4uOnL+DVmvBDTU1ae4ssaGTUyvUohQb497bJx5blrzA7PAI PH8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z/cEHwWFtsS7VBP8d9+co8eTo4HxxGPN0UAliMI8CwM=; b=DxloauESvAAAdIqnvm6lE80ySPHkMdQovDeuy4fNngHhvtbZcDaPVv6AFj9E4dQ4Qu 1o7B9KRyEsZGx5pSUXfOtHYB8hG2GVHLFoaSUoeyumzvFKoCRsNUOxUE5k3TfY6omF5p pYlaJ2qscyGFsCzioDsROL3fZJuJds3Sqp3krIkM318p4bw7ATUwsKSfWrHxRETmSYaM HvXsrU3hqDuEjGvypFKE2HPMw2PZgCZ/LoIJDi1dqu8M2ZQBt6U4xtm3PSlZCbpA1hoa lwJEmpON5gFpL+LYfv3wS41NLKIrHl+lsyIyGU5mbeWgpH5vNp3hKdjKkqkLXHWd5aGn gk4A==
X-Gm-Message-State: AHYfb5i0siGTMxNPDb8r1rj9Bj/UPYboko/4an3XTbVFNRkGESsEFfaD ieOECc/ZybkxWAWOrJwoQH5z69zuH0vi
X-Received: by 10.80.176.68 with SMTP id i62mr24479695edd.147.1502719967837; Mon, 14 Aug 2017 07:12:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.143.3 with HTTP; Mon, 14 Aug 2017 07:12:47 -0700 (PDT)
In-Reply-To: <3EC3EBBE-D17D-4A25-A61C-27872613FB4D@vigilsec.com>
References: <3EC3EBBE-D17D-4A25-A61C-27872613FB4D@vigilsec.com>
From: Dmitry Belyavsky <beldmit@gmail.com>
Date: Mon, 14 Aug 2017 17:12:47 +0300
Message-ID: <CADqLbz+sCbp+dy+oyMyfvng6A4-kJYnsS25wdux1KisD6dEcWA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: LAMPS <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c853ee1409e0556b74162"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/t5fp2POSG1zBDKIVI8d07zBE2d0>
Subject: Re: [lamps] DRAFT LAMPS Recharter Text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 14:12:53 -0000
Hello, On Sun, Aug 6, 2017 at 7:51 PM, Russ Housley <housley@vigilsec.com> wrote: > At IETF 99, the LAMPS WG considered several potential recharter work > items. The attached draft is a result of that discussion. Please review > and comment. > > Russ > > = = = = = = = = > > The PKIX and S/MIME Working Groups have been closed for some time. Some > updates have been proposed to the X.509 certificate documents produced > by the PKIX Working Group and the electronic mail security documents > produced by the S/MIME Working Group. > > The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working > Group is chartered to make updates where there is a known constituency > interested in real deployment and there is at least one sufficiently > well specified approach to the update so that the working group can > sensibly evaluate whether to adopt a proposal. > > Having completed the S/MIME 4.0 specifications and updates to support > i18n email addresses in PKIX certificates, the LAMPS WG is now: > > 1. Specify a discovery mechanism for CAA records to replace the one > described in RFC 6844. > > 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME. > > RFC 6844 describes the mechanism by which CAA records relating to a > domain are discovered. Implementation experience has demonstrated an > ambiguity in the current processing of CNAME and DNAME records during > discovery. Subsequent discussion has suggested that a different > discovery approach would resolve limitations inherent in the current > approach. > > Unlike the previous hashing standards, the SHA-3 functions are the > outcome of an open competition. They have a clear design rationale and > have received a lot of public analysis, resulting in great confidence > that the SHA-3 family of functions are very secure. Also, since the > design of the SHA-3 functions use a very different construction from the > SHA-2 functions, they offer an excellent alternative to the SHA-2 family > of functions. In particular, SHAKE128/256 and SHAKE256/512 offer > security and performance benefits. > > In addition, the LAMPS Working Group may investigate other updates to > the documents produced by the PKIX and S/MIME Working Groups, but the > LAMPS Working Group shall not adopt any of these potential work items > without rechartering. > > MILESTONES > > Nov 2017: Adopt a draft for rfc6844bis > Dec 2017: Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512 > Dec 2017: Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512 > Apr 2018: rfc6844bis sent to IESG for standards track publication > Sep 2018: SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for > standards track publication > Sep 2018: SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for > standards track publication > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > I suggest to add one more item to the charter: =============== 3. Specify a mechanism/language describing the application-level limitations to certificate trust. There are a lot of limitations applied to the trust model specified by the RFC 5280 by browsers, see for example https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/--aa6dYHhrc/xbozEdS2BgAJ This limitations distributed in well-documented alienable format can be used by various applications, such as MTAs and browsers, and improve the overall security of PKI infrastracture. ================ Thank you! -- SY, Dmitry Belyavsky
- [lamps] DRAFT LAMPS Recharter Text Russ Housley
- Re: [lamps] DRAFT LAMPS Recharter Text Salz, Rich
- Re: [lamps] DRAFT LAMPS Recharter Text Sean Leonard
- Re: [lamps] DRAFT LAMPS Recharter Text Sean Leonard
- Re: [lamps] DRAFT LAMPS Recharter Text Russ Housley
- Re: [lamps] DRAFT LAMPS Recharter Text Salz, Rich
- Re: [lamps] DRAFT LAMPS Recharter Text Yoav Nir
- Re: [lamps] DRAFT LAMPS Recharter Text Dmitry Belyavsky
- Re: [lamps] DRAFT LAMPS Recharter Text Russ Housley
- Re: [lamps] DRAFT LAMPS Recharter Text Sean Turner
- Re: [lamps] DRAFT LAMPS Recharter Text Dr. Pala
- Re: [lamps] DRAFT LAMPS Recharter Text Dr. Pala
- Re: [lamps] DRAFT LAMPS Recharter Text Russ Housley
- Re: [lamps] DRAFT LAMPS Recharter Text Salz, Rich
- Re: [lamps] DRAFT LAMPS Recharter Text Dmitry Belyavsky
- Re: [lamps] DRAFT LAMPS Recharter Text Salz, Rich
- Re: [lamps] DRAFT LAMPS Recharter Text Russ Housley