Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
Michael Markowitz <markowitz@infoseccorp.com> Thu, 26 January 2023 22:36 UTC
Return-Path: <markowitz@infoseccorp.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A69A5C15171B for <spasm@ietfa.amsl.com>; Thu, 26 Jan 2023 14:36:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=infoseccorp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmJ5SBy3jGTU for <spasm@ietfa.amsl.com>; Thu, 26 Jan 2023 14:36:30 -0800 (PST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2119.outbound.protection.outlook.com [40.107.243.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86C46C151554 for <spasm@ietf.org>; Thu, 26 Jan 2023 14:36:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oUkOdOH6GznoaToK3qIaioU6ca7Y6LMIg7Lpg6wYkHEkYTPZRckbyKXpj5MAfWXudYgWIsa0i53yFHRDHtHg6ewkopWt71pfdrzghsPzQ6x12FBisl2Ns2ZnbEMtL0jo5LKTUattC7mjFfiswf5g7E7+fID98newODa+c/kVw0AbVkuJH5F8B8/Y9VxILYI5H8n+N3kaaU5oquuWg4u/sEkbswRl9O87/AQIY23Kk//v3KRVhcmJnNUWeryrgDs/TZ2LzYFczi0BjY7UG/CY7VM3Yh8mL/VcKcVEJwYtO18AJaA3FZ7ksWVuqGoo2xD05L8tyEEmgWSchlBpBXJXmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gbPEHKSyqcyafOj/ixanmhmxKz6+aF7eTSHhDZ0E1Do=; b=U9j6eLlWu0CKziUU72hPUdkqxQu2ycnGFozt090B5q5Z4tBp+/LdvXPHqjiuqUKiYfgcBE6L7E42F7hQW1Z5HBU1mgYW19LUqBPTRv1fDmfG0/tqto6c+aGbzTp1qlQST3pl32Fxep5k+k0GQ7whSvX3CgBcvcd3huweOjZlTnHj9rTQINt7n0AlntD4ThAW3CZSBz3GOd77xnU28wKgmy0fHBegdKKEi2/g2wmwEGhbvoIDMaHLoFilt2oOdlH9q+F1I8z+PESU3HrNAeJzefRlyd5Y2cQSG1dSeVEwzVLIWEtDmScJHdUPO3NkxYwWPxjE79bZoMvroxrukSxWGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=infoseccorp.com; dmarc=pass action=none header.from=infoseccorp.com; dkim=pass header.d=infoseccorp.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infoseccorp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gbPEHKSyqcyafOj/ixanmhmxKz6+aF7eTSHhDZ0E1Do=; b=gg5FDUHlZJ8iwZMXS08JvBUmqDeny+awYaWQ9c8gffox6R4/gcIbcI5H/saBacLxTXPPi6YWn6YXeYkLu1ta8ErhFLudURhGjIYURrhJBPc3GnxHGXkcQyOGBXgURVHAQTiwK2S6FTI6idGlpXZMHj4//nH1SgcGHaYg8x9iVQQ=
Received: from DS7PR12MB5983.namprd12.prod.outlook.com (2603:10b6:8:7e::18) by DS0PR12MB7849.namprd12.prod.outlook.com (2603:10b6:8:141::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.33; Thu, 26 Jan 2023 22:36:27 +0000
Received: from DS7PR12MB5983.namprd12.prod.outlook.com ([fe80::a898:a604:e936:bfe3]) by DS7PR12MB5983.namprd12.prod.outlook.com ([fe80::a898:a604:e936:bfe3%8]) with mapi id 15.20.6002.033; Thu, 26 Jan 2023 22:36:27 +0000
From: Michael Markowitz <markowitz@infoseccorp.com>
To: Santosh Chokhani <santosh.chokhani@gmail.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
Thread-Index: AQHZIVnL+F+EHbZXHUGFIseeCMtxFq6QvH2AgAc1PYCAAJhKAIAAtdOAgAAVJ4CADN8NAIAAGLAAgAFL30CABnF9x4ADN0sAgAAjFwCAAAWIoA==
Date: Thu, 26 Jan 2023 22:36:27 +0000
Message-ID: <DS7PR12MB59832EB5498E6AADF915DF26AACF9@DS7PR12MB5983.namprd12.prod.outlook.com>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <6FB4E76C-0AFD-4D00-B0FC-63F244510530@vigilsec.com> <bd5a491c78c8406b8de6414aff4f5223@amazon.com> <SA0PR09MB72412D6BBBC556716B5FBDEDF1FF9@SA0PR09MB7241.namprd09.prod.outlook.com> <adfdcfcfb0f84c63b83bc60cb9a48cfa@amazon.com> <CH0PR11MB573917AD78637794B2A424249FFC9@CH0PR11MB5739.namprd11.prod.outlook.com> <ca14b6a4dc624d5a8721a76fba0e0b2f@amazon.com> <SJ0PR14MB5489CD14C3163F8DA79E948A83C49@SJ0PR14MB5489.namprd14.prod.outlook.com> <ee73c65cc85c4f2d82b6f6c444ae1ad5@amazon.com> <PH8PR09MB9294D762B0934D9746A1DEFCFCC59@PH8PR09MB9294.namprd09.prod.outlook.com> <SA0PR09MB7241E7948D0A08850295FF93F1C99@SA0PR09MB7241.namprd09.prod.outlook.com> <fde38c18356148d5bbcb26e2e3857f96@amazon.com> <0d0c01d931d3$977d1dc0$c6775940$@gmail.com>
In-Reply-To: <0d0c01d931d3$977d1dc0$c6775940$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=infoseccorp.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS7PR12MB5983:EE_|DS0PR12MB7849:EE_
x-ms-office365-filtering-correlation-id: 0bd477c1-131c-42a2-7faf-08daffedc35e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gq5BoZ4V66GmQkxLiZcAnadMdD9GN0Uxm3Bb9YtzUaFQQyz63NPbdEnVUX6MJG01KeDM6jqnqlXBuGxcH2+aPLf+qprzHqP2t4ii6faHWnSRxZ1BMvaXMgBqQPHyo52A29JDMGZHqa5N++k13OyAdSTdqz3ML2UqmyiPbUTqOptctTeOa7ZE4tBQLDKvuppMxa2TXksn7oMHnm1cYMlu0whQ8i0iyd76A33NTtQbWyXMP7+uQF+PJ/JhnTMjR5t0xxbIklbuBEYh0trNvdOeMPWOuCN/CzQFufrlbVCIMacL/KTP6dH/ZzLTNS08tdp/qQfuQGYprhtAJt80/Pk+Ko+vO9k0HcZ0E1Am7sKFKhwSluCVKn9VCIKgZwwXQSZtFpPG2j1Gmf0D7gon5plw/DyPXC+TMTxPAelkzl/L1r9sPINczVRs+/Wb6I4BE0yhT8szHX4O0778i6LBgaobta0JZwOhdsknbLHcFegVk+rDlbvj1SZzfU9C+tnwiwy7P8Uu3yEy3128pC3uyqd9rHryW9sETuVJGayqqB+Xx0ojm9Rr0kiTIBvwU2XbdcPOE6x1DgWpXtB1uswiPEI713L1PE9mK/Nw3YPeuTc2at/JoLKgcphWcmXjhQryFh1UYIfZAN8tEOpcG/K5OvYby5WOQDoMpWqhnDgF67HimVroGbYZbm3bm0r9TWxblDcB73vlGRQh4M8lScgR70iLJg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS7PR12MB5983.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(4636009)(376002)(346002)(39830400003)(136003)(396003)(366004)(451199018)(7696005)(186003)(478600001)(66899018)(86362001)(38070700005)(71200400001)(9686003)(6506007)(110136005)(316002)(33656002)(8676002)(55016003)(66446008)(5660300002)(76116006)(66476007)(66946007)(64756008)(26005)(52536014)(66556008)(122000001)(38100700002)(41300700001)(4744005)(2906002)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KHruDSjrymCvHHDxpbppA1a11JzB/7T9JBWB1i0Bvmy6bqrP/eDaitOCQ8BT8+8yXxWnH1awdtQDiDtRckA5pYe5uB0d/S2W1itJPVrwrlp5DaOasgTR4cVNYnrDwtodH4Z4hmbpDBMqHFfzB0tT0aRvgZIpjU+NA0OjJUQk+qRP8/EOQF9YRSn4KA7yTwJFMacH5cucrMRssBtDU1J4+XrM/gnxoWlyLNjHGTTEfGfWAHFfOpucwCCsQws2qVjbyTs4Nn00KgqZ/5H7+pvekZHGxDNflA+9DiNpfzlrxAJfkfzEyVP1dg/XET9comg5ACXk5pIDtOthjavNmtTxyfxXKQIXO6VybXqWkL2I2nCLT+gzcv8W6MQn73fvm+d0HT+/Ho1SzCwQWBujZ/rYrPYGcYh2P9DVKFhIMBFNJpoo8ZD1lzJ52HRmzzigxU25AvFceqycq8Gg1F4VMwdFRopoemRfFrz4FCgqYEqCfWKFTpeQRzT6RYy6xHq3rspwGM7C6oECET0zZi2Mp7LkAU9Ii8hDDgg8xmHvWXZsjz/roWRecRi5pK5wsMobOU7lCw7i387tjIwsXY2I4/wtji8Yo0Ggf9Be4Xg41Hbso0GuBswSXdXWMxVt3DYvW2rP7LKbjzaz4ViB9ZOEIFDyIzHlqfwO2AC75JQ/MJC8luiepa6UrEbvT6CkhmECLoMLF4iVIujUan2l7y1U1TAvsuWu/Yljqybw9yrK0fce4qVV+V1igaZhZApBriGGlaFgb5D+rp8Qaeqf2vXYqAxgwx9bIPDLSAqT71kwz2tn3W6qSy4c81tE4EC/gNiv2vNfeLBRxKWCs60LxwWDkLv0Iq7D5hF/y1MUV/n/14YaFI2++5s86g/KhUP3wB0FC08KvXjx+AdgYrNhKHD7SopGejSACeCDPGcACnq9AVbHpNbEfNVEhG5CV1ftLdYHRmmiHd8WFaCVrD/kovZX566BSkEQpXsW0paoF196ZKF1iwJxLWQOXyQ5mYxEpRzbcfciLzFzECAoi+y5/l9oqH6PQ2F2pPRamXhmukPgh5iQi4HIT6YaGCreym7A7vkO1Ku3k90Dumxj/BxDBZglzzLcM4HaSl3a5aNWNpJkgzu6Cx5qQpUbaeftN+b9ny+P4/9tPfyUdu3v2uFQCX63Yn02Pmj0kYD+IpeIA3pw6Cw8zCPVQjhICLb5mR5gB9GrVyzkatbkn/enWI3Rx0Vg4xbcTDMz/1wU4YPLpU8yjihXWslWmTZA9G4KUNfu9Qli0tt/P0YqR5V+pBmlZVfX8y40sY53q+DqHQYI0UCUlb3BRmRAKQ0J3jyP9FINeMmwBsw8K8qkXYP590TkHRS44/AiDBzClLZ1V5OVToM4VHn+/KhGosFSpkUOALzhs/4fW6YAovgGjexDl3oh9Wq7D9tfdvMXEwTSX1B4mJZGUs73FM3WMew26SPv1q1yLdhWSQ2uwuuGj62GkZjlk7OHt0dxkLFnOZ1/BXPEv5PtA6VxJ5IzhZeuL7Qws+ifvRPlzgjpnw8klRMNdPFGsQMj/XK0nZgbC84Np7xMi7GQyDPnQLatzMLNzK8M282niOZKuuo6
Content-Type: multipart/alternative; boundary="_000_DS7PR12MB59832EB5498E6AADF915DF26AACF9DS7PR12MB5983namp_"
MIME-Version: 1.0
X-OriginatorOrg: infoseccorp.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB5983.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0bd477c1-131c-42a2-7faf-08daffedc35e
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jan 2023 22:36:27.6272 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f8afa6ae-fcf9-41af-84e8-cca28837a74a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xeq/CsrUGj8e+kCOc3FRzxbG4TyeqC1Ig4gS7L2JDyXduDjNs933wG3kURdIb0V4yZ20O/riROX4oXC9I3S0jJlhQWCgIcS2WlH1R52Tbvs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7849
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tLgF7jbyiUuPBBJ5HEeFfFB5BmA>
Subject: Re: [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2023 22:36:34 -0000
Santosh wrote: >If the authors have not already done so, I would propose that there are ways the extension can provide crypto binding between/among the certificates which would be superior to simply name >matching. Name matching is weak. If you’re claiming *notarized* name matching is weak, I think we have to throw out the whole concept of X.509 certificates! 😊 -mjm
- [lamps] Call for adoption of draft-becker-guthrie… Russ Housley
- Re: [lamps] [EXTERNAL] Call for adoption of draft… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Call for adoption of draft… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Corey Bonnell
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Michael Jenkins
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… John Gray
- Re: [lamps] Call for adoption of draft-becker-gut… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-becker-gut… Stephen Farrell
- Re: [lamps] [EXTERNAL] Re: Call for adoption of d… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Call for adoption of d… Rebecca Guthrie
- Re: [lamps] Call for adoption of draft-becker-gut… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Stephen Farrell
- Re: [lamps] [EXTERNAL] Re: Call for adoption of d… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Michael Jenkins
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Call for adoption of draft-becker-gut… Stephen Farrell
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-becker-gut… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Tomas Gustavsson
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- [lamps] Call for adoption of draft-becker-guthrie… Russ Housley
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… aebecke@uwe.nsa.gov
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Carl Wallace
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Tomofumi Okubo
- Re: [lamps] Call for adoption of draft-becker-gut… Santosh Chokhani
- Re: [lamps] Call for adoption of draft-becker-gut… Carl Wallace
- Re: [lamps] Call for adoption of draft-becker-gut… Carl Wallace
- Re: [lamps] Call for adoption of draft-becker-gut… Tadahiko Ito
- Re: [lamps] Call for adoption of draft-becker-gut… Julien Prat
- Re: [lamps] Call for adoption of draft-becker-gut… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Michael Richardson
- Re: [lamps] Call for adoption of draft-becker-gut… aebecke@uwe.nsa.gov
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Santosh Chokhani
- Re: [lamps] Call for adoption of draft-becker-gut… Michael Markowitz
- Re: [lamps] Call for adoption of draft-becker-gut… Mike Ounsworth
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Tomofumi Okubo
- Re: [lamps] Call for adoption of draft-becker-gut… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-becker-gut… Kampanakis, Panos
- Re: [lamps] Call for adoption of draft-becker-gut… Seo Suchan
- Re: [lamps] Call for adoption of draft-becker-gut… Santosh Chokhani
- Re: [lamps] Call for adoption of draft-becker-gut… Tomofumi Okubo
- Re: [lamps] Call for adoption of draft-becker-gut… Santosh Chokhani
- Re: [lamps] Call for adoption of draft-becker-gut… Tomofumi Okubo
- Re: [lamps] Call for adoption of draft-becker-gut… Russ Housley