Re: [lamps] [EXTERNAL] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01

Russ Housley <housley@vigilsec.com> Sat, 17 September 2022 14:20 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0620C14F613 for <spasm@ietfa.amsl.com>; Sat, 17 Sep 2022 07:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAdXChVYDZfN for <spasm@ietfa.amsl.com>; Sat, 17 Sep 2022 07:20:53 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12A4CC14F612 for <spasm@ietf.org>; Sat, 17 Sep 2022 07:20:53 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 1031B12D8D7; Sat, 17 Sep 2022 10:20:52 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 029AE12DD0B; Sat, 17 Sep 2022 10:20:51 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CH0PR11MB5739FD0C09BDBD015190D3E69F489@CH0PR11MB5739.namprd11.prod.outlook.com>
Date: Sat, 17 Sep 2022 10:20:51 -0400
Cc: LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B59E94F2-6649-454E-9BB4-25064A1050DE@vigilsec.com>
References: <PH0PR00MB10003EC6A096FE0A363BBFB9F5459@PH0PR00MB1000.namprd00.prod.outlook.com> <PH0PR00MB10002A7A2850A1333B4F6C00F54A9@PH0PR00MB1000.namprd00.prod.outlook.com> <35BEB1D9-7EA5-4CD4-BADA-88CCB0E9E8F9@vigilsec.com> <CH0PR11MB5739FD0C09BDBD015190D3E69F489@CH0PR11MB5739.namprd11.prod.outlook.com>
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/xoSHokf2fBSB7Y4QvxKywomIAcM>
Subject: Re: [lamps] [EXTERNAL] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Sep 2022 14:20:58 -0000

Mike:

Those are important questions for publication as an RFC.  At this stage -- call for adoption -- that information would be good to know if there are already proof of concept implementations.  Of course, production implementation is not possible without the algorithm identifiers being assigned by NIST and then a production root that uses PQC algorithms.

Russ



> On Sep 16, 2022, at 5:14 PM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> wrote:
> 
> I have no objection to the technical content of this cert binding extension, but I'll ask whether this meets "rough consensus and running code" ? Are there live deployments of this?
> 
> ---
> Mike Ounsworth
> 
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: September 15, 2022 10:45 AM
> To: LAMPS <spasm@ietf.org>
> Subject: [EXTERNAL] [lamps] Call for adoption of draft-becker-guthrie-cert-binding-for-multi-auth-01
> 
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
> 
> ______________________________________________________________________
> There has been some discussion of https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-becker-guthrie-cert-binding-for-multi-auth/__;!!FJ-Y8qCqXTj2!ZXDQscT58wd3A6WqFSiZsZyKG7MLQ8dmu9DiaWkrnbtY4du_M1Gi2f6wGLa5mvWq_PtIdei_61RHIFXSwU-zLSdWHCjD$  .  During the discussion at IETF 114, we agree to have a call for adoption of this document.
> 
> Should the LAMPS WG adopt “Related Certificates for Use in Multiple Authentications within a Protocol” indraft-becker-guthrie-cert-binding-for-multi-auth-01?
> 
> Please reply to this message by Friday, 30 September 2022 to voice your support or opposition to adoption.
> 
> On behalf of the LAMPS WG Chairs,
> Russ
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZXDQscT58wd3A6WqFSiZsZyKG7MLQ8dmu9DiaWkrnbtY4du_M1Gi2f6wGLa5mvWq_PtIdei_61RHIFXSwU-zLXwO1pY6$
> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm