Re: [Spasm] Let's focus
Wei Chuang <weihaw@google.com> Thu, 26 May 2016 20:11 UTC
Return-Path: <weihaw@google.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17BF412D7EE for <spasm@ietfa.amsl.com>; Thu, 26 May 2016 13:11:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.126
X-Spam-Level:
X-Spam-Status: No, score=-4.126 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9D3M_DEOZ3c for <spasm@ietfa.amsl.com>; Thu, 26 May 2016 13:11:14 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28DE412D893 for <spasm@ietf.org>; Thu, 26 May 2016 13:11:14 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id w184so135274538oiw.2 for <spasm@ietf.org>; Thu, 26 May 2016 13:11:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QbqcBU0EbCIMjcgcw7mgSUMoHu3qfNzKjl+XyKSp4OI=; b=TM4tMOXQNpDCP3S44WQCbHCFEJ8NSSs9+t2btT5aOlhdQOg3JqpGgrqIbiF8v0J90x RdY2zuxFREJQomDuG44jJa40BMiMJl5cGN2sexrAmtgDsvDIri6vfv12tT3/imWr92b5 Hy5EwGcainDWG7q7d9jbDv2D/T9E7AlBlxYnRr6EVJ+1U5K3dqHlb9UqAYfjt7sQeZPw VfF9rGEvWIif4Cb+s/dDuhxIgZHLzdzor0oi+P9mxJ7nCK9nYtN+4ZC8Bmmmoi+NxrBP J5CU2VwBMzA3Fv/z7GgZQw/LYQ6qoOQI9EFGkLl5h4vizTsJVZFVEoRenLZxy559DCC9 WMXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QbqcBU0EbCIMjcgcw7mgSUMoHu3qfNzKjl+XyKSp4OI=; b=J2rQ39A3CjN7JRYmKQ7NwBF8D+QcccIs7R5++WF8V+g6XDv/CxbZ2ERzNijznL1LiX uaEBSGAly6OvhRALPZxV1tmTkWsvha/n1NhMec0FeyI10NarvsniWHEW2UESwiO8W/Gr wgpNP1pXZozihoOSNTZm6uaQxxC7OQGSoRZh1cSaWSR3sOFEIudiJlX8uPVDUwnlt7Mq SAOVLJBCACwucG3Cyp0GPdNhFT22kwR+m7KhDkQKbDx5ztUCkNbMOs5weqsucN1YWkfA NHUbhyFzIc6UYO9fubxgsZY/rhPsIXAoFC2GkmYhQpOjT0pBCCwnDOwJEkDpQc3p4EXm WG/A==
X-Gm-Message-State: ALyK8tLrwTxSW6YOM9Y9YwfI5FN2K+Js8diJ0pxILXv3RYonDy6ovu3PC0WjAuizIbJ6Q/nQw6sX44chy3ueJ9yc
X-Received: by 10.157.31.36 with SMTP id x33mr7784862otd.26.1464293473143; Thu, 26 May 2016 13:11:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.1.67 with HTTP; Thu, 26 May 2016 13:11:12 -0700 (PDT)
In-Reply-To: <CAL02cgSHWvmmhCqv1Dz8wfiGsOqOXWNi150suR-5xqt3F8ppcw@mail.gmail.com>
References: <CAL02cgSHWvmmhCqv1Dz8wfiGsOqOXWNi150suR-5xqt3F8ppcw@mail.gmail.com>
From: Wei Chuang <weihaw@google.com>
Date: Thu, 26 May 2016 13:11:12 -0700
Message-ID: <CAAFsWK1j6mwaGN71==WH9zKqQ1zJUda9hEvsmjjRPnNYQ-z99w@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Content-Type: multipart/alternative; boundary="001a113e58965092420533c4645a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spasm/yX2AprQ72KQu0ScVn7aL6o7Izeg>
Cc: spasm@ietf.org
Subject: Re: [Spasm] Let's focus
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 20:11:16 -0000
On Thu, May 26, 2016 at 1:04 PM, Richard Barnes <rlb@ipv.sx> wrote: > Hey all, > > I'm concerned that the proposed scope [1] for this WG is (1) too broad, > and (2) inconsistent with the participation so far. > > The breadth concern is evident in the ambiguity of the name "Some?" This > group should identify some concrete, practical problems in the Internet > they need to solve, describe them, and demonstrate that they have the right > set of stakeholders to develop, implement, and deploy a solution. > > I'm personally most concerned about the "fix the EKUs" milestone, at least > as it's realized in [2]. From the perspective of someone who works a lot > in the Web PKI, this sounds like a request for a feature that has negative > value. The incremental value of the proposed feature would be to allow > "everything but X" CAs. Recent experience in the Web PKI has driven home > how harmful it can be to have divergent sets of RPs relying on the same > PKI, so allowing CAs to be more unconstrained is moving in the wrong > direction. I'm not dogmatic on this, but in order to be persuaded, I would > need to see active interest from some real CAs, and from the logs of this > list, I'm not seeing anyone who's a current participant in the Web PKI > (apologies if I've failed to recognize someone). > > I'm also concerned about the "SRV for cert stores" milestone, though I > admit I'm not as deep in this space. Looking at the proposed doc, it seems > like the SRV adds any value over just looking stuff up at a well-known URI, > e.g., adding a "x5c" attribute to a WebFinger resource. Anything that > requires special DNS magic (and SRV counts) is going to face significant > deployment barriers. So I would be happier if this were a "define a simple > cert discovery mechanism for S/MIME" milestone, rather than being bound to > a specific mechanism. > > Overall, it seems like this group should focus on moving the ball forward > with regard to making S/MIME deployable in today's Internet -- fixing > papercuts around AEAD, i18n, and cert discovery. The PKIX stuff is > unrelated and addresses an entirely different constituency. > The certificate i18n email address draft is actively being worked on. Probably a next rev posted next week or sooner. -Wei > > --Richard > > > [1] https://datatracker.ietf.org/doc/charter-ietf-spasm/ > [2] https://tools.ietf.org/html/draft-housley-spasm-eku-constraints-01 > [3] https://tools.ietf.org/html/draft-bhjl-x509-srv-00 > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > >
- [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Wei Chuang
- Re: [Spasm] Let's focus Stephen Farrell
- Re: [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Stephen Farrell
- Re: [Spasm] Let's focus Richard Barnes
- Re: [Spasm] Let's focus Santosh Chokhani
- Re: [Spasm] Let's focus Richard Barnes