IETF Logo Mail Archive

Re: [stir] draft-housley-stir-enhance-rfc8226-00

Chris Wendt <chris-ietf@chriswendt.net> Mon, 25 January 2021 17:35 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D1AA3A15F2 for <stir@ietfa.amsl.com>; Mon, 25 Jan 2021 09:35:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.104
X-Spam-Level:
X-Spam-Status: No, score=0.104 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lTmKf9lUU8B2 for <stir@ietfa.amsl.com>; Mon, 25 Jan 2021 09:35:53 -0800 (PST)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 863EB3A15E6 for <stir@ietf.org>; Mon, 25 Jan 2021 09:35:53 -0800 (PST)
Received: by mail-qv1-xf35.google.com with SMTP id n14so1781975qvg.5 for <stir@ietf.org>; Mon, 25 Jan 2021 09:35:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=1auCScg9H1qlHgrpBLkLMPR2Be21JA0/QUVejoGkKCE=; b=0XFdJusvc0TJQmdTZQOGf0edqUQBHF43OAW3kdc927Cjq5cuuUIv9EXHIhhe9djecQ SvAkSie1NuP7U7yb5Pas5QXsFNggemhMGx9NGyWLy3S51MbD5+7CxcJDuMjrzwRdXtlk AFc8yPfR9yWwKVzL+kgjoedj+f9kGiipHRB3BN5Cf2H9mMPYAESNZCXotPrfpo3phYUk 6+6r3Uheg4Tz/fKtToYoIjGtjh6Lx7Ewe9yHvjeEallItXJ6NKt+d5XhLAEBkDnLrmsC 2fuLHGePAiuondIZTLOO7e2Kl6KPF6zi7CI0AR3Z9vcGy2mIjfYfYSu9U/64KBHPwshP kKQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=1auCScg9H1qlHgrpBLkLMPR2Be21JA0/QUVejoGkKCE=; b=UbbkR+DSqjfGylLhbcX7oD+jXsDKiXdQ5bKM9ygsc6WZgBal1RCIK/rC6gFsC/lOFK DTMIuIrFkOCiRZHWhLkwX4bTDqpiBj0ltVOxUy2rj3DqvBZuvdXnFQHU08adpSnuUZpb 76xfqewWgSeZKJStp/9jBdfu0/zLAOCJ1DZidhxTGRtsNqeowzelMe47a11GGYaraesc i+W+AiZr+XiBJ5DcUEQoU7F8LhQVocYMntpV7xYk2Nhw7r9w1XNbFFtsJo/PDsqGAnr6 /+NcZhALMLl0Ng0mD0rMYaBQM7FW0FDlfvo1R3zAE1ev2D8kDbwdI8qZ5mE9U+YwMjBJ +tDg==
X-Gm-Message-State: AOAM5335TA5FrdVJjEhGpYZkCBrrA1ZBFAEh+59ZPb296ptk0GDvrtid R0ec3drz90KOrQB1qwSFsfF+QA==
X-Google-Smtp-Source: ABdhPJyPNg15McUUZMwXX2vtk2TjPPJRoFNAKgPc6QOU2dE2wJEwZxgLwkXsaLTN9mGypw7YcJIVAg==
X-Received: by 2002:a0c:e74a:: with SMTP id g10mr1819505qvn.3.1611596152571; Mon, 25 Jan 2021 09:35:52 -0800 (PST)
Received: from [192.168.0.163] (c-68-82-121-87.hsd1.pa.comcast.net. [68.82.121.87]) by smtp.gmail.com with ESMTPSA id o8sm7451505qkm.59.2021.01.25.09.35.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Jan 2021 09:35:51 -0800 (PST)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <5B45AC48-1B15-47A2-81C8-6C61189C8049@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_325E2759-AC82-4694-923F-D78E929D17D7"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Date: Mon, 25 Jan 2021 12:35:50 -0500
In-Reply-To: <806C9887-FAAC-4EDF-ADFB-A8B65AF41739@team.neustar>
Cc: Russ Housley <housley@vigilsec.com>, IETF STIR Mail List <stir@ietf.org>
To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>
References: <161126455434.3362.14572023954174036871@ietfa.amsl.com> <6515CC12-1A12-4524-9EB9-5C46D01855CF@vigilsec.com> <806C9887-FAAC-4EDF-ADFB-A8B65AF41739@team.neustar>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/SOL7CDLny7IBl-HX6jSy2aV14Ac>
Subject: Re: [stir] draft-housley-stir-enhance-rfc8226-00
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2021 17:35:55 -0000

Yes agree, this looks good!  Thanks Russ.

> On Jan 25, 2021, at 11:04 AM, Peterson, Jon <jon.peterson=40team.neustar@dmarc.ietf.org> wrote:
> 
>  
> I think this is a helpful and pretty simple patch – can we get a call for adoption?
>  
> Jon Peterson
> Neustar, Inc.
>  
> From: stir <stir-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
> Date: Thursday, January 21, 2021 at 1:32 PM
> To: IETF STIR Mail List <stir@ietf.org>
> Subject: [stir] draft-housley-stir-enhance-rfc8226-00
>  
> Please review and comment.  Christ Wendt has found some use cases where the JWT Claims Constraints in RFC 8226 are not adequate.  This I-D proposes an enhancement to make the constraints more rich.
>  
> Russ
>  
> 
> 
>> From: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
>> Subject: New Version Notification for draft-housley-stir-enhance-rfc8226-00.txt
>> Date: January 21, 2021 at 4:29:14 PM EST
>> To: "Russ Housley" <housley@vigilsec.com <mailto:housley@vigilsec.com>>
>>  
>> 
>> A new version of I-D, draft-housley-stir-enhance-rfc8226-00.txt
>> has been successfully submitted by Russ Housley and posted to the
>> IETF repository.
>> 
>> Name: draft-housley-stir-enhance-rfc8226
>> Revision: 00
>> Title: Enhanced JWT Claim Constraints for STIR Certificates
>> Document date: 2021-01-21
>> Group: Individual Submission
>> Pages: 8
>> URL:            https://www.ietf.org/archive/id/draft-housley-stir-enhance-rfc8226-00.txt <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-housley-stir-enhance-rfc8226-00.txt__;!!N14HnBHF!rT7l4j2npZze97iP564UAYWWZ3nA3V85whav8RbkGEB53gVm1H1_54KhBGI$>
>> Status:         https://datatracker.ietf.org/doc/draft-housley-stir-enhance-rfc8226/ <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-housley-stir-enhance-rfc8226/__;!!N14HnBHF!rT7l4j2npZze97iP564UAYWWZ3nA3V85whav8RbkGEB53gVm1H1_ccfXMAo$>
>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-housley-stir-enhance-rfc8226 <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-housley-stir-enhance-rfc8226__;!!N14HnBHF!rT7l4j2npZze97iP564UAYWWZ3nA3V85whav8RbkGEB53gVm1H1_7fCdqZE$>
>> Htmlized:       https://tools.ietf.org/html/draft-housley-stir-enhance-rfc8226-00 <https://urldefense.com/v3/__https://tools.ietf.org/html/draft-housley-stir-enhance-rfc8226-00__;!!N14HnBHF!rT7l4j2npZze97iP564UAYWWZ3nA3V85whav8RbkGEB53gVm1H1_vRWkKsM$>
>> 
>> 
>> Abstract:
>>   RFC 8226 provides a certificate extension to constrain the JWT claims
>>   that can be included in the PASSporT as defined in RFC 8225.  If the
>>   signer includes a JWT claim outside the constraint boundaries, then
>>   the recipient will reject the entire PASSporT.  This document defines
>>   additional ways that the JWT claims can be constrained.
>> 
>> 
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org <https://urldefense.com/v3/__http://tools.ietf.org__;!!N14HnBHF!rT7l4j2npZze97iP564UAYWWZ3nA3V85whav8RbkGEB53gVm1H1_KHn1gbQ$>.
>> 
>> The IETF Secretariat
>> 
>> 
> 
>  
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.8.7 | Report a Bug | By Email