[stir] draft-housley-stir-enhance-rfc8226-00
Russ Housley <housley@vigilsec.com> Thu, 21 January 2021 21:32 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21D133A0CE9 for <stir@ietfa.amsl.com>; Thu, 21 Jan 2021 13:32:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QDMoVl_2RWJa for <stir@ietfa.amsl.com>; Thu, 21 Jan 2021 13:32:32 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62BFE3A0C93 for <stir@ietf.org>; Thu, 21 Jan 2021 13:32:32 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 0A15A300BA5 for <stir@ietf.org>; Thu, 21 Jan 2021 16:32:30 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TwYCM0wlyCsM for <stir@ietf.org>; Thu, 21 Jan 2021 16:32:28 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 5AD65300ADB for <stir@ietf.org>; Thu, 21 Jan 2021 16:32:28 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BF136646-353A-4371-A58F-E91F15EBCB2A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Message-Id: <6515CC12-1A12-4524-9EB9-5C46D01855CF@vigilsec.com>
References: <161126455434.3362.14572023954174036871@ietfa.amsl.com>
To: IETF STIR Mail List <stir@ietf.org>
Date: Thu, 21 Jan 2021 16:32:29 -0500
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/_-78Dyfr5mKHYvd3Gsd-rjlZ3Bk>
Subject: [stir] draft-housley-stir-enhance-rfc8226-00
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2021 21:32:35 -0000
Please review and comment. Christ Wendt has found some use cases where the JWT Claims Constraints in RFC 8226 are not adequate. This I-D proposes an enhancement to make the constraints more rich. Russ > From: internet-drafts@ietf.org > Subject: New Version Notification for draft-housley-stir-enhance-rfc8226-00.txt > Date: January 21, 2021 at 4:29:14 PM EST > To: "Russ Housley" <housley@vigilsec.com> > > > A new version of I-D, draft-housley-stir-enhance-rfc8226-00.txt > has been successfully submitted by Russ Housley and posted to the > IETF repository. > > Name: draft-housley-stir-enhance-rfc8226 > Revision: 00 > Title: Enhanced JWT Claim Constraints for STIR Certificates > Document date: 2021-01-21 > Group: Individual Submission > Pages: 8 > URL: https://www.ietf.org/archive/id/draft-housley-stir-enhance-rfc8226-00.txt > Status: https://datatracker.ietf.org/doc/draft-housley-stir-enhance-rfc8226/ > Htmlized: https://datatracker.ietf.org/doc/html/draft-housley-stir-enhance-rfc8226 > Htmlized: https://tools.ietf.org/html/draft-housley-stir-enhance-rfc8226-00 > > > Abstract: > RFC 8226 provides a certificate extension to constrain the JWT claims > that can be included in the PASSporT as defined in RFC 8225. If the > signer includes a JWT claim outside the constraint boundaries, then > the recipient will reject the entire PASSporT. This document defines > additional ways that the JWT claims can be constrained. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > >
- [stir] draft-housley-stir-enhance-rfc8226-00 Russ Housley
- Re: [stir] draft-housley-stir-enhance-rfc8226-00 Peterson, Jon
- Re: [stir] draft-housley-stir-enhance-rfc8226-00 Chris Wendt
- Re: [stir] draft-housley-stir-enhance-rfc8226-00 Jack Rickard
- Re: [stir] draft-housley-stir-enhance-rfc8226-00 Chris Wendt
- Re: [stir] draft-housley-stir-enhance-rfc8226-00 Jack Rickard
- Re: [stir] draft-housley-stir-enhance-rfc8226-00 Sean Turner