Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
"Salz, Rich" <rsalz@akamai.com> Sat, 14 October 2023 11:41 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22756C151073 for <tls-reg-review@ietfa.amsl.com>; Sat, 14 Oct 2023 04:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7iQylQMrl9JX for <tls-reg-review@ietfa.amsl.com>; Sat, 14 Oct 2023 04:41:08 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF773C14CF1A for <tls-reg-review@ietf.org>; Sat, 14 Oct 2023 04:41:08 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.17.1.22/8.17.1.22) with ESMTP id 39E3mjWq023676; Sat, 14 Oct 2023 12:40:46 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=jan2016.eng; bh=9zhicL84GhjeE2omkk/Eq74WDuECR9FEN+dD/hQqYv4=; b= AhfdLJzF1Mug/zwAs0PMzMcH5erhehaY9eFEtsTLufx5pkDKTowkzSjWOr0tAPme 424R1WfBoT5Jup7Cnvs6+DyKUh7cdehIaNwneL579BlxW8mUFc7Ec1Z10e1ofir2 62CXcbCnrMN3OWdpLLAlkUv8UOp+gJEv8JB3+9nH/B+jaFa0RFeSg+nJ7Jaiaddr /8rd85R4a+li/pUU/wfwNFzc8aOaHXWu3HGzNzx8sTJ1Ut76ErFzNG3dy/+RlUTg bBkgm36pOpMamHzrXq9eylSXS7TgPhUH7cNzKsdycMIwP5CSeErmOXxyXHDk+3N4 uWzPSsdE3ACM4JBsIuFZiw==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 3tqkdfapgc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Oct 2023 12:40:46 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 39E77poU021628; Sat, 14 Oct 2023 07:40:45 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint3.akamai.com (PPS) with ESMTPS id 3tqpavrws7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Oct 2023 07:40:45 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Sat, 14 Oct 2023 04:40:44 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.025; Sat, 14 Oct 2023 04:40:44 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: "iana-prot-param-comment@iana.org" <iana-prot-param-comment@iana.org>
CC: "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
Thread-Topic: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
Thread-Index: AQHZ/TQ8+0zxT7/Oc0ukaNkzr2FMk7BG7qiAgAD6y4+AAXT3AA==
Date: Sat, 14 Oct 2023 11:40:44 +0000
Message-ID: <670877B2-8BA5-4CC1-965A-14A2D0D7DF4B@akamai.com>
References: <RT-Ticket-1283623@icann.org> <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com> <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <IA0PR11MB7955A800D01289510C16FAC5E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com> <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org> <4F68A6F0-BCC8-4490-A2BE-FCC90F85FF0E@gmail.com> <rt-5.0.3-1471150-1697135331-366.1283623-9-0@icann.org> <rt-5.0.3-83595-1697214336-194.1283623-9-0@icann.org>
In-Reply-To: <rt-5.0.3-83595-1697214336-194.1283623-9-0@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.77.23091703
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <8FD091074C093B4C8949D45C89FE9747@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-13_12,2023-10-12_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 phishscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310140102
X-Proofpoint-ORIG-GUID: UnScKnD6y4fj_jbRZs1eqVbspo6uQiFF
X-Proofpoint-GUID: UnScKnD6y4fj_jbRZs1eqVbspo6uQiFF
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-13_12,2023-10-12_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 suspectscore=0 malwarescore=0 phishscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2309180000 definitions=main-2310140103
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/81SFetZwDOu4UyaJDa_HqznxvAk>
Subject: Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Oct 2023 11:41:13 -0000
They said they did upload it. Maybe held for manual approval because of metadata issues? On 10/13/23, 12:25 PM, "tls-reg-review on behalf of Sabrina Tanamal via RT" <tls-reg-review-bounces@ietf.org <mailto:tls-reg-review-bounces@ietf.org> on behalf of iana-prot-param-comment@iana.org <mailto:iana-prot-param-comment@iana.org>> wrote: Hi Rich, Yoav, Nick, Sorry, I forgot to ask one more question. It appears the requester has yet to upload the document to the datatracker: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-stapleton-hybrid-x509-cks-tls/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBkgDWyEs$ <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-stapleton-hybrid-x509-cks-tls/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBkgDWyEs$> The .txt is available in staging at https://urldefense.com/v3/__https://www.ietf.org/staging/draft-stapleton-hybrid-x509-cks-tls-00.txt__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBm3_MRQk$ <https://urldefense.com/v3/__https://www.ietf.org/staging/draft-stapleton-hybrid-x509-cks-tls-00.txt__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBm3_MRQk$> , so I'm not sure what to point the reference to. Should we ask the requester to upload the draft to the datatracker? Thanks, Sabrina On Thu Oct 12 18:28:51 2023, ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com> wrote: > Yes, I can. I approve. > > Yoav > > > On 12 Oct 2023, at 20:46, Sabrina Tanamal via RT <iana-prot-param- > > comment@iana.org <mailto:comment@iana.org>> wrote: > > > > Hi Nick and Yoav, > > > > Could one of you approve this request? We have approval from Rich > > below. > > > > Registry: TLS ExtensionType Values > > (https://urldefense.com/v3/__https://www.iana.org/assignments/tls-extensiontype-values__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBt0Z7D7Y$ <https://urldefense.com/v3/__https://www.iana.org/assignments/tls-extensiontype-values__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBt0Z7D7Y$> ) > > > > Value: TBD (9146 suggested) > > Extension Name: Certificate Key Selection (CKS) > > TLS 1.3: CH, SH, CT > > DTLS-Only: N > > Recommended: N > > > > Thanks, > > Sabrina > > > > On Tue Oct 10 21:59:18 2023, rsalz@akamai.com <mailto:rsalz@akamai.com> wrote: > >> This is great, thanks for your draft. > >> > >> I approve this assignment, for the extension 0x9146 with the > >> semantics > >> described. It will require at least one of the other experts (Yoav > >> Nir or Nick Sullivan, also on this email alias) to approve. Adding > >> IANA to the list so they can track it. > >> > >> From: "Stapleton, Jeff" > >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org <mailto:40wellsfargo.com@dmarc.ietf.org>> > >> Date: Tuesday, October 10, 2023 at 5:15 PM > >> To: Rich Salz <rsalz@akamai.com <mailto:rsalz@akamai.com>> > >> Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>, "Rao, Abhijit" > >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>, "Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com>)" > >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com>>, David Hook <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>, "Steve > >> Stevens - X9 Executve Director (steve.stevens@x9.org <mailto:steve.stevens@x9.org>)" > >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org>> > >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Rich, > >> I think I uploaded the .txt draft to the Datatracker. I saved my > >> Word > >> version as .txt and .xml formats but had issues getting thru the > >> idnits checking so after several attempts, here’s the link to my > >> upload. > >> > >> https://urldefense.com/v3/__https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBaiJ6HpQ$ <https://urldefense.com/v3/__https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBaiJ6HpQ$> <https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm- <https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm-> > >> lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$> > >> > >> BTW I also tried reading the .txt into Wordpad and Notepad and > >> resaving, but it didn’t seem to satisfy the idnits issues. > >> Jeff > >> > >> > >> From: Stapleton, Jeff > >> Sent: Tuesday, October 10, 2023 8:12 AM > >> To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org <mailto:40akamai.com@dmarc.ietf.org>>; tls-reg- > >> review@ietf.org <mailto:review@ietf.org> > >> Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>; Rao, Abhijit > >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>; Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com>) > >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com>>; David Hook <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>; Steve > >> Stevens - X9 Executve Director (steve.stevens@x9.org <mailto:steve.stevens@x9.org>) > >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org>> > >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Rich, > >> Thanks for the quick reply. > >> > >> Regarding submission via datatracker, I’ve used its search function, > >> but never for submitting. RFC 8447 only mentioned the tls-reg- > >> review@ietf.org <mailto:review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>> mailing list. Happy > >> to > >> do so but what’s the link? – sorry, newbie question. > >> > >> Regarding the value “9146” sent a follow up email to Anthony Hu. > >> > >> Anything else at this time? Thanks! > >> Jeff > >> > >> > >> From: Salz, Rich > >> <rsalz=40akamai.com@dmarc.ietf.org <mailto:40akamai.com@dmarc.ietf.org><mailto:rsalz=40akamai.com@dmarc.ietf.org <mailto:40akamai.com@dmarc.ietf.org>>> > >> Sent: Monday, October 9, 2023 1:39 PM > >> To: Stapleton, Jeff > >> <Jeff.Stapleton@wellsfargo.com <mailto:Jeff.Stapleton@wellsfargo.com><mailto:Jeff.Stapleton@wellsfargo.com <mailto:Jeff.Stapleton@wellsfargo.com>>>; > >> tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>> > >> Cc: Bordow, Peter > >> <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com><mailto:Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>>; > >> Rao, Abhijit > >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com><mailto:Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>>; > >> Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>) > >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>>; David Hook > >> <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com><mailto:David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>>; Steve > >> Stevens - X9 Executve Director > >> (steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>) > >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>> > >> Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Are you planning on submitting that draft via the datatracker? > >> > >> Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal > >> 37190)? Either would be fine, as both are within unassigned ranges: > >> 6683-10793 > >> > >> Unassigned > >> > >> 35467-39577 > >> > >> Unassigned > >> > >> > >> > >> From: tls-reg-review <tls-reg-review-bounces@ietf.org <mailto:tls-reg-review-bounces@ietf.org><mailto:tls- > >> reg- > >> review-bounces@ietf.org <mailto:review-bounces@ietf.org>>> on behalf of "Stapleton, Jeff" > >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org <mailto:40wellsfargo.com@dmarc.ietf.org><mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org <mailto:40wellsfargo.com@dmarc.ietf.org>>> > >> Date: Monday, October 9, 2023 at 10:26 AM > >> To: "tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>>" <tls- > >> reg-review@ietf.org <mailto:reg-review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>>> > >> Cc: "Bordow, Peter" > >> <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com><mailto:Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>>, > >> "Rao, Abhijit" > >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com><mailto:Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>>, > >> "Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>)" > >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>>, David Hook > >> <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com><mailto:David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>>, "Steve > >> Stevens - X9 Executve Director > >> (steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>)" > >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>> > >> Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Attached for consideration is draft-stapleton-hybrid-x509-cks-tls- > >> 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509 > >> Hybrid Certificates. This document describes a Transport Layer > >> Security (TLS) extension Certificate Key Selection (CKS) using > >> hybrid > >> X.509 certificates. The CKS allows TLS servers to negotiate with TLS > >> clients for selecting the usage order of the native public key and > >> certificate signature, the alternate public key and certificate > >> signature, or both. The CKS options enable forwards or backwards > >> interoperability when migrating services for large organizations > >> during one or more cryptographic transitions. > >> > >> The goal of this document is to introduce CKS based on the draft > >> X9.146 standard and register the TLS extension “9146” for further > >> development. > >> > >> ANSI X9.146–20231002 DRAFT Public Key Infrastructure (PKI) – > >> Certificate Key Selection (CKS) for Transport Layer Security (TLS). > >> This standard specifies a Transport Layer Security (TLS) protocol > >> extension for certificate public key selection in certificates that > >> possess more than one public key. The extension schema and its > >> processing requirements are defined for both client and server > >> participants in a TLS handshake. The current work focuses on hybrid > >> (dual-key) certificates but its scope will include composite and > >> chameleon certificates. > >> > >> Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If > >> successful, this ANSI standard will be submitted to TC68 for ISO > >> standardization, which per ISO rules will also be copyrighted. See > >> links. > >> > >> · ASC X9 > >> https://urldefense.com/v3/__https://x9.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB24pK3oE$ <https://urldefense.com/v3/__https://x9.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB24pK3oE$> <https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-> > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$> > >> > >> · ANSI > >> https://urldefense.com/v3/__https://www.ansi.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB6O7jRGc$ <https://urldefense.com/v3/__https://www.ansi.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB6O7jRGc$> <https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-> > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$> > >> > >> · ISO > >> https://urldefense.com/v3/__https://www.iso.org/home.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBIZnHvT8$ <https://urldefense.com/v3/__https://www.iso.org/home.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBIZnHvT8$> <https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-> > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$> > >> > >> · ISO TC68 > >> https://urldefense.com/v3/__https://www.iso.org/committee/49650.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB2KQplvM$ <https://urldefense.com/v3/__https://www.iso.org/committee/49650.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB2KQplvM$> <https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-> > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$> > >> > >> Thank you for your consideration. > >> > >> Jeff Stapleton > >> Wells Fargo > >> Enterprise Post Quantum Cryptography (PQC) Strategy > >> Senior Lead Cyber Security Research Consultant > >> Mobile 817-682-1318 > >> > > > > _______________________________________________ > > tls-reg-review mailing list > > tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org> > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$ <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$> _______________________________________________ tls-reg-review mailing list tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$ <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$>
- [Tls-reg-review] TLS Certificate Key Selection (C… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Yoav Nir
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich