IETF Logo Mail Archive

Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)

"Salz, Rich" <rsalz@akamai.com> Sat, 14 October 2023 11:41 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22756C151073 for <tls-reg-review@ietfa.amsl.com>; Sat, 14 Oct 2023 04:41:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7iQylQMrl9JX for <tls-reg-review@ietfa.amsl.com>; Sat, 14 Oct 2023 04:41:08 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF773C14CF1A for <tls-reg-review@ietf.org>; Sat, 14 Oct 2023 04:41:08 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.17.1.22/8.17.1.22) with ESMTP id 39E3mjWq023676; Sat, 14 Oct 2023 12:40:46 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-id:content-transfer-encoding:mime-version; s=jan2016.eng; bh=9zhicL84GhjeE2omkk/Eq74WDuECR9FEN+dD/hQqYv4=; b= AhfdLJzF1Mug/zwAs0PMzMcH5erhehaY9eFEtsTLufx5pkDKTowkzSjWOr0tAPme 424R1WfBoT5Jup7Cnvs6+DyKUh7cdehIaNwneL579BlxW8mUFc7Ec1Z10e1ofir2 62CXcbCnrMN3OWdpLLAlkUv8UOp+gJEv8JB3+9nH/B+jaFa0RFeSg+nJ7Jaiaddr /8rd85R4a+li/pUU/wfwNFzc8aOaHXWu3HGzNzx8sTJ1Ut76ErFzNG3dy/+RlUTg bBkgm36pOpMamHzrXq9eylSXS7TgPhUH7cNzKsdycMIwP5CSeErmOXxyXHDk+3N4 uWzPSsdE3ACM4JBsIuFZiw==
Received: from prod-mail-ppoint3 (a72-247-45-31.deploy.static.akamaitechnologies.com [72.247.45.31] (may be forged)) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 3tqkdfapgc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Oct 2023 12:40:46 +0100 (BST)
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 39E77poU021628; Sat, 14 Oct 2023 07:40:45 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint3.akamai.com (PPS) with ESMTPS id 3tqpavrws7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Oct 2023 07:40:45 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Sat, 14 Oct 2023 04:40:44 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.025; Sat, 14 Oct 2023 04:40:44 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: "iana-prot-param-comment@iana.org" <iana-prot-param-comment@iana.org>
CC: "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
Thread-Topic: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
Thread-Index: AQHZ/TQ8+0zxT7/Oc0ukaNkzr2FMk7BG7qiAgAD6y4+AAXT3AA==
Date: Sat, 14 Oct 2023 11:40:44 +0000
Message-ID: <670877B2-8BA5-4CC1-965A-14A2D0D7DF4B@akamai.com>
References: <RT-Ticket-1283623@icann.org> <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com> <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <IA0PR11MB7955A800D01289510C16FAC5E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com> <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org> <4F68A6F0-BCC8-4490-A2BE-FCC90F85FF0E@gmail.com> <rt-5.0.3-1471150-1697135331-366.1283623-9-0@icann.org> <rt-5.0.3-83595-1697214336-194.1283623-9-0@icann.org>
In-Reply-To: <rt-5.0.3-83595-1697214336-194.1283623-9-0@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.77.23091703
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <8FD091074C093B4C8949D45C89FE9747@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-13_12,2023-10-12_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 phishscore=0 mlxlogscore=999 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310140102
X-Proofpoint-ORIG-GUID: UnScKnD6y4fj_jbRZs1eqVbspo6uQiFF
X-Proofpoint-GUID: UnScKnD6y4fj_jbRZs1eqVbspo6uQiFF
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-13_12,2023-10-12_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 suspectscore=0 malwarescore=0 phishscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2309180000 definitions=main-2310140103
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/81SFetZwDOu4UyaJDa_HqznxvAk>
Subject: Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Oct 2023 11:41:13 -0000

They said they did upload it.  Maybe held for manual approval because of metadata issues?

On 10/13/23, 12:25 PM, "tls-reg-review on behalf of Sabrina Tanamal via RT" <tls-reg-review-bounces@ietf.org <mailto:tls-reg-review-bounces@ietf.org> on behalf of iana-prot-param-comment@iana.org <mailto:iana-prot-param-comment@iana.org>> wrote:


Hi Rich, Yoav, Nick,


Sorry, I forgot to ask one more question. It appears the requester has yet to upload the document to the datatracker: 


https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-stapleton-hybrid-x509-cks-tls/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBkgDWyEs$ <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-stapleton-hybrid-x509-cks-tls/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBkgDWyEs$> 


The .txt is available in staging at https://urldefense.com/v3/__https://www.ietf.org/staging/draft-stapleton-hybrid-x509-cks-tls-00.txt__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBm3_MRQk$ <https://urldefense.com/v3/__https://www.ietf.org/staging/draft-stapleton-hybrid-x509-cks-tls-00.txt__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBm3_MRQk$> , so I'm not sure what to point the reference to. Should we ask the requester to upload the draft to the datatracker? 


Thanks,
Sabrina


On Thu Oct 12 18:28:51 2023, ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com> wrote:
> Yes, I can. I approve.
> 
> Yoav
> 
> > On 12 Oct 2023, at 20:46, Sabrina Tanamal via RT <iana-prot-param-
> > comment@iana.org <mailto:comment@iana.org>> wrote:
> >
> > Hi Nick and Yoav,
> >
> > Could one of you approve this request? We have approval from Rich
> > below.
> >
> > Registry: TLS ExtensionType Values
> > (https://urldefense.com/v3/__https://www.iana.org/assignments/tls-extensiontype-values__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBt0Z7D7Y$ <https://urldefense.com/v3/__https://www.iana.org/assignments/tls-extensiontype-values__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBt0Z7D7Y$> )
> >
> > Value: TBD (9146 suggested)
> > Extension Name: Certificate Key Selection (CKS)
> > TLS 1.3: CH, SH, CT
> > DTLS-Only: N
> > Recommended: N
> >
> > Thanks,
> > Sabrina
> >
> > On Tue Oct 10 21:59:18 2023, rsalz@akamai.com <mailto:rsalz@akamai.com> wrote:
> >> This is great, thanks for your draft.
> >>
> >> I approve this assignment, for the extension 0x9146 with the
> >> semantics
> >> described. It will require at least one of the other experts (Yoav
> >> Nir or Nick Sullivan, also on this email alias) to approve. Adding
> >> IANA to the list so they can track it.
> >>
> >> From: "Stapleton, Jeff"
> >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org <mailto:40wellsfargo.com@dmarc.ietf.org>>
> >> Date: Tuesday, October 10, 2023 at 5:15 PM
> >> To: Rich Salz <rsalz@akamai.com <mailto:rsalz@akamai.com>>
> >> Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>, "Rao, Abhijit"
> >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>, "Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com>)"
> >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com>>, David Hook <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>, "Steve
> >> Stevens - X9 Executve Director (steve.stevens@x9.org <mailto:steve.stevens@x9.org>)"
> >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org>>
> >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> >> Extension Using X.509 Hybrid Certificates
> >>
> >> Rich,
> >> I think I uploaded the .txt draft to the Datatracker. I saved my
> >> Word
> >> version as .txt and .xml formats but had issues getting thru the
> >> idnits checking so after several attempts, here’s the link to my
> >> upload.
> >>
> >> https://urldefense.com/v3/__https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBaiJ6HpQ$ <https://urldefense.com/v3/__https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBaiJ6HpQ$> <https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm- <https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm->
> >> lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$>
> >>
> >> BTW I also tried reading the .txt into Wordpad and Notepad and
> >> resaving, but it didn’t seem to satisfy the idnits issues.
> >> Jeff
> >>
> >>
> >> From: Stapleton, Jeff
> >> Sent: Tuesday, October 10, 2023 8:12 AM
> >> To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org <mailto:40akamai.com@dmarc.ietf.org>>; tls-reg-
> >> review@ietf.org <mailto:review@ietf.org>
> >> Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>; Rao, Abhijit
> >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>; Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com>)
> >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com>>; David Hook <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>; Steve
> >> Stevens - X9 Executve Director (steve.stevens@x9.org <mailto:steve.stevens@x9.org>)
> >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org>>
> >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> >> Extension Using X.509 Hybrid Certificates
> >>
> >> Rich,
> >> Thanks for the quick reply.
> >>
> >> Regarding submission via datatracker, I’ve used its search function,
> >> but never for submitting. RFC 8447 only mentioned the tls-reg-
> >> review@ietf.org <mailto:review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>> mailing list. Happy
> >> to
> >> do so but what’s the link? – sorry, newbie question.
> >>
> >> Regarding the value “9146” sent a follow up email to Anthony Hu.
> >>
> >> Anything else at this time? Thanks!
> >> Jeff
> >>
> >>
> >> From: Salz, Rich
> >> <rsalz=40akamai.com@dmarc.ietf.org <mailto:40akamai.com@dmarc.ietf.org><mailto:rsalz=40akamai.com@dmarc.ietf.org <mailto:40akamai.com@dmarc.ietf.org>>>
> >> Sent: Monday, October 9, 2023 1:39 PM
> >> To: Stapleton, Jeff
> >> <Jeff.Stapleton@wellsfargo.com <mailto:Jeff.Stapleton@wellsfargo.com><mailto:Jeff.Stapleton@wellsfargo.com <mailto:Jeff.Stapleton@wellsfargo.com>>>;
> >> tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>>
> >> Cc: Bordow, Peter
> >> <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com><mailto:Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>>;
> >> Rao, Abhijit
> >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com><mailto:Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>>;
> >> Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>)
> >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>>; David Hook
> >> <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com><mailto:David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>>; Steve
> >> Stevens - X9 Executve Director
> >> (steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>)
> >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>>
> >> Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> >> Extension Using X.509 Hybrid Certificates
> >>
> >> Are you planning on submitting that draft via the datatracker?
> >>
> >> Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal
> >> 37190)? Either would be fine, as both are within unassigned ranges:
> >> 6683-10793
> >>
> >> Unassigned
> >>
> >> 35467-39577
> >>
> >> Unassigned
> >>
> >>
> >>
> >> From: tls-reg-review <tls-reg-review-bounces@ietf.org <mailto:tls-reg-review-bounces@ietf.org><mailto:tls-
> >> reg-
> >> review-bounces@ietf.org <mailto:review-bounces@ietf.org>>> on behalf of "Stapleton, Jeff"
> >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org <mailto:40wellsfargo.com@dmarc.ietf.org><mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org <mailto:40wellsfargo.com@dmarc.ietf.org>>>
> >> Date: Monday, October 9, 2023 at 10:26 AM
> >> To: "tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>>" <tls-
> >> reg-review@ietf.org <mailto:reg-review@ietf.org><mailto:tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>>>
> >> Cc: "Bordow, Peter"
> >> <Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com><mailto:Peter.Bordow@wellsfargo.com <mailto:Peter.Bordow@wellsfargo.com>>>,
> >> "Rao, Abhijit"
> >> <Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com><mailto:Abhijit.Rao@wellsfargo.com <mailto:Abhijit.Rao@wellsfargo.com>>>,
> >> "Anthony Hu (anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>)"
> >> <anthony@wolfssl.com <mailto:anthony@wolfssl.com><mailto:anthony@wolfssl.com <mailto:anthony@wolfssl.com>>>, David Hook
> >> <David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com><mailto:David.Hook@keyfactor.com <mailto:David.Hook@keyfactor.com>>>, "Steve
> >> Stevens - X9 Executve Director
> >> (steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>)"
> >> <steve.stevens@x9.org <mailto:steve.stevens@x9.org><mailto:steve.stevens@x9.org <mailto:steve.stevens@x9.org>>>
> >> Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> >> Extension Using X.509 Hybrid Certificates
> >>
> >> Attached for consideration is draft-stapleton-hybrid-x509-cks-tls-
> >> 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509
> >> Hybrid Certificates. This document describes a Transport Layer
> >> Security (TLS) extension Certificate Key Selection (CKS) using
> >> hybrid
> >> X.509 certificates. The CKS allows TLS servers to negotiate with TLS
> >> clients for selecting the usage order of the native public key and
> >> certificate signature, the alternate public key and certificate
> >> signature, or both. The CKS options enable forwards or backwards
> >> interoperability when migrating services for large organizations
> >> during one or more cryptographic transitions.
> >>
> >> The goal of this document is to introduce CKS based on the draft
> >> X9.146 standard and register the TLS extension “9146” for further
> >> development.
> >>
> >> ANSI X9.146–20231002 DRAFT Public Key Infrastructure (PKI) –
> >> Certificate Key Selection (CKS) for Transport Layer Security (TLS).
> >> This standard specifies a Transport Layer Security (TLS) protocol
> >> extension for certificate public key selection in certificates that
> >> possess more than one public key. The extension schema and its
> >> processing requirements are defined for both client and server
> >> participants in a TLS handshake. The current work focuses on hybrid
> >> (dual-key) certificates but its scope will include composite and
> >> chameleon certificates.
> >>
> >> Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If
> >> successful, this ANSI standard will be submitted to TC68 for ISO
> >> standardization, which per ISO rules will also be copyrighted. See
> >> links.
> >>
> >> · ASC X9
> >> https://urldefense.com/v3/__https://x9.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB24pK3oE$ <https://urldefense.com/v3/__https://x9.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB24pK3oE$> <https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd->
> >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$>
> >>
> >> · ANSI
> >> https://urldefense.com/v3/__https://www.ansi.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB6O7jRGc$ <https://urldefense.com/v3/__https://www.ansi.org/__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB6O7jRGc$> <https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd->
> >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$>
> >>
> >> · ISO
> >> https://urldefense.com/v3/__https://www.iso.org/home.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBIZnHvT8$ <https://urldefense.com/v3/__https://www.iso.org/home.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBIZnHvT8$> <https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd->
> >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$>
> >>
> >> · ISO TC68
> >> https://urldefense.com/v3/__https://www.iso.org/committee/49650.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB2KQplvM$ <https://urldefense.com/v3/__https://www.iso.org/committee/49650.html__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWB2KQplvM$> <https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- <https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd->
> >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$>
> >>
> >> Thank you for your consideration.
> >>
> >> Jeff Stapleton
> >> Wells Fargo
> >> Enterprise Post Quantum Cryptography (PQC) Strategy
> >> Senior Lead Cyber Security Research Consultant
> >> Mobile 817-682-1318
> >>
> >
> > _______________________________________________
> > tls-reg-review mailing list
> > tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$ <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$> 


_______________________________________________
tls-reg-review mailing list
tls-reg-review@ietf.org <mailto:tls-reg-review@ietf.org>
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$ <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/tls-reg-review__;!!GjvTz_vk!SNLAQRbOyZUAfrPJGhOJQlob6MukiYLfbqPybpSdXFJb5QHRCXIvp6cVkKRf9deIfUE-cKfg1a7o7rWBcs2Sjm4$>

v2.23.0 | Report a Bug | By Email