Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

["Salz, Rich" <rsalz@akamai.com>]

You need to create a free account on datatracker.ietf.org. From there, you login and can click on Documents->I-D submission. For this case, it might be easiest to open MSWord and “save as text”. Clean it up a little and then “submit other formats”

The goal is to just got something submitted into the IETF. Even if it expires, that is okay.  I assume you’ve dealt with the copyright concerns from the other SDOs.

If you want to actually work on this draft, get feedback, etc., then Hoo boy.  Start with https://authors.ietf.org it has various tips and hints.

Hope this helps.

From: "Stapleton, Jeff" <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>
Date: Tuesday, October 10, 2023 at 9:12 AM
To: Rich Salz <rsalz@akamai.com>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit" <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)" <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve Stevens - X9 Executve Director (steve.stevens@x9.org)" <steve.stevens@x9.org>
Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

Rich,
Thanks for the quick reply.

Regarding submission via datatracker, I’ve used its search function, but never for submitting. RFC 8447 only mentioned the tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy to do so but what’s the link? – sorry, newbie question.

Regarding the value “9146” sent a follow up email to Anthony Hu.

Anything else at this time?  Thanks!
Jeff


From: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Sent: Monday, October 9, 2023 1:39 PM
To: Stapleton, Jeff <Jeff.Stapleton@wellsfargo.com>; tls-reg-review@ietf.org
Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com) <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve Stevens - X9 Executve Director (steve.stevens@x9.org) <steve.stevens@x9.org>
Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

Are you planning on submitting that draft via the datatracker?

Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal 37190)? Either would be fine, as both are within unassigned ranges:
6683-10793

Unassigned

35467-39577

Unassigned



From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls-reg-review-bounces@ietf.org>> on behalf of "Stapleton, Jeff" <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>>
Date: Monday, October 9, 2023 at 10:26 AM
To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>>
Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>, "Rao, Abhijit" <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>, "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)" <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve Stevens - X9 Executve Director (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)" <steve.stevens@x9.org<mailto:steve.stevens@x9.org>>
Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

Attached for consideration is draft-stapleton-hybrid-x509-cks-tls-01.docx TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates. This document describes a Transport Layer Security (TLS) extension Certificate Key Selection (CKS) using hybrid X.509 certificates. The CKS allows TLS servers to negotiate with TLS clients for selecting the usage order of the native public key and certificate signature, the alternate public key and certificate signature, or both. The CKS options enable forwards or backwards interoperability when migrating services for large organizations during one or more cryptographic transitions.

The goal of this document is to introduce CKS based on the draft X9.146 standard and register the TLS extension “9146” for further development.

ANSI X9.146–20231002  DRAFT Public Key Infrastructure (PKI) – Certificate Key Selection (CKS)  for Transport Layer Security (TLS). This standard specifies a Transport Layer Security (TLS) protocol extension for certificate public key selection in certificates that possess more than one public key. The extension schema and its processing requirements are defined for both client and server participants in a TLS handshake. The current work focuses on hybrid (dual-key) certificates but its scope will include composite and chameleon certificates.

Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If successful, this ANSI standard will be submitted to TC68 for ISO standardization, which per ISO rules will also be copyrighted. See links.

·         ASC X9 https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$>

·         ANSI https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$>

·         ISO https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$>

·         ISO TC68 https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$>

Thank you for your consideration.

Jeff Stapleton
Wells Fargo
Enterprise Post Quantum Cryptography (PQC) Strategy
Senior Lead Cyber Security Research Consultant
Mobile 817-682-1318