[Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)

[Sabrina Tanamal via RT <iana-prot-param-comment@iana.org>]

Hi Nick and Yoav, 

Could one of you approve this request? We have approval from Rich below. 

Registry: TLS ExtensionType Values (https://www.iana.org/assignments/tls-extensiontype-values)

Value: TBD (9146 suggested)
Extension Name: Certificate Key Selection (CKS)
TLS 1.3: CH, SH, CT
DTLS-Only: N
Recommended: N

Thanks,
Sabrina

On Tue Oct 10 21:59:18 2023, rsalz@akamai.com wrote:
> This is great, thanks for your draft.
> 
> I approve this assignment, for the extension 0x9146 with the semantics
> described.  It will require at least one of the other experts (Yoav
> Nir or Nick Sullivan, also on this email alias) to approve.  Adding
> IANA to the list so they can track it.
> 
> From: "Stapleton, Jeff"
> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>
> Date: Tuesday, October 10, 2023 at 5:15 PM
> To: Rich Salz <rsalz@akamai.com>
> Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit"
> <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)"
> <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve
> Stevens - X9 Executve Director (steve.stevens@x9.org)"
> <steve.stevens@x9.org>
> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> Extension Using X.509 Hybrid Certificates
> 
> Rich,
> I think I uploaded the .txt draft to the Datatracker.  I saved my Word
> version as .txt and .xml formats but had issues getting thru the
> idnits checking so after several attempts, here’s the link to my
> upload.
> 
> https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/<https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm-
> lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$>
> 
> BTW I also tried reading the .txt into Wordpad and Notepad and
> resaving, but it didn’t seem to satisfy the idnits issues.
> Jeff
> 
> 
> From: Stapleton, Jeff
> Sent: Tuesday, October 10, 2023 8:12 AM
> To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org>; tls-reg-
> review@ietf.org
> Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit
> <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com)
> <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve
> Stevens - X9 Executve Director (steve.stevens@x9.org)
> <steve.stevens@x9.org>
> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> Extension Using X.509 Hybrid Certificates
> 
> Rich,
> Thanks for the quick reply.
> 
> Regarding submission via datatracker, I’ve used its search function,
> but never for submitting. RFC 8447 only mentioned the tls-reg-
> review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy to
> do so but what’s the link? – sorry, newbie question.
> 
> Regarding the value “9146” sent a follow up email to Anthony Hu.
> 
> Anything else at this time?  Thanks!
> Jeff
> 
> 
> From: Salz, Rich
> <rsalz=40akamai.com@dmarc.ietf.org<mailto:rsalz=40akamai.com@dmarc.ietf.org>>
> Sent: Monday, October 9, 2023 1:39 PM
> To: Stapleton, Jeff
> <Jeff.Stapleton@wellsfargo.com<mailto:Jeff.Stapleton@wellsfargo.com>>;
> tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>
> Cc: Bordow, Peter
> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>;
> Rao, Abhijit
> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>;
> Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)
> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>; David Hook
> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>; Steve
> Stevens - X9 Executve Director
> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)
> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>>
> Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> Extension Using X.509 Hybrid Certificates
> 
> Are you planning on submitting that draft via the datatracker?
> 
> Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal
> 37190)? Either would be fine, as both are within unassigned ranges:
> 6683-10793
> 
> Unassigned
> 
> 35467-39577
> 
> Unassigned
> 
> 
> 
> From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls-reg-
> review-bounces@ietf.org>> on behalf of "Stapleton, Jeff"
> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>>
> Date: Monday, October 9, 2023 at 10:26 AM
> To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls-
> reg-review@ietf.org<mailto:tls-reg-review@ietf.org>>
> Cc: "Bordow, Peter"
> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>,
> "Rao, Abhijit"
> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>,
> "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)"
> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook
> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve
> Stevens - X9 Executve Director
> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)"
> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>>
> Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS)
> Extension Using X.509 Hybrid Certificates
> 
> Attached for consideration is draft-stapleton-hybrid-x509-cks-tls-
> 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509
> Hybrid Certificates. This document describes a Transport Layer
> Security (TLS) extension Certificate Key Selection (CKS) using hybrid
> X.509 certificates. The CKS allows TLS servers to negotiate with TLS
> clients for selecting the usage order of the native public key and
> certificate signature, the alternate public key and certificate
> signature, or both. The CKS options enable forwards or backwards
> interoperability when migrating services for large organizations
> during one or more cryptographic transitions.
> 
> The goal of this document is to introduce CKS based on the draft
> X9.146 standard and register the TLS extension “9146” for further
> development.
> 
> ANSI X9.146–20231002  DRAFT Public Key Infrastructure (PKI) –
> Certificate Key Selection (CKS)  for Transport Layer Security (TLS).
> This standard specifies a Transport Layer Security (TLS) protocol
> extension for certificate public key selection in certificates that
> possess more than one public key. The extension schema and its
> processing requirements are defined for both client and server
> participants in a TLS handshake. The current work focuses on hybrid
> (dual-key) certificates but its scope will include composite and
> chameleon certificates.
> 
> Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If
> successful, this ANSI standard will be submitted to TC68 for ISO
> standardization, which per ISO rules will also be copyrighted. See
> links.
> 
> ·         ASC X9
> https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$>
> 
> ·         ANSI
> https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$>
> 
> ·         ISO
> https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$>
> 
> ·         ISO TC68
> https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$>
> 
> Thank you for your consideration.
> 
> Jeff Stapleton
> Wells Fargo
> Enterprise Post Quantum Cryptography (PQC) Strategy
> Senior Lead Cyber Security Research Consultant
> Mobile 817-682-1318
>