[Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
Sabrina Tanamal via RT <iana-prot-param-comment@iana.org> Thu, 12 October 2023 17:46 UTC
Return-Path: <iana-shared@icann.org>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6DDAC1516F8 for <tls-reg-review@ietfa.amsl.com>; Thu, 12 Oct 2023 10:46:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.635
X-Spam-Level:
X-Spam-Status: No, score=-5.635 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IcXRYAJqOp1b for <tls-reg-review@ietfa.amsl.com>; Thu, 12 Oct 2023 10:46:48 -0700 (PDT)
Received: from smtp.lax.icann.org (smtp.lax.icann.org [192.0.33.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B180AC14F75F for <tls-reg-review@ietf.org>; Thu, 12 Oct 2023 10:46:48 -0700 (PDT)
Received: from request6.lax.icann.org (request1.lax.icann.org [10.32.11.221]) by smtp.lax.icann.org (Postfix) with ESMTP id AAFD0E01F0 for <tls-reg-review@ietf.org>; Thu, 12 Oct 2023 17:46:47 +0000 (UTC)
Received: by request6.lax.icann.org (Postfix, from userid 48) id A94E4140F5B; Thu, 12 Oct 2023 17:46:47 +0000 (UTC)
RT-Owner: sabrina.tanamal
From: Sabrina Tanamal via RT <iana-prot-param-comment@iana.org>
Reply-To: iana-prot-param-comment@iana.org
In-Reply-To: <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com>
References: <RT-Ticket-1283623@icann.org> <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com> <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <IA0PR11MB7955A800D01289510C16FAC5E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com>
Message-ID: <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org>
X-RT-Loop-Prevention: IANA
X-RT-Ticket: IANA #1283623
X-Managed-BY: RT 5.0.3 (http://www.bestpractical.com/rt/)
X-RT-Originator: sabrina.tanamal@icann.org
CC: tls-reg-review@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Precedence: bulk
Date: Thu, 12 Oct 2023 17:46:47 +0000
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/OVS9g5uFBxnbxjbH0z2yoiR4W9o>
Subject: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 17:46:53 -0000
Hi Nick and Yoav, Could one of you approve this request? We have approval from Rich below. Registry: TLS ExtensionType Values (https://www.iana.org/assignments/tls-extensiontype-values) Value: TBD (9146 suggested) Extension Name: Certificate Key Selection (CKS) TLS 1.3: CH, SH, CT DTLS-Only: N Recommended: N Thanks, Sabrina On Tue Oct 10 21:59:18 2023, rsalz@akamai.com wrote: > This is great, thanks for your draft. > > I approve this assignment, for the extension 0x9146 with the semantics > described. It will require at least one of the other experts (Yoav > Nir or Nick Sullivan, also on this email alias) to approve. Adding > IANA to the list so they can track it. > > From: "Stapleton, Jeff" > <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org> > Date: Tuesday, October 10, 2023 at 5:15 PM > To: Rich Salz <rsalz@akamai.com> > Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit" > <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)" > <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve > Stevens - X9 Executve Director (steve.stevens@x9.org)" > <steve.stevens@x9.org> > Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) > Extension Using X.509 Hybrid Certificates > > Rich, > I think I uploaded the .txt draft to the Datatracker. I saved my Word > version as .txt and .xml formats but had issues getting thru the > idnits checking so after several attempts, here’s the link to my > upload. > > https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/<https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm- > lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$> > > BTW I also tried reading the .txt into Wordpad and Notepad and > resaving, but it didn’t seem to satisfy the idnits issues. > Jeff > > > From: Stapleton, Jeff > Sent: Tuesday, October 10, 2023 8:12 AM > To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org>; tls-reg- > review@ietf.org > Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit > <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com) > <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve > Stevens - X9 Executve Director (steve.stevens@x9.org) > <steve.stevens@x9.org> > Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) > Extension Using X.509 Hybrid Certificates > > Rich, > Thanks for the quick reply. > > Regarding submission via datatracker, I’ve used its search function, > but never for submitting. RFC 8447 only mentioned the tls-reg- > review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy to > do so but what’s the link? – sorry, newbie question. > > Regarding the value “9146” sent a follow up email to Anthony Hu. > > Anything else at this time? Thanks! > Jeff > > > From: Salz, Rich > <rsalz=40akamai.com@dmarc.ietf.org<mailto:rsalz=40akamai.com@dmarc.ietf.org>> > Sent: Monday, October 9, 2023 1:39 PM > To: Stapleton, Jeff > <Jeff.Stapleton@wellsfargo.com<mailto:Jeff.Stapleton@wellsfargo.com>>; > tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org> > Cc: Bordow, Peter > <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>; > Rao, Abhijit > <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>; > Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>) > <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>; David Hook > <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>; Steve > Stevens - X9 Executve Director > (steve.stevens@x9.org<mailto:steve.stevens@x9.org>) > <steve.stevens@x9.org<mailto:steve.stevens@x9.org>> > Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) > Extension Using X.509 Hybrid Certificates > > Are you planning on submitting that draft via the datatracker? > > Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal > 37190)? Either would be fine, as both are within unassigned ranges: > 6683-10793 > > Unassigned > > 35467-39577 > > Unassigned > > > > From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls-reg- > review-bounces@ietf.org>> on behalf of "Stapleton, Jeff" > <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>> > Date: Monday, October 9, 2023 at 10:26 AM > To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls- > reg-review@ietf.org<mailto:tls-reg-review@ietf.org>> > Cc: "Bordow, Peter" > <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>, > "Rao, Abhijit" > <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>, > "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)" > <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook > <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve > Stevens - X9 Executve Director > (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)" > <steve.stevens@x9.org<mailto:steve.stevens@x9.org>> > Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS) > Extension Using X.509 Hybrid Certificates > > Attached for consideration is draft-stapleton-hybrid-x509-cks-tls- > 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509 > Hybrid Certificates. This document describes a Transport Layer > Security (TLS) extension Certificate Key Selection (CKS) using hybrid > X.509 certificates. The CKS allows TLS servers to negotiate with TLS > clients for selecting the usage order of the native public key and > certificate signature, the alternate public key and certificate > signature, or both. The CKS options enable forwards or backwards > interoperability when migrating services for large organizations > during one or more cryptographic transitions. > > The goal of this document is to introduce CKS based on the draft > X9.146 standard and register the TLS extension “9146” for further > development. > > ANSI X9.146–20231002 DRAFT Public Key Infrastructure (PKI) – > Certificate Key Selection (CKS) for Transport Layer Security (TLS). > This standard specifies a Transport Layer Security (TLS) protocol > extension for certificate public key selection in certificates that > possess more than one public key. The extension schema and its > processing requirements are defined for both client and server > participants in a TLS handshake. The current work focuses on hybrid > (dual-key) certificates but its scope will include composite and > chameleon certificates. > > Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If > successful, this ANSI standard will be submitted to TC68 for ISO > standardization, which per ISO rules will also be copyrighted. See > links. > > · ASC X9 > https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$> > > · ANSI > https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$> > > · ISO > https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$> > > · ISO TC68 > https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$> > > Thank you for your consideration. > > Jeff Stapleton > Wells Fargo > Enterprise Post Quantum Cryptography (PQC) Strategy > Senior Lead Cyber Security Research Consultant > Mobile 817-682-1318 >
- [Tls-reg-review] TLS Certificate Key Selection (C… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Yoav Nir
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich