Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
Yoav Nir <ynir.ietf@gmail.com> Thu, 12 October 2023 18:28 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BE17C151095 for <tls-reg-review@ietfa.amsl.com>; Thu, 12 Oct 2023 11:28:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yBQXaKjecJe7 for <tls-reg-review@ietfa.amsl.com>; Thu, 12 Oct 2023 11:28:28 -0700 (PDT)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1FBCC14CE2F for <tls-reg-review@ietf.org>; Thu, 12 Oct 2023 11:28:27 -0700 (PDT)
Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-31427ddd3fbso1179487f8f.0 for <tls-reg-review@ietf.org>; Thu, 12 Oct 2023 11:28:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697135306; x=1697740106; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=HiGoLYUO5NqhByO0gAcgcozYbK0/XPr7DFo2rkC2kQk=; b=UFGrLDjjneVbDjidULH0LugjG1Fm83fHLx8TxAqYXspr6bHIFEa0Rxcf5Tu3e23aSJ Q9pCd/89NMmahA+QF1RVVipblGoVkSVSpXoFYxnIvJRXWed5CcTd+GOr4Chmb13v4v+x lf7hT/eF5U2wV5Obqva0HQmL7KFn2HjwgpWJxVP3E6my5TiWooGxKr7oqThNuhxYPhED Pzkp80e9VpSqdP6Hq8+Nk3MaJNCQ7iOlCeGp1PHQh6r0OZfF5ETE3Lw1dwEe6ipWCxh4 NWirCnoaQD0V2bFWe3FNZO0I/AOEIDxovAj8hNCZHQL9jEJ+CZiiGzbuUCp2I5Wc/xSp 6oXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697135306; x=1697740106; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HiGoLYUO5NqhByO0gAcgcozYbK0/XPr7DFo2rkC2kQk=; b=I+6Mf5n+WKUXwP4At1B9zGzaNjKmzbFgCaVm6ONES2Z7kU+2434RU9toyRqIt1UkjR olIbgVGi8dIXtx3cTnMCJ6IeVQCX+UIziTq1nN9UHwgE7UDFfNPd1goKMSsuVpO52hfU bNbKwdCIJ6Sz32tPRIP4GlszFYFfagOzCzohpac/oCnSNRYSncWoUf6z3vA0YdUztyEW 3dL2UV95fYDRrXm0aXYo/V3/7RxkSWAK2H6iBEqicuyBLNJ2uzE2Gf7C/ICX/dgSLqH4 XfXnYZmVkhQy0zKpz/RiNx7rqQjl5ry1KD9mFrJtCpQxtWvJzgiCe5Oikh/CYKLmZnva OyCw==
X-Gm-Message-State: AOJu0YxarAjUESAhX3L5bXrGIVkW1k/hfBsoJmmWnwdwt+tQjegH6xYK V2+I6YYQKQCmvRLCwx20qdPaf3G1TQDt2g==
X-Google-Smtp-Source: AGHT+IE8pqDUCFxGoP25R8gYy9ykhRV6AL1UkH/aQwOD3N8FsFgCj0HjKL/VM1t11xg/VqIWEkBYvw==
X-Received: by 2002:a5d:4b0c:0:b0:32d:9524:386b with SMTP id v12-20020a5d4b0c000000b0032d9524386bmr1834588wrq.32.1697135305960; Thu, 12 Oct 2023 11:28:25 -0700 (PDT)
Received: from smtpclient.apple (84.94.37.215.cable.012.net.il. [84.94.37.215]) by smtp.gmail.com with ESMTPSA id x18-20020a5d4912000000b0032d9382e6e0sm1988976wrq.45.2023.10.12.11.28.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Oct 2023 11:28:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org>
Date: Thu, 12 Oct 2023 21:28:13 +0300
Cc: TLS DEs <tls-reg-review@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F68A6F0-BCC8-4490-A2BE-FCC90F85FF0E@gmail.com>
References: <RT-Ticket-1283623@icann.org> <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com> <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <IA0PR11MB7955A800D01289510C16FAC5E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com> <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org>
To: iana-prot-param-comment@iana.org
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/Z6E9JVoALYATSXUB2Yj6n41rDhA>
Subject: Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 18:28:32 -0000
Yes, I can. I approve. Yoav > On 12 Oct 2023, at 20:46, Sabrina Tanamal via RT <iana-prot-param-comment@iana.org> wrote: > > Hi Nick and Yoav, > > Could one of you approve this request? We have approval from Rich below. > > Registry: TLS ExtensionType Values (https://www.iana.org/assignments/tls-extensiontype-values) > > Value: TBD (9146 suggested) > Extension Name: Certificate Key Selection (CKS) > TLS 1.3: CH, SH, CT > DTLS-Only: N > Recommended: N > > Thanks, > Sabrina > > On Tue Oct 10 21:59:18 2023, rsalz@akamai.com wrote: >> This is great, thanks for your draft. >> >> I approve this assignment, for the extension 0x9146 with the semantics >> described. It will require at least one of the other experts (Yoav >> Nir or Nick Sullivan, also on this email alias) to approve. Adding >> IANA to the list so they can track it. >> >> From: "Stapleton, Jeff" >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org> >> Date: Tuesday, October 10, 2023 at 5:15 PM >> To: Rich Salz <rsalz@akamai.com> >> Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit" >> <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)" >> <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve >> Stevens - X9 Executve Director (steve.stevens@x9.org)" >> <steve.stevens@x9.org> >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) >> Extension Using X.509 Hybrid Certificates >> >> Rich, >> I think I uploaded the .txt draft to the Datatracker. I saved my Word >> version as .txt and .xml formats but had issues getting thru the >> idnits checking so after several attempts, here’s the link to my >> upload. >> >> https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/<https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm- >> lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$> >> >> BTW I also tried reading the .txt into Wordpad and Notepad and >> resaving, but it didn’t seem to satisfy the idnits issues. >> Jeff >> >> >> From: Stapleton, Jeff >> Sent: Tuesday, October 10, 2023 8:12 AM >> To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org>; tls-reg- >> review@ietf.org >> Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit >> <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com) >> <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve >> Stevens - X9 Executve Director (steve.stevens@x9.org) >> <steve.stevens@x9.org> >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) >> Extension Using X.509 Hybrid Certificates >> >> Rich, >> Thanks for the quick reply. >> >> Regarding submission via datatracker, I’ve used its search function, >> but never for submitting. RFC 8447 only mentioned the tls-reg- >> review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy to >> do so but what’s the link? – sorry, newbie question. >> >> Regarding the value “9146” sent a follow up email to Anthony Hu. >> >> Anything else at this time? Thanks! >> Jeff >> >> >> From: Salz, Rich >> <rsalz=40akamai.com@dmarc.ietf.org<mailto:rsalz=40akamai.com@dmarc.ietf.org>> >> Sent: Monday, October 9, 2023 1:39 PM >> To: Stapleton, Jeff >> <Jeff.Stapleton@wellsfargo.com<mailto:Jeff.Stapleton@wellsfargo.com>>; >> tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org> >> Cc: Bordow, Peter >> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>; >> Rao, Abhijit >> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>; >> Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>) >> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>; David Hook >> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>; Steve >> Stevens - X9 Executve Director >> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>) >> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>> >> Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) >> Extension Using X.509 Hybrid Certificates >> >> Are you planning on submitting that draft via the datatracker? >> >> Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal >> 37190)? Either would be fine, as both are within unassigned ranges: >> 6683-10793 >> >> Unassigned >> >> 35467-39577 >> >> Unassigned >> >> >> >> From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls-reg- >> review-bounces@ietf.org>> on behalf of "Stapleton, Jeff" >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>> >> Date: Monday, October 9, 2023 at 10:26 AM >> To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls- >> reg-review@ietf.org<mailto:tls-reg-review@ietf.org>> >> Cc: "Bordow, Peter" >> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>, >> "Rao, Abhijit" >> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>, >> "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)" >> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook >> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve >> Stevens - X9 Executve Director >> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)" >> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>> >> Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS) >> Extension Using X.509 Hybrid Certificates >> >> Attached for consideration is draft-stapleton-hybrid-x509-cks-tls- >> 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509 >> Hybrid Certificates. This document describes a Transport Layer >> Security (TLS) extension Certificate Key Selection (CKS) using hybrid >> X.509 certificates. The CKS allows TLS servers to negotiate with TLS >> clients for selecting the usage order of the native public key and >> certificate signature, the alternate public key and certificate >> signature, or both. The CKS options enable forwards or backwards >> interoperability when migrating services for large organizations >> during one or more cryptographic transitions. >> >> The goal of this document is to introduce CKS based on the draft >> X9.146 standard and register the TLS extension “9146” for further >> development. >> >> ANSI X9.146–20231002 DRAFT Public Key Infrastructure (PKI) – >> Certificate Key Selection (CKS) for Transport Layer Security (TLS). >> This standard specifies a Transport Layer Security (TLS) protocol >> extension for certificate public key selection in certificates that >> possess more than one public key. The extension schema and its >> processing requirements are defined for both client and server >> participants in a TLS handshake. The current work focuses on hybrid >> (dual-key) certificates but its scope will include composite and >> chameleon certificates. >> >> Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If >> successful, this ANSI standard will be submitted to TC68 for ISO >> standardization, which per ISO rules will also be copyrighted. See >> links. >> >> · ASC X9 >> https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$> >> >> · ANSI >> https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$> >> >> · ISO >> https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$> >> >> · ISO TC68 >> https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$> >> >> Thank you for your consideration. >> >> Jeff Stapleton >> Wells Fargo >> Enterprise Post Quantum Cryptography (PQC) Strategy >> Senior Lead Cyber Security Research Consultant >> Mobile 817-682-1318 >> > > _______________________________________________ > tls-reg-review mailing list > tls-reg-review@ietf.org > https://www.ietf.org/mailman/listinfo/tls-reg-review
- [Tls-reg-review] TLS Certificate Key Selection (C… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Yoav Nir
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich