IETF Logo Mail Archive

Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)

Yoav Nir <ynir.ietf@gmail.com> Thu, 12 October 2023 18:28 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BE17C151095 for <tls-reg-review@ietfa.amsl.com>; Thu, 12 Oct 2023 11:28:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yBQXaKjecJe7 for <tls-reg-review@ietfa.amsl.com>; Thu, 12 Oct 2023 11:28:28 -0700 (PDT)
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1FBCC14CE2F for <tls-reg-review@ietf.org>; Thu, 12 Oct 2023 11:28:27 -0700 (PDT)
Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-31427ddd3fbso1179487f8f.0 for <tls-reg-review@ietf.org>; Thu, 12 Oct 2023 11:28:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697135306; x=1697740106; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=HiGoLYUO5NqhByO0gAcgcozYbK0/XPr7DFo2rkC2kQk=; b=UFGrLDjjneVbDjidULH0LugjG1Fm83fHLx8TxAqYXspr6bHIFEa0Rxcf5Tu3e23aSJ Q9pCd/89NMmahA+QF1RVVipblGoVkSVSpXoFYxnIvJRXWed5CcTd+GOr4Chmb13v4v+x lf7hT/eF5U2wV5Obqva0HQmL7KFn2HjwgpWJxVP3E6my5TiWooGxKr7oqThNuhxYPhED Pzkp80e9VpSqdP6Hq8+Nk3MaJNCQ7iOlCeGp1PHQh6r0OZfF5ETE3Lw1dwEe6ipWCxh4 NWirCnoaQD0V2bFWe3FNZO0I/AOEIDxovAj8hNCZHQL9jEJ+CZiiGzbuUCp2I5Wc/xSp 6oXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697135306; x=1697740106; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HiGoLYUO5NqhByO0gAcgcozYbK0/XPr7DFo2rkC2kQk=; b=I+6Mf5n+WKUXwP4At1B9zGzaNjKmzbFgCaVm6ONES2Z7kU+2434RU9toyRqIt1UkjR olIbgVGi8dIXtx3cTnMCJ6IeVQCX+UIziTq1nN9UHwgE7UDFfNPd1goKMSsuVpO52hfU bNbKwdCIJ6Sz32tPRIP4GlszFYFfagOzCzohpac/oCnSNRYSncWoUf6z3vA0YdUztyEW 3dL2UV95fYDRrXm0aXYo/V3/7RxkSWAK2H6iBEqicuyBLNJ2uzE2Gf7C/ICX/dgSLqH4 XfXnYZmVkhQy0zKpz/RiNx7rqQjl5ry1KD9mFrJtCpQxtWvJzgiCe5Oikh/CYKLmZnva OyCw==
X-Gm-Message-State: AOJu0YxarAjUESAhX3L5bXrGIVkW1k/hfBsoJmmWnwdwt+tQjegH6xYK V2+I6YYQKQCmvRLCwx20qdPaf3G1TQDt2g==
X-Google-Smtp-Source: AGHT+IE8pqDUCFxGoP25R8gYy9ykhRV6AL1UkH/aQwOD3N8FsFgCj0HjKL/VM1t11xg/VqIWEkBYvw==
X-Received: by 2002:a5d:4b0c:0:b0:32d:9524:386b with SMTP id v12-20020a5d4b0c000000b0032d9524386bmr1834588wrq.32.1697135305960; Thu, 12 Oct 2023 11:28:25 -0700 (PDT)
Received: from smtpclient.apple (84.94.37.215.cable.012.net.il. [84.94.37.215]) by smtp.gmail.com with ESMTPSA id x18-20020a5d4912000000b0032d9382e6e0sm1988976wrq.45.2023.10.12.11.28.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Oct 2023 11:28:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org>
Date: Thu, 12 Oct 2023 21:28:13 +0300
Cc: TLS DEs <tls-reg-review@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4F68A6F0-BCC8-4490-A2BE-FCC90F85FF0E@gmail.com>
References: <RT-Ticket-1283623@icann.org> <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com> <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <IA0PR11MB7955A800D01289510C16FAC5E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com> <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org>
To: iana-prot-param-comment@iana.org
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/Z6E9JVoALYATSXUB2Yj6n41rDhA>
Subject: Re: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 18:28:32 -0000

Yes, I can.  I approve.

Yoav

> On 12 Oct 2023, at 20:46, Sabrina Tanamal via RT <iana-prot-param-comment@iana.org> wrote:
> 
> Hi Nick and Yoav, 
> 
> Could one of you approve this request? We have approval from Rich below. 
> 
> Registry: TLS ExtensionType Values (https://www.iana.org/assignments/tls-extensiontype-values)
> 
> Value: TBD (9146 suggested)
> Extension Name: Certificate Key Selection (CKS)
> TLS 1.3: CH, SH, CT
> DTLS-Only: N
> Recommended: N
> 
> Thanks,
> Sabrina
> 
> On Tue Oct 10 21:59:18 2023, rsalz@akamai.com wrote:
>> This is great, thanks for your draft.
>> 
>> I approve this assignment, for the extension 0x9146 with the semantics
>> described.  It will require at least one of the other experts (Yoav
>> Nir or Nick Sullivan, also on this email alias) to approve.  Adding
>> IANA to the list so they can track it.
>> 
>> From: "Stapleton, Jeff"
>> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>
>> Date: Tuesday, October 10, 2023 at 5:15 PM
>> To: Rich Salz <rsalz@akamai.com>
>> Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit"
>> <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)"
>> <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve
>> Stevens - X9 Executve Director (steve.stevens@x9.org)"
>> <steve.stevens@x9.org>
>> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS)
>> Extension Using X.509 Hybrid Certificates
>> 
>> Rich,
>> I think I uploaded the .txt draft to the Datatracker.  I saved my Word
>> version as .txt and .xml formats but had issues getting thru the
>> idnits checking so after several attempts, here’s the link to my
>> upload.
>> 
>> https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/<https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm-
>> lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$>
>> 
>> BTW I also tried reading the .txt into Wordpad and Notepad and
>> resaving, but it didn’t seem to satisfy the idnits issues.
>> Jeff
>> 
>> 
>> From: Stapleton, Jeff
>> Sent: Tuesday, October 10, 2023 8:12 AM
>> To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org>; tls-reg-
>> review@ietf.org
>> Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit
>> <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com)
>> <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve
>> Stevens - X9 Executve Director (steve.stevens@x9.org)
>> <steve.stevens@x9.org>
>> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS)
>> Extension Using X.509 Hybrid Certificates
>> 
>> Rich,
>> Thanks for the quick reply.
>> 
>> Regarding submission via datatracker, I’ve used its search function,
>> but never for submitting. RFC 8447 only mentioned the tls-reg-
>> review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy to
>> do so but what’s the link? – sorry, newbie question.
>> 
>> Regarding the value “9146” sent a follow up email to Anthony Hu.
>> 
>> Anything else at this time?  Thanks!
>> Jeff
>> 
>> 
>> From: Salz, Rich
>> <rsalz=40akamai.com@dmarc.ietf.org<mailto:rsalz=40akamai.com@dmarc.ietf.org>>
>> Sent: Monday, October 9, 2023 1:39 PM
>> To: Stapleton, Jeff
>> <Jeff.Stapleton@wellsfargo.com<mailto:Jeff.Stapleton@wellsfargo.com>>;
>> tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>
>> Cc: Bordow, Peter
>> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>;
>> Rao, Abhijit
>> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>;
>> Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)
>> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>; David Hook
>> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>; Steve
>> Stevens - X9 Executve Director
>> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)
>> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>>
>> Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS)
>> Extension Using X.509 Hybrid Certificates
>> 
>> Are you planning on submitting that draft via the datatracker?
>> 
>> Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal
>> 37190)? Either would be fine, as both are within unassigned ranges:
>> 6683-10793
>> 
>> Unassigned
>> 
>> 35467-39577
>> 
>> Unassigned
>> 
>> 
>> 
>> From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls-reg-
>> review-bounces@ietf.org>> on behalf of "Stapleton, Jeff"
>> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>>
>> Date: Monday, October 9, 2023 at 10:26 AM
>> To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls-
>> reg-review@ietf.org<mailto:tls-reg-review@ietf.org>>
>> Cc: "Bordow, Peter"
>> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>,
>> "Rao, Abhijit"
>> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>,
>> "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)"
>> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook
>> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve
>> Stevens - X9 Executve Director
>> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)"
>> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>>
>> Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS)
>> Extension Using X.509 Hybrid Certificates
>> 
>> Attached for consideration is draft-stapleton-hybrid-x509-cks-tls-
>> 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509
>> Hybrid Certificates. This document describes a Transport Layer
>> Security (TLS) extension Certificate Key Selection (CKS) using hybrid
>> X.509 certificates. The CKS allows TLS servers to negotiate with TLS
>> clients for selecting the usage order of the native public key and
>> certificate signature, the alternate public key and certificate
>> signature, or both. The CKS options enable forwards or backwards
>> interoperability when migrating services for large organizations
>> during one or more cryptographic transitions.
>> 
>> The goal of this document is to introduce CKS based on the draft
>> X9.146 standard and register the TLS extension “9146” for further
>> development.
>> 
>> ANSI X9.146–20231002  DRAFT Public Key Infrastructure (PKI) –
>> Certificate Key Selection (CKS)  for Transport Layer Security (TLS).
>> This standard specifies a Transport Layer Security (TLS) protocol
>> extension for certificate public key selection in certificates that
>> possess more than one public key. The extension schema and its
>> processing requirements are defined for both client and server
>> participants in a TLS handshake. The current work focuses on hybrid
>> (dual-key) certificates but its scope will include composite and
>> chameleon certificates.
>> 
>> Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If
>> successful, this ANSI standard will be submitted to TC68 for ISO
>> standardization, which per ISO rules will also be copyrighted. See
>> links.
>> 
>> ·         ASC X9
>> https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
>> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$>
>> 
>> ·         ANSI
>> https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
>> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$>
>> 
>> ·         ISO
>> https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
>> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$>
>> 
>> ·         ISO TC68
>> https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-
>> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$>
>> 
>> Thank you for your consideration.
>> 
>> Jeff Stapleton
>> Wells Fargo
>> Enterprise Post Quantum Cryptography (PQC) Strategy
>> Senior Lead Cyber Security Research Consultant
>> Mobile 817-682-1318
>> 
> 
> _______________________________________________
> tls-reg-review mailing list
> tls-reg-review@ietf.org
> https://www.ietf.org/mailman/listinfo/tls-reg-review

v2.23.0 | Report a Bug | By Email