[Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
Sabrina Tanamal via RT <iana-prot-param-comment@iana.org> Fri, 13 October 2023 16:25 UTC
Return-Path: <iana-shared@icann.org>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58822C14F75F for <tls-reg-review@ietfa.amsl.com>; Fri, 13 Oct 2023 09:25:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.635
X-Spam-Level:
X-Spam-Status: No, score=-0.635 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYKS-m0vHcZ1 for <tls-reg-review@ietfa.amsl.com>; Fri, 13 Oct 2023 09:25:38 -0700 (PDT)
Received: from smtp.lax.icann.org (smtp.lax.icann.org [IPv6:2620:0:2d0:201::1:81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30116C14F738 for <tls-reg-review@ietf.org>; Fri, 13 Oct 2023 09:25:38 -0700 (PDT)
Received: from request6.lax.icann.org (request1.lax.icann.org [10.32.11.221]) by smtp.lax.icann.org (Postfix) with ESMTP id 32AB0E07A8 for <tls-reg-review@ietf.org>; Fri, 13 Oct 2023 16:25:37 +0000 (UTC)
Received: by request6.lax.icann.org (Postfix, from userid 48) id 0FADB14D8A2; Fri, 13 Oct 2023 16:25:37 +0000 (UTC)
RT-Owner: sabrina.tanamal
From: Sabrina Tanamal via RT <iana-prot-param-comment@iana.org>
Reply-To: iana-prot-param-comment@iana.org
In-Reply-To: <rt-5.0.3-1471150-1697135331-366.1283623-9-0@icann.org>
References: <RT-Ticket-1283623@icann.org> <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com> <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <IA0PR11MB7955A800D01289510C16FAC5E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com> <14ACDE31-8198-4D0D-8C6D-5567E2BAFE4E@akamai.com> <rt-5.0.3-1467554-1697132807-1341.1283623-9-0@icann.org> <4F68A6F0-BCC8-4490-A2BE-FCC90F85FF0E@gmail.com> <rt-5.0.3-1471150-1697135331-366.1283623-9-0@icann.org>
Message-ID: <rt-5.0.3-83595-1697214336-194.1283623-9-0@icann.org>
X-RT-Loop-Prevention: IANA
X-RT-Ticket: IANA #1283623
X-Managed-BY: RT 5.0.3 (http://www.bestpractical.com/rt/)
X-RT-Originator: sabrina.tanamal@icann.org
CC: tls-reg-review@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Precedence: bulk
Date: Fri, 13 Oct 2023 16:25:37 +0000
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/mCCNMZ6HbEplTOziQU_N2inlGyk>
Subject: [Tls-reg-review] [IANA #1283623] Re: TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates (draft-stapleton-hybrid-x509-cks-tls)
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Oct 2023 16:25:42 -0000
Hi Rich, Yoav, Nick, Sorry, I forgot to ask one more question. It appears the requester has yet to upload the document to the datatracker: https://datatracker.ietf.org/doc/draft-stapleton-hybrid-x509-cks-tls/ The .txt is available in staging at https://www.ietf.org/staging/draft-stapleton-hybrid-x509-cks-tls-00.txt, so I'm not sure what to point the reference to. Should we ask the requester to upload the draft to the datatracker? Thanks, Sabrina On Thu Oct 12 18:28:51 2023, ynir.ietf@gmail.com wrote: > Yes, I can. I approve. > > Yoav > > > On 12 Oct 2023, at 20:46, Sabrina Tanamal via RT <iana-prot-param- > > comment@iana.org> wrote: > > > > Hi Nick and Yoav, > > > > Could one of you approve this request? We have approval from Rich > > below. > > > > Registry: TLS ExtensionType Values > > (https://www.iana.org/assignments/tls-extensiontype-values) > > > > Value: TBD (9146 suggested) > > Extension Name: Certificate Key Selection (CKS) > > TLS 1.3: CH, SH, CT > > DTLS-Only: N > > Recommended: N > > > > Thanks, > > Sabrina > > > > On Tue Oct 10 21:59:18 2023, rsalz@akamai.com wrote: > >> This is great, thanks for your draft. > >> > >> I approve this assignment, for the extension 0x9146 with the > >> semantics > >> described. It will require at least one of the other experts (Yoav > >> Nir or Nick Sullivan, also on this email alias) to approve. Adding > >> IANA to the list so they can track it. > >> > >> From: "Stapleton, Jeff" > >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org> > >> Date: Tuesday, October 10, 2023 at 5:15 PM > >> To: Rich Salz <rsalz@akamai.com> > >> Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit" > >> <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)" > >> <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve > >> Stevens - X9 Executve Director (steve.stevens@x9.org)" > >> <steve.stevens@x9.org> > >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Rich, > >> I think I uploaded the .txt draft to the Datatracker. I saved my > >> Word > >> version as .txt and .xml formats but had issues getting thru the > >> idnits checking so after several attempts, here’s the link to my > >> upload. > >> > >> https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/<https://urldefense.com/v3/__https:/datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/__;!!GjvTz_vk!QWheIA1pm- > >> lRjq14CVBwZJ5y6KQgvU3wseYwnTTerWBbr0wkaId8vDlZUddzG6x4qum9dyRmpvvJs5CzF9fXTblsJsdR$> > >> > >> BTW I also tried reading the .txt into Wordpad and Notepad and > >> resaving, but it didn’t seem to satisfy the idnits issues. > >> Jeff > >> > >> > >> From: Stapleton, Jeff > >> Sent: Tuesday, October 10, 2023 8:12 AM > >> To: 'Salz, Rich' <rsalz=40akamai.com@dmarc.ietf.org>; tls-reg- > >> review@ietf.org > >> Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit > >> <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com) > >> <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve > >> Stevens - X9 Executve Director (steve.stevens@x9.org) > >> <steve.stevens@x9.org> > >> Subject: RE: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Rich, > >> Thanks for the quick reply. > >> > >> Regarding submission via datatracker, I’ve used its search function, > >> but never for submitting. RFC 8447 only mentioned the tls-reg- > >> review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy > >> to > >> do so but what’s the link? – sorry, newbie question. > >> > >> Regarding the value “9146” sent a follow up email to Anthony Hu. > >> > >> Anything else at this time? Thanks! > >> Jeff > >> > >> > >> From: Salz, Rich > >> <rsalz=40akamai.com@dmarc.ietf.org<mailto:rsalz=40akamai.com@dmarc.ietf.org>> > >> Sent: Monday, October 9, 2023 1:39 PM > >> To: Stapleton, Jeff > >> <Jeff.Stapleton@wellsfargo.com<mailto:Jeff.Stapleton@wellsfargo.com>>; > >> tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org> > >> Cc: Bordow, Peter > >> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>; > >> Rao, Abhijit > >> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>; > >> Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>) > >> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>; David Hook > >> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>; Steve > >> Stevens - X9 Executve Director > >> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>) > >> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>> > >> Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Are you planning on submitting that draft via the datatracker? > >> > >> Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal > >> 37190)? Either would be fine, as both are within unassigned ranges: > >> 6683-10793 > >> > >> Unassigned > >> > >> 35467-39577 > >> > >> Unassigned > >> > >> > >> > >> From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls- > >> reg- > >> review-bounces@ietf.org>> on behalf of "Stapleton, Jeff" > >> <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>> > >> Date: Monday, October 9, 2023 at 10:26 AM > >> To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls- > >> reg-review@ietf.org<mailto:tls-reg-review@ietf.org>> > >> Cc: "Bordow, Peter" > >> <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>, > >> "Rao, Abhijit" > >> <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>, > >> "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)" > >> <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook > >> <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve > >> Stevens - X9 Executve Director > >> (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)" > >> <steve.stevens@x9.org<mailto:steve.stevens@x9.org>> > >> Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS) > >> Extension Using X.509 Hybrid Certificates > >> > >> Attached for consideration is draft-stapleton-hybrid-x509-cks-tls- > >> 01.docx TLS Certificate Key Selection (CKS) Extension Using X.509 > >> Hybrid Certificates. This document describes a Transport Layer > >> Security (TLS) extension Certificate Key Selection (CKS) using > >> hybrid > >> X.509 certificates. The CKS allows TLS servers to negotiate with TLS > >> clients for selecting the usage order of the native public key and > >> certificate signature, the alternate public key and certificate > >> signature, or both. The CKS options enable forwards or backwards > >> interoperability when migrating services for large organizations > >> during one or more cryptographic transitions. > >> > >> The goal of this document is to introduce CKS based on the draft > >> X9.146 standard and register the TLS extension “9146” for further > >> development. > >> > >> ANSI X9.146–20231002 DRAFT Public Key Infrastructure (PKI) – > >> Certificate Key Selection (CKS) for Transport Layer Security (TLS). > >> This standard specifies a Transport Layer Security (TLS) protocol > >> extension for certificate public key selection in certificates that > >> possess more than one public key. The extension schema and its > >> processing requirements are defined for both client and server > >> participants in a TLS handshake. The current work focuses on hybrid > >> (dual-key) certificates but its scope will include composite and > >> chameleon certificates. > >> > >> Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If > >> successful, this ANSI standard will be submitted to TC68 for ISO > >> standardization, which per ISO rules will also be copyrighted. See > >> links. > >> > >> · ASC X9 > >> https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$> > >> > >> · ANSI > >> https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$> > >> > >> · ISO > >> https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$> > >> > >> · ISO TC68 > >> https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd- > >> ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$> > >> > >> Thank you for your consideration. > >> > >> Jeff Stapleton > >> Wells Fargo > >> Enterprise Post Quantum Cryptography (PQC) Strategy > >> Senior Lead Cyber Security Research Consultant > >> Mobile 817-682-1318 > >> > > > > _______________________________________________ > > tls-reg-review mailing list > > tls-reg-review@ietf.org > > https://www.ietf.org/mailman/listinfo/tls-reg-review
- [Tls-reg-review] TLS Certificate Key Selection (C… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Stapleton, Jeff
- Re: [Tls-reg-review] TLS Certificate Key Selectio… Salz, Rich
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Yoav Nir
- [Tls-reg-review] [IANA #1283623] Re: TLS Certific… Sabrina Tanamal via RT
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich
- Re: [Tls-reg-review] [IANA #1283623] Re: TLS Cert… Salz, Rich