[Tls-reg-review] FW: TLS Hybrid Certs extension
"Salz, Rich" <rsalz@akamai.com> Thu, 09 November 2023 21:22 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A6ABC1D2D91 for <tls-reg-review@ietfa.amsl.com>; Thu, 9 Nov 2023 13:22:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ePpGgwpoN0g for <tls-reg-review@ietfa.amsl.com>; Thu, 9 Nov 2023 13:21:57 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84863C1D2D90 for <tls-reg-review@ietf.org>; Thu, 9 Nov 2023 13:21:57 -0800 (PST)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.17.1.22/8.17.1.22) with ESMTP id 3A9G4uTj022472 for <tls-reg-review@ietf.org>; Thu, 9 Nov 2023 21:21:56 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h= from:to:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=jan2016.eng; bh=J4NQEClTVv3iX9/Sp+ pUakSSMknri9n9OYORUok94jU=; b=Tb02qx+ftIsGwRRG0J+mQbcqjlgKdDAsL4 PHf6pmL4taUfXQWzoxVoBK/sZo9/CicKgTDczKK0LxREyWzoxZSusWLwdY5pz8nn um0FfZKlzAKEi+u7du9HREeaZej47dmU7KvnkeiKP6YmG6pGgz9ee0Fhd1InUt8m t+RxbvgpbLItF+OcXnGzCrJF+neM3zudEWuzKin977+JBksUQlFHgfqeK/Vawwcb fBDEtru17WyuBQ8Zs7qczp/D2Npf36OFsPsqsnkQ6Vx5X6yoaYFEgemX7GZjSbkE dIBo7YXRaPmEo0NiXJGXp6W5H1cTFOV0YNIkIo3p7Bj9YJAUiOeQ==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0050095.ppops.net-00190b01. (PPS) with ESMTPS id 3u92mqgdhx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls-reg-review@ietf.org>; Thu, 09 Nov 2023 21:21:56 +0000 (GMT)
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 3A9LHp6N008046 for <tls-reg-review@ietf.org>; Thu, 9 Nov 2023 16:21:54 -0500
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint7.akamai.com (PPS) with ESMTPS id 3u84b64taa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls-reg-review@ietf.org>; Thu, 09 Nov 2023 16:21:54 -0500
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Thu, 9 Nov 2023 13:21:54 -0800
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1258.025; Thu, 9 Nov 2023 13:21:54 -0800
From: "Salz, Rich" <rsalz@akamai.com>
To: "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
Thread-Topic: TLS Hybrid Certs extension
Thread-Index: AdoTMNfyQgoC1MotQB+3VLxIV+LQLgAGroWAAABqRAAAB6slgA==
Date: Thu, 09 Nov 2023 21:21:54 +0000
Message-ID: <6D19AB1F-5062-4EB7-BA7F-1FF69D796E6E@akamai.com>
References: <CH0PR11MB57396F54653F7CFCF637AC409FAFA@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB573944FB9205BEAFD2397A049FAFA@CH0PR11MB5739.namprd11.prod.outlook.com> <SN7PR14MB6492D089966CF455A177333B83AFA@SN7PR14MB6492.namprd14.prod.outlook.com>
In-Reply-To: <SN7PR14MB6492D089966CF455A177333B83AFA@SN7PR14MB6492.namprd14.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.78.23102801
x-originating-ip: [172.27.164.43]
Content-Type: multipart/related; boundary="_005_6D19AB1F50624EB7BA7F1FF69D796E6Eakamaicom_"; type="multipart/alternative"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-09_14,2023-11-09_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 adultscore=0 suspectscore=0 spamscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311090153
X-Proofpoint-ORIG-GUID: 7soNw8I5oR3dbnw_bLjiUbf33SezbKuZ
X-Proofpoint-GUID: 7soNw8I5oR3dbnw_bLjiUbf33SezbKuZ
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-09_14,2023-11-09_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 clxscore=1015 bulkscore=0 adultscore=0 priorityscore=1501 malwarescore=0 mlxlogscore=999 phishscore=0 suspectscore=0 mlxscore=0 spamscore=0 lowpriorityscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2311060001 definitions=main-2311090154
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/nJmmSqETAApOpfdXpxLOy370dKE>
Subject: [Tls-reg-review] FW: TLS Hybrid Certs extension
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 21:22:01 -0000
Please put the request ON HOLD for now, as the WG chair has asked. From: Tim Hollebeek <tim.hollebeek@digicert.com> Date: Thursday, November 9, 2023 at 9:51 PM To: Mike Ounsworth <Mike.Ounsworth@entrust.com>, Rich Salz <rsalz@akamai.com>, Russ Housley <housley@vigilsec.com> Cc: John Gray <John.Gray@entrust.com> Subject: RE: TLS Hybrid Certs extension I talked to Rich about it this week, and promised him an email response, so here it is. This is work related to the draft standard X9.146 which is being done under the F5 group at ASC X9. In my opinion, the X9.146 draft is not mature enough for code point allocation yet, for many of the reasons Mike mentioned. I would suggest we put the request on pause until F5 has a chance to discuss whether this is the correct path forward, and whether a TLS code point allocation is appropriate at this time. The answer may be yes, but I would like that to be decided by consensus in the working group, instead of unilaterally by Jeff. -Tim, Chair, ASC X9F5. From: Mike Ounsworth <Mike.Ounsworth@entrust.com> Sent: Thursday, November 9, 2023 9:36 PM To: Salz, Rich <rsalz@akamai.com>; Tim Hollebeek <tim.hollebeek@digicert.com>; Russ Housley <housley@vigilsec.com> Cc: John Gray <John.Gray@entrust.com> Subject: RE: TLS Hybrid Certs extension @Tim Hollebeek<mailto:tim.hollebeek@digicert.com>, @Russ Housley<mailto:housley@vigilsec.com>, @Salz, Rich<mailto:rsalz@akamai.com> So Jeff Stapleton really needs help navigating IETF process (he tried to upload a Word doc to datatracker). The draft in question is going to be a proper re-submit of this: https://datatracker.ietf.org/submit/status/137173/457616f363f015e0bafadec85e9453b8/ Rich, I’m happy to take over hand-holding for this one if you want; Jeff has sent me the content of this I-D to fix up, add myself to, and submit properly. It does sound like he’s open to exploring other hybrid certificate formats, including Composite, but since SubjectAltPublicKeyInfo is already in X.509v4, he wants to start with that. That said, submitting an I-D to request IANA code points for a technology that IETF thoroughly rejected is gonna be one of those lead-balloon things. Advice on how to handle this one? --- Mike Ounsworth From: Mike Ounsworth Sent: Thursday, November 9, 2023 11:22 AM To: Salz, Rich <rsalz@akamai.com<mailto:rsalz@akamai.com>> Subject: TLS Hybrid Certs extension Hi Rich, Are you acting as Designated Expert / Document Shepherd for Jeff Stapleton’s document that requests an IANA TLS codepoint? If so, I want to chat with you because I’m not sure that IETF should approve that. IETF has thoroughly rejected draft-truskovsky-lamps-pq-hybrid-x509, so why would we issue a code point to use it in TLS? - - - Mike Ounsworth Software Security Architect (pronouns: he/him) [cid:image001.png@01DA135B.249CABD0] [cid:image002.png@01DA135B.249CABD0] Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.