IETF Logo Mail Archive

Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

"Stapleton, Jeff" <Jeff.Stapleton@wellsfargo.com> Tue, 10 October 2023 13:12 UTC

Return-Path: <Jeff.Stapleton@wellsfargo.com>
X-Original-To: tls-reg-review@ietfa.amsl.com
Delivered-To: tls-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1611C1BE894; Tue, 10 Oct 2023 06:12:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -22.506
X-Spam-Level:
X-Spam-Status: No, score=-22.506 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wellsfargo.com header.b="IaEzCL8p"; dkim=pass (1024-bit key) header.d=wellsfargo.onmicrosoft.com header.b="ggHMuhi1"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXk71cx0-A5U; Tue, 10 Oct 2023 06:12:24 -0700 (PDT)
Received: from mxdcmx05.wellsfargo.com (mxdcmx05.wellsfargo.com [159.45.87.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8E1CC1CFCED; Tue, 10 Oct 2023 06:12:23 -0700 (PDT)
Received: from mxicmsx02.wellsfargo.com (mxicmsx02.wellsfargo.com [10.114.41.218]) by mxdcmx05.wellsfargo.com (Sentrion-MTA-4.5.7/Sentrion-MTA-4.5.7) with ESMTP id 39ADCMux147900; Tue, 10 Oct 2023 13:12:22 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wellsfargo.com; s=2011-05-wfb; t=1696943542; bh=a5gObAzDN16pQ/j/ZZd+yIx89z1RoqJIncXvc+Hh3Fg=; h=From:To:CC:Subject:Date:References:In-Reply-To; b=IaEzCL8pivFzP6Zkc1sPH7An6ndEbPPbbaLqjxmUudGnsDW+1tHtsQZuoPPE7Ane+ 0bvc48Rz7oB0MZroP51HH0nxBmK+cVEMne2z1DfQMRNd1pAf0nxfB4moRL0gzetSHq iWwHgQvQVZVz4o4jiojBaRGGV9Cs+KAQTtXEt3jo=
Received: from mxeppi01.wellsfargo.com (mxeppi01.wellsfargo.com [162.103.20.114]) by mxicmsx02.wellsfargo.com (Sentrion-MTA-4.5.7/Sentrion-MTA-4.5.7) with ESMTP id 39ADCLmP195788; Tue, 10 Oct 2023 13:12:21 GMT
Received: from pps.filterd (mxeppi01.wellsfargo.com [127.0.0.1]) by mxeppi01.wellsfargo.com (8.17.1.19/8.17.1.19) with ESMTP id 39A5PBS5156874; Tue, 10 Oct 2023 13:12:21 GMT
Received: from mxicmsx01.wellsfargo.com (dlp-epvba3564.wellsfargo.com [162.102.208.106]) by mxeppi01.wellsfargo.com (PPS) with ESMTP id 3tjvea7bxs-1; Tue, 10 Oct 2023 13:12:20 +0000
Received: from MSGEXSV2D2401.ent.wfb.bank.corp (msgexsv2d2401.wellsfargo.com [162.101.226.196]) by mxicmsx01.wellsfargo.com (Sentrion-MTA-4.5.7/Sentrion-MTA-4.5.7) with ESMTP id 39ADCJlS233559; Tue, 10 Oct 2023 13:12:19 GMT
Received: from MSGEXSV2D3404.ent.wfb.bank.corp (162.101.226.15) by MSGEXSV2D2401.ent.wfb.bank.corp (162.101.226.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2507.32; Tue, 10 Oct 2023 08:12:18 -0500
Received: from cpvwe00a0017.xnet.trzn.wachovia.net (151.151.54.103) by MSGEXSV2D3404.ent.wfb.bank.corp (162.101.226.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.32 via Frontend Transport; Tue, 10 Oct 2023 08:12:18 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgeex.wellsfargo.com (151.151.54.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.25; Tue, 10 Oct 2023 08:12:17 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DivEjzICRdPdkprkW1q/4mH1Jj8A1RO7tflAn67IbJcVbILMci/evF3SAL27S5n1eLgxMXOQpT4h5VGe2gwi8t0/r9EnFS2I+trmecaawc3x98vfZalwVSmct4BW0IiI/IG3MiWxWPPRD+KaS+ABPBgEPvQEfcOnDOS4IiznMDtOEoVX908WCuYU2OQ8scdsvfPlXuJDUza4SiRBsLv80joyeIGQgYaHPUxWozjuyE3jGlm1VYCDWuhFNiXCS7YKzOZ2oF+8l5zOUaRCCz0GPagmLiF++NFMuspP5qyyPK+wma/VwdX5+TqSanNxNwqD+V2+xE1n0ajUax6y8vM6pA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a5gObAzDN16pQ/j/ZZd+yIx89z1RoqJIncXvc+Hh3Fg=; b=ZzTbqK8Bcuh0AYWBO9ulsH2N2NUwgQSFhDlh62hMHZ3dai8VUk986P8+5iQUENrHzYEuzgorErepBbg1Mz2dp5G4Op7gZmQfMoSL3JgqnXrS8tHR/BBUk6ZjdJYOklku4eF0DQYVC7IrXm2XqOcAfPzL7FaYERX7WYdf7B7kObLDHwLO/x64NPCz+eK4CqA1MCHpH9c2j8bTQ1K9BHQouYGsN9fLWLQgaE4aUn4ZdOHbtzr48wI/r3+o6xKa348i3hRrE/qLLX78cEXQtR4iKnG6RCkr6JslN8VbLgRCIEfjMAD0QKAxqv01Um5WxCfbWisxJYFZRt9Ugx2jSEnitw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wellsfargo.com; dmarc=pass action=none header.from=wellsfargo.com; dkim=pass header.d=wellsfargo.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=WellsFargo.onmicrosoft.com; s=selector2-WellsFargo-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a5gObAzDN16pQ/j/ZZd+yIx89z1RoqJIncXvc+Hh3Fg=; b=ggHMuhi1rMTbhlFyKbb3ffB2826qFvyCa1R78Rv/FzdkUO5TKcLQPCbSkl+X6PyPuJA63Bh+J6StlR5/kP4TUVtLqE0iGWEzslTDNqNeYHin7jRGmHTK7xmh9QeKgvGNdDow6Rk2fHVYJEj89sUHmD+VE2kxn/TfpFgVZhxPmEQ=
Received: from IA0PR11MB7955.namprd11.prod.outlook.com (2603:10b6:208:3dd::6) by SJ0PR11MB4911.namprd11.prod.outlook.com (2603:10b6:a03:2ad::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.37; Tue, 10 Oct 2023 13:12:01 +0000
Received: from IA0PR11MB7955.namprd11.prod.outlook.com ([fe80::6f86:7fd1:af53:ee2]) by IA0PR11MB7955.namprd11.prod.outlook.com ([fe80::6f86:7fd1:af53:ee2%7]) with mapi id 15.20.6863.032; Tue, 10 Oct 2023 13:12:01 +0000
From: "Stapleton, Jeff" <Jeff.Stapleton@wellsfargo.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "tls-reg-review@ietf.org" <tls-reg-review@ietf.org>
CC: "Bordow, Peter" <Peter.Bordow@wellsfargo.com>, "Rao, Abhijit" <Abhijit.Rao@wellsfargo.com>, "Anthony Hu (anthony@wolfssl.com)" <anthony@wolfssl.com>, David Hook <David.Hook@keyfactor.com>, "Steve Stevens - X9 Executve Director (steve.stevens@x9.org)" <steve.stevens@x9.org>
Thread-Topic: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates
Thread-Index: AQHZ+t/OOaVb/QSjHky9PZWBXT36N7BC/Vxw
Date: Tue, 10 Oct 2023 13:12:01 +0000
Message-ID: <IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDA@IA0PR11MB7955.namprd11.prod.outlook.com>
References: <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com>
In-Reply-To: <C92208EF-A6F2-4D42-A9AD-B796BB1519C8@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: IA0PR11MB7955:EE_|SJ0PR11MB4911:EE_
x-ms-office365-filtering-correlation-id: 5d035a7c-921d-40f6-07ac-08dbc9927dc7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hBrovy9TRe9Zun8aI/abrYv+UpfKp1Qm2xEl3qKxuGL55876bG6HWFOpVbEkbMmcKfCiVR1A72z7B0Vk2NxyUxXgxUHz+eLxl0hxe+JNoxniI76Cw0d0TuvFnleX0rpB0W+HIWEe3TJdo6P2+76gWenL5iU/fmvIBdcQj0K8YH3YtbrtJjXH94zdCr4QIHuNvc5cmDQ5TPzsK9r7jRp8a+E+iqQuBnkmSIL/Os6InZWYxoqEwytx3nD8+f+WUZOUYUraF3JH22K16Z99vJWYqM6kII/NCmI9xO4cdsUpV/EvG4DbdQ1c48y8PDvmK0144kepavMN90R2z+IpTrQicRQPPo9rrUYxHvcHDVaUmvL5xQHrm1r9Flmc6dl/JUoRm+z/VcKbxIqvFgdTyifSFjSyoL7Wum/kDkocpVXVZS5RydCwOINqVJS+Mpqfhv+xn6E+2nTJ6Bqj8MopCy+XBOB7f5DV1P+WyeqGHUYhFmC5Gi1a94VtrZlvWslo9eYBxhJ/Ca+XFauoK5jvfNKEvR0Kh3vFHNfGleNN+d8kg08NO+YQTRmhehw1FbEdFxUWlts9EhRM8zGQmajPkZJEZGHharspPH/X9R9tOE0vkGY=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:IA0PR11MB7955.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(39860400002)(136003)(366004)(376002)(230922051799003)(451199024)(64100799003)(1800799009)(186009)(33656002)(122000001)(86362001)(38100700002)(38070700005)(40140700001)(71200400001)(55016003)(9686003)(478600001)(10290500003)(8676002)(6506007)(8936002)(53546011)(52536014)(4326008)(966005)(41300700001)(2906002)(7696005)(83380400001)(10300500001)(5660300002)(10130500003)(66556008)(316002)(66476007)(76116006)(54906003)(110136005)(66446008)(166002)(26005)(66946007)(64756008)(579004)(559001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KUcAF4aDkrLCuwVzzgPTSBwt22oaDLM/eFo4gQkcdfvQq1nAD/WMC1IkjSgW0uK1+NfJU6f5/djjWVrOA1FlgykXBsRHr2Dha/gfgSJy+nnrPRN6PNl4kiTA4vyrPBcYVF0fT9l4CupP62bkFmaH1mOIcgldfiO+SILGDsILIrJ1ZaZ712CJJoDL6iZcEKZdDMH4atIyqzZZUt/KA8794aMtU+n+/CGTr5R5g9JS9nFMfwFSBL/2FGS9+xEjFBsMHogw+NmdYnihGXkV78JCC/JUOJtnZAI6Xv9ENzqHs7fDeYF9Qd+Z1jNBKwMKwtQnDmLPsISHO5zqR8cYnOfbTpeKxFoJ/12+jU0VQe6dvnOcFEHIBCuKs08on997jgFPMHX/ws8rjAz+CciHFk6ZoCfONOIWFQYAlRt5YAu0Lh/5DqUz6gzDYFEdi/0ldfXNmtp9Uq595FtcSuccP1iToSr2AS5ovk6XxMNP+WSCnWaTL3Kffn7uLyeDFjFBEfbfIGNB/UMeX0RMI5A6yhqAhWBCAA7H8v0t5jLaRLt0r1d47G9VzJmIdUYnifLmxMS2nBuLnUC7gP7EiIGQ/MMtDbhjk1935VoFPSRgnOV0yTon7TaPe6MGHIH0Rok9Qdvf6MW1KSWTTzCM5UDntgMSfUh3M0KZd6HBJkXmTTzQp6dJUiIBU0c1gfLBWWs8wnAaIZ5+dSx3+Bqm7wiWBkeAFgaRFFBhe408Wh7mhqQsZGZUGNnUU0VjXcV3evCFYa4gQdN1Gqfcq/wWXkKm842qWUnYdfyOdS/Vtn8AC86oBIYTUM2KXNsZe3Pey9+F96fugevcNDfAU5OLeuvwkTtTFJ+45puGj6cmHPC7msjcugCHgJrAjBzleWS/Y2M1aI85CVb3g/tAVEoZoXsLtYwmGM5RQWqTWXB6xEU7MCCXqbco7MWR1C5FGfU+t7wvGi+xgTWqKBIb0RDgrPWMPO3ZTKmUqbRrhZclxSggONC2LXbOjPF/bZ86K7g7DXlJKCbKUdDMbvzghe3g4R2B1exOb91B+9/+MWl93BsNT13jvHfKxhAqiUt1yu/Il0NFkfGHEefQUcs/JfGhtHdrOh7LxcudRZdbWbuSfvzme9xzsczM0fd4x7pfTxJkSlY5KElwKPy7oAb9cbbZYV5qliHgcZr/vPJzNN3vgOfk/LQCpeUPUii2WLeBScjCSZL1x3d8MhrsqokUuztbMdfX16WraUswp8fA/YC1lXaRZXz6Nl+FeevuCNVKGfd2Oai9GPa6XLKZvK7Md3P0rEEsqdXVY4YQLmUCCVMmLc5RHq5xdqTIdUSzs7w6aS2VSofaNjTZeoKDZu9J35OwLTJNbqB2qlHR+XePvLf1XFzmNojJShVVoYQaiw4RVMCwsN1w472+x/plifv88ypcrrfnwEgBxWww56SYvtolzMRBrd8q2qZD1D7Nd0wggyH7zvshZXXDJZqqftzRKa+exa62fWi1V8wREu0C0jW15xiTgVvWJm2k17WLmC50j6MVsreht+m+c2qy4H5/AFObDfoSwSzJXREXx3MThi36Qv9jnWriLMrKBex7RWbUyWLo/WHZRc2lU4ujh4EBvPo1sQYtbLoDPA==
Content-Type: multipart/alternative; boundary="_000_IA0PR11MB7955BAAECD9E2B36399B3AE9E2CDAIA0PR11MB7955namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB7955.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5d035a7c-921d-40f6-07ac-08dbc9927dc7
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2023 13:12:01.5441 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e122af3c-4c68-4e49-9c52-4ae1e25e91ae
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Wdow6dh6mSmDOlqUKEGFR/cTDRMcThvQUBSermUYdixE3Co2FwatrB4WLBpIhVYdYcSgKjqtFP71VmPWlB4YFgzl2zN0/7LT9knhoAllP4c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB4911
X-OrganizationHeadersPreserved: SJ0PR11MB4911.namprd11.prod.outlook.com
X-CrossPremisesHeadersPromoted: cpvwe00a0017.xnet.trzn.wachovia.net
X-CrossPremisesHeadersFiltered: cpvwe00a0017.xnet.trzn.wachovia.net
X-OriginatorOrg: wellsfargo.com
X-CFilter-Loop: Forwarded
X-Proofpoint-GUID: 8q8-Gf3qjIJDJVloXRCkO0ElA2X5ApTv
X-Proofpoint-ORIG-GUID: 8q8-Gf3qjIJDJVloXRCkO0ElA2X5ApTv
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-10_08,2023-10-10_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 adultscore=0 mlxscore=0 suspectscore=0 phishscore=0 bulkscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310100096
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls-reg-review/tOkbQ7Mdjr23Yl3YYIWP58KpCio>
Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates
X-BeenThere: tls-reg-review@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: TLS REVIEW <tls-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls-reg-review/>
List-Post: <mailto:tls-reg-review@ietf.org>
List-Help: <mailto:tls-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls-reg-review>, <mailto:tls-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 13:12:28 -0000

Rich,
Thanks for the quick reply.

Regarding submission via datatracker, I’ve used its search function, but never for submitting. RFC 8447 only mentioned the tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org> mailing list. Happy to do so but what’s the link? – sorry, newbie question.

Regarding the value “9146” sent a follow up email to Anthony Hu.

Anything else at this time?  Thanks!
Jeff


From: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Sent: Monday, October 9, 2023 1:39 PM
To: Stapleton, Jeff <Jeff.Stapleton@wellsfargo.com>; tls-reg-review@ietf.org
Cc: Bordow, Peter <Peter.Bordow@wellsfargo.com>; Rao, Abhijit <Abhijit.Rao@wellsfargo.com>; Anthony Hu (anthony@wolfssl.com) <anthony@wolfssl.com>; David Hook <David.Hook@keyfactor.com>; Steve Stevens - X9 Executve Director (steve.stevens@x9.org) <steve.stevens@x9.org>
Subject: Re: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

Are you planning on submitting that draft via the datatracker?

Are you requesting 9146(decimal, or 0x23ba) or 0x9146(hex, decimal 37190)? Either would be fine, as both are within unassigned ranges:
6683-10793
Unassigned
35467-39577
Unassigned


From: tls-reg-review <tls-reg-review-bounces@ietf.org<mailto:tls-reg-review-bounces@ietf.org>> on behalf of "Stapleton, Jeff" <Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org<mailto:Jeff.Stapleton=40wellsfargo.com@dmarc.ietf.org>>
Date: Monday, October 9, 2023 at 10:26 AM
To: "tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>" <tls-reg-review@ietf.org<mailto:tls-reg-review@ietf.org>>
Cc: "Bordow, Peter" <Peter.Bordow@wellsfargo.com<mailto:Peter.Bordow@wellsfargo.com>>, "Rao, Abhijit" <Abhijit.Rao@wellsfargo.com<mailto:Abhijit.Rao@wellsfargo.com>>, "Anthony Hu (anthony@wolfssl.com<mailto:anthony@wolfssl.com>)" <anthony@wolfssl.com<mailto:anthony@wolfssl.com>>, David Hook <David.Hook@keyfactor.com<mailto:David.Hook@keyfactor.com>>, "Steve Stevens - X9 Executve Director (steve.stevens@x9.org<mailto:steve.stevens@x9.org>)" <steve.stevens@x9.org<mailto:steve.stevens@x9.org>>
Subject: [Tls-reg-review] TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates

Attached for consideration is draft-stapleton-hybrid-x509-cks-tls-01.docx TLS Certificate Key Selection (CKS) Extension Using X.509 Hybrid Certificates. This document describes a Transport Layer Security (TLS) extension Certificate Key Selection (CKS) using hybrid X.509 certificates. The CKS allows TLS servers to negotiate with TLS clients for selecting the usage order of the native public key and certificate signature, the alternate public key and certificate signature, or both. The CKS options enable forwards or backwards interoperability when migrating services for large organizations during one or more cryptographic transitions.

The goal of this document is to introduce CKS based on the draft X9.146 standard and register the TLS extension “9146” for further development.

ANSI X9.146–20231002  DRAFT Public Key Infrastructure (PKI) – Certificate Key Selection (CKS)  for Transport Layer Security (TLS). This standard specifies a Transport Layer Security (TLS) protocol extension for certificate public key selection in certificates that possess more than one public key. The extension schema and its processing requirements are defined for both client and server participants in a TLS handshake. The current work focuses on hybrid (dual-key) certificates but its scope will include composite and chameleon certificates.

Note that X9.146 is copyrighted by ASC X9 per ANSI rules. If successful, this ANSI standard will be submitted to TC68 for ISO standardization, which per ISO rules will also be copyrighted. See links.

·        ASC X9 https://x9.org/<https://urldefense.com/v3/__https:/x9.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEN7kd7d$>

·        ANSI https://www.ansi.org/<https://urldefense.com/v3/__https:/www.ansi.org/__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aCmzdgxP$>

·        ISO https://www.iso.org/home.html<https://urldefense.com/v3/__https:/www.iso.org/home.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aEVvlpTF$>

·        ISO TC68 https://www.iso.org/committee/49650.html<https://urldefense.com/v3/__https:/www.iso.org/committee/49650.html__;!!GjvTz_vk!SrgNsy1QkgpiCGkSd-ArnFnwnPYWihywR_csGQpBqjgMBGD4xYVADiN5aI2cGHWp35_NxDsoB6vy2SjDA549aIzBvY2t$>

Thank you for your consideration.

Jeff Stapleton
Wells Fargo
Enterprise Post Quantum Cryptography (PQC) Strategy
Senior Lead Cyber Security Research Consultant
Mobile 817-682-1318

v2.23.0 | Report a Bug | By Email