IETF Logo Mail Archive

[TLS] New Version for draft-segers-tls-cert-validation-ext

Ashley Kopman <akopman@conceptsbeyond.com> Thu, 04 August 2022 17:51 UTC

Return-Path: <akopman@conceptsbeyond.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56EC9C14CF05 for <tls@ietfa.amsl.com>; Thu, 4 Aug 2022 10:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conceptsbeyond-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PXVtmoqIdwN for <tls@ietfa.amsl.com>; Thu, 4 Aug 2022 10:51:46 -0700 (PDT)
Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5C53C14F74C for <tls@ietf.org>; Thu, 4 Aug 2022 10:51:46 -0700 (PDT)
Received: by mail-vs1-xe2b.google.com with SMTP id 125so190033vsd.5 for <tls@ietf.org>; Thu, 04 Aug 2022 10:51:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conceptsbeyond-com.20210112.gappssmtp.com; s=20210112; h=to:date:message-id:subject:mime-version:from:from:to:cc; bh=SKAWKuPStGRFezL3UT+PxyL+ogkmwuwU8h/kqgeHMVQ=; b=G+mnHJ88bNs5eQDfIIXQq66TyQHSUP4lpeSMFh8zGEJ9qev4PRT2P9tNAj8yr22L0e vJ04twD3WZT1ic3NyMClH6idhC8fXFchyMZAM8L3UHT3vs3KRjN6WcELtrWANXOrUq5m dTL0YoSBMTJmKHIJrfTL9nuzdcxKG/R2pzUFy/qg7W8Kj2UjGNxJZFQLruHxdAdejiJM AjrovWizHkdyoESIIkE078GDyZkbkmuSSJ6yh0knkEr9wR+mGZ8WYQVBtNaRGdfS3kNZ UM56BNrkJQCMzp4FBihExmabOcW+uKH3ivKrX/aM44Imv2oRxUv+Rph/SBU0To+dxN0s IDpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:date:message-id:subject:mime-version:from:x-gm-message-state :from:to:cc; bh=SKAWKuPStGRFezL3UT+PxyL+ogkmwuwU8h/kqgeHMVQ=; b=R1Si1B88aiJpTCZJluEs2bhnmpbcxmCCbU3Cn3BdECA3GSDZgaToIRpaBCalwUejus c74BCRtCCMbjkQNrkW2yrb3/JhSnufUA06xLPOc9RjXVqCoqiBG4uXvz+g9OXWHNAveH KkQNQO6FXRBkXNaWm2TMKfwl1QO2hZkEnYP83q1Pk6tyJk4vI3bj5XiPWCKMO/WVPDn4 75AYVH1cRXl5QkutnLvob8aNEBrvi2LBJnkF3GOQTbUAUx/Ay7xCR9gg7iIaBcAtBJgj Ff/hgK9aNtbA0b9OVHJm15aaYGNOV0pNaR7JLN9TWo3R7OouIsjZ9vxPucaPOwSlJQzV C4Kw==
X-Gm-Message-State: ACgBeo26WoBBXICXMuXRd54O+XwBO6AJOjP0Qkqcus49o7qF87UyJ/1Q Z9Xtb0ANdXOuOmlFU73Qm5oJZ5Dm6uoev0azUP+dX8QEr4STQ46JeLsodM+RroJgkikhOWWy39M IJhmM3fcm3OoPI6zrtY3aUV8JEjS1jZJem0cOBKfp/Dt4Sx6xcOIzzeagDROYiv5S
X-Google-Smtp-Source: AA6agR4GQS5ORa56s2xmtH18y0yJQa1llEYH+i3tljpH8vV2Xi2sDz28eFrNM1ZFr5yBpTsJ/CMLdA==
X-Received: by 2002:a67:d893:0:b0:387:99d9:c5fe with SMTP id f19-20020a67d893000000b0038799d9c5femr1327772vsj.82.1659635504995; Thu, 04 Aug 2022 10:51:44 -0700 (PDT)
Received: from smtpclient.apple (2603-9001-6b00-3cab-e966-31d0-1a1a-b488.inf6.spectrum.com. [2603:9001:6b00:3cab:e966:31d0:1a1a:b488]) by smtp.gmail.com with ESMTPSA id n24-20020ac5c258000000b003761065fa64sm1199394vkk.51.2022.08.04.10.51.44 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Aug 2022 10:51:44 -0700 (PDT)
From: Ashley Kopman <akopman@conceptsbeyond.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D8F219A3-0078-4353-AC60-B513D804A373"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Message-Id: <5E806294-2F82-4CA5-8E60-65E65EF64FB2@conceptsbeyond.com>
Date: Thu, 04 Aug 2022 13:51:43 -0400
To: IETF TLS <tls@ietf.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0jUPLz-SsBVPUzoBMLkch_7YttY>
Subject: [TLS] New Version for draft-segers-tls-cert-validation-ext
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2022 17:51:47 -0000

Hi,

We presented this work at IETF 114. Thank you to everyone who provided feedback. 

I have removed the extensibility to future path validation types and limited the scope of this extension to just SCVP. I have also added discussion on how the server should handle it if other path validation extensions are added in the future (at the end of Section 2). Version 03 is available for review https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-03.html <https://www.ietf.org/archive/id/draft-segers-tls-cert-validation-ext-03.html>

I am new to the IETF, so I apologize in advance if this is not the correct process, but I believe the next step is to ask that this draft be considered for adoption by the TLS Working Group.

Thank you,

Ashley Kopman

v2.23.0 | Report a Bug | By Email