[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Eric Rescorla <ekr@rtfm.com> Sat, 03 August 2024 15:19 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0E6C14F6E9 for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 08:19:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DtmLN_9VR6XP for <tls@ietfa.amsl.com>; Sat, 3 Aug 2024 08:19:02 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D3A7C14F6EF for <tls@ietf.org>; Sat, 3 Aug 2024 08:19:02 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id 3f1490d57ef6-e04196b7603so7389439276.0 for <tls@ietf.org>; Sat, 03 Aug 2024 08:19:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1722698341; x=1723303141; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ryibwlS6CoGlg0bIYW90ccBbpUwFx9w8slq66GOz5EA=; b=JnooUNsF0qXEs42616r0p5byuKgJsAOW2YCn/C45XP2I0Ui3LWYG0KeQaynrQyJj5M UpicDTZ15+xKzj/v2stp1id/yJ1r4rtVgaT8TRcfa05QqgX9ErQ+JRETHHbH878sRSXm Ar4BI+CMHNlWp3zD0VKyFG/JF4bhIKWvlidVzQriCLvBV6w2bVdkjoF7zHKmqqUxEokj htHtecycR4jEbj3BoUD/mG3lI2IqmAoKjeEzzOHD3jv0cTYB2WgMpqr1DNbWuC37om0v WsTPlzVN5S+JgBQGn4UyPSI7TAfGWHdzj8mdXNOk8RgS1kk0mOAmFTbN1nAK8Z0vnoak jghQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722698341; x=1723303141; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ryibwlS6CoGlg0bIYW90ccBbpUwFx9w8slq66GOz5EA=; b=p2AylM1OrsqXX6XH+UFYJe465yqSZg80WCkJaaQMIMkbWXVVY1N+kOE08ELD7c5rhQ AmbNI7oZTvyrN+XmgiVlvDqzitK3ZHRXBWyUHld8qdleVmgqpDtOOOfflqDoyX4trRhB 0Vx3/lEkcZGwwWNnd22Zf6KboKiPtmkQlxPKScSc3IBo9hNYcnFOLEZ4dR0wgLd+shti LXs6YtPS1ZeNgxvbjWR5BZ+xbLjja+oeua+TK1UCPQuH6yE1PUyWk1rJX6UMPFFpIv60 Hk5pRiW4aaUjVQwRIytMyazLNDqWXFUFSaCrF/bmnmCTPaRIOFciN7+LVQ1P113sESly tDRg==
X-Forwarded-Encrypted: i=1; AJvYcCXtQFUea6Y+FFxKbaoL7e0bzjLT2QueNjL1VdyRyPrL06vu7BCdHOCVZdaUcpUj4t4TWiJUjucIX7xwNJ0=
X-Gm-Message-State: AOJu0Yz/jLGCpzigGQ+iYZNW9g9u/e18E0ZgW1i0ahEtqK91dTxSS6nY ZM4s0YTOv1S0iVHOCPRW3gioRt2lwrMjxjeRIU4/iUN8ZT/zbxKps/XRrV1TFS9fa9gkHACv0es vRezRFkaQ4Iko3R5PbAR929VMT8xsvfvJ6B3fCg==
X-Google-Smtp-Source: AGHT+IH8VZrn8frNC9uVMNZn8LwqB6h+LO8hsBGFYRNRXPRP8AUZYnqkYjSYb75MIN8qZEl8M/H3bYbtPlXgOzDS50w=
X-Received: by 2002:a05:6902:1b09:b0:e0b:fe08:79c9 with SMTP id 3f1490d57ef6-e0bfe087b2fmr1351528276.24.1722698341255; Sat, 03 Aug 2024 08:19:01 -0700 (PDT)
MIME-Version: 1.0
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com> <0d0bd7c0-a34d-47e7-84cd-22f25537495e@dennis-jackson.uk> <6114AF6E-6A7E-4CD7-BA19-3B2E25B7F697@akamai.com> <LV8PR21MB4338446115FA314EC48CB77D8CB72@LV8PR21MB4338.namprd21.prod.outlook.com> <SN7PR14MB64922D77E880AF02544F815C83B02@SN7PR14MB6492.namprd14.prod.outlook.com>
In-Reply-To: <SN7PR14MB64922D77E880AF02544F815C83B02@SN7PR14MB6492.namprd14.prod.outlook.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 03 Aug 2024 08:18:24 -0700
Message-ID: <CABcZeBOqHtMs4DeBWExX7xtdb5z6ENvUwrfE6o7BvoMOdctnFA@mail.gmail.com>
To: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000afac46061ec8f6a8"
Message-ID-Hash: GQ5GYDYJJQN5HVKTYQHXVDSF2F6PDKD2
X-Message-ID-Hash: GQ5GYDYJJQN5HVKTYQHXVDSF2F6PDKD2
X-MailFrom: ekr@rtfm.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9nv24f_Yss9zU0D3rEjz0WfyNUM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I agree that an interim focused on this topic would be a good idea. IMO the best place to start would be to try to build some consensus on which problems we want to solve (including whether existing approaches are sufficient) rather than on the details of specific proposals. Once we've done that, the WG will be better positioned to address those problems. -Ekr On Tue, Jul 30, 2024 at 12:47 PM Tim Hollebeek <tim.hollebeek= 40digicert.com@dmarc.ietf.org> wrote: > I agree with this. > > Also, the poll that was done at the TLS session is prone to being > misunderstood. > > There was a poll about a preference between the two drafts, but the > question > of > whether either of the drafts is necessary was skipped. I don't think it's > fair > to do > a presumptive close on that unaddressed question. > > Someone asked on the chat, something along the lines of "does anyone other > than > Chrome want this?" So the question is out there and deserves an > intelligent > answer. > > I happen to be one of the people who perhaps does want something like > this, > but > I want to have a full discussion on where we're going and why, instead of > prematurely > focusing on any particular draft or solution before we know what > problem(s) > we're > trying to solve. > > I realize Google has spilled a lot of electrons on these questions, and I > think everyone > deserves an appropriate amount of time to digest and think through the > complex > issues > these drafts raise. > > And I think and interim to focus on clarifying these important issues > would be > helpful. > > -Tim > > > -----Original Message----- > > From: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org> > > Sent: Monday, July 29, 2024 1:49 PM > > To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>; Dennis Jackson > > <ietf=40dennis-jackson.uk@dmarc.ietf.org>; TLS List <tls@ietf.org> > > Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120 > > > > I agree that an interim meeting would be useful. It seems unlikely that > we > > will > > make much progress on the mailing list alone. > > > > Cheers, > > > > Andrei > > > > -----Original Message----- > > From: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> > > Sent: Monday, July 29, 2024 9:00 AM > > To: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>; TLS List > > <tls@ietf.org> > > Subject: [EXTERNAL] [TLS]Re: Discussions on Trust Anchor Negotiation at > IETF > > 120 > > > > >The Trust Anchor Identifiers draft was first published only 4 weeks > > >ago, received less than 10 minutes of discussion in the meeting > > > > I strongly agree with this. Well, actually, everyone should be able to > agree > > with this because it's two factual statements. :) > > > > I think the challenge of having an interim will be that one group will > want > > to > > discuss the details of the proposal, while another group will want to > > discuss > > the details of the problem we are trying to solve. I hope the chairs > will be > > able > > to make things explicit and keep the discussions on-topic. > > > > If the authors share Sophie's opinion, they could withdraw the Trust > > Expressions draft and just leave Trust Anchors as something to be > discussed. > > > > > > _______________________________________________ > > TLS mailing list -- tls@ietf.org > > To unsubscribe send an email to tls-leave@ietf.org > > _______________________________________________ > > TLS mailing list -- tls@ietf.org > > To unsubscribe send an email to tls-leave@ietf.org > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS]Discussions on Trust Anchor Negotiation at I… Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Sophie Schmieg
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ryan Hurst
- [TLS]Re: Discussions on Trust Anchor Negotiation … Watson Ladd
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Salz, Rich
- [TLS]Re: Discussions on Trust Anchor Negotiation … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Eric Rescorla
- [TLS]Re: [EXTERNAL] Re: Re: Discussions on Trust … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara