IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-oob-pubkey-06

Nikos Mavrogiannopoulos <nmav@gnutls.org> Sun, 04 November 2012 10:55 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C44621F86A5 for <tls@ietfa.amsl.com>; Sun, 4 Nov 2012 02:55:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gyb0rBrogyJ0 for <tls@ietfa.amsl.com>; Sun, 4 Nov 2012 02:55:40 -0800 (PST)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id C4DE021F8653 for <tls@ietf.org>; Sun, 4 Nov 2012 02:55:39 -0800 (PST)
Received: by mail-ea0-f172.google.com with SMTP id k13so2169552eaa.31 for <tls@ietf.org>; Sun, 04 Nov 2012 02:55:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; bh=8rur0My/A8Sfcfpp14qdn56AgB1kV0SuviOApTiYng8=; b=fnyhHoPsw8YGJ3DMpoyPzY1fBnMTE7bUtuVyyzgng300haScoNKdZyRZVXwxFYyTkV Sc7vMlXM0n0Gpj0hnqJZXf4uKFdlTgXRJu4xLolKdDpXLJbAqYDNLb6vFpR2hzWtWo7b jd17PcMKW16xc4x84a7XmEiPTOIc3sLACIU9DiPJ2Bb+DR4M9qPlZ/kXkvTDWO7mC9oa 1v4IvdR2/zFVQL4vKrPHvPKe/Fo2fzxJEvHv+J+S62Crsy+X83v7HQPPqhN/0cir0AGe 0QVhIHuZi7lQS1Q0sKEzdC0oZaNgyXd6qKbMERfMmJ8Tp4P44tRuYFDkIV/Dp6iIBZkx SJGw==
Received: by 10.14.219.2 with SMTP id l2mr25788535eep.3.1352026538935; Sun, 04 Nov 2012 02:55:38 -0800 (PST)
Received: from [10.100.2.17] (94-224-100-5.access.telenet.be. [94.224.100.5]) by mx.google.com with ESMTPS id f2sm38937328eep.2.2012.11.04.02.55.37 (version=SSLv3 cipher=OTHER); Sun, 04 Nov 2012 02:55:38 -0800 (PST)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <509649A8.7090706@gnutls.org>
Date: Sun, 04 Nov 2012 11:55:36 +0100
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120805 Icedove/10.0.6
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <5094553B.5060009@gnutls.org> <078C4585-EFCF-4871-B8AE-C5BBDDB90536@gmx.net> <509562B5.60407@gnutls.org> <4CB478E7-E6DE-4CBC-A35C-4632D937E2BE@gmx.net>
In-Reply-To: <4CB478E7-E6DE-4CBC-A35C-4632D937E2BE@gmx.net>
X-Enigmail-Version: 1.4.1
OpenPGP: id=96865171
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>, John Gilmore <gnu@toad.com>
Subject: Re: [TLS] draft-ietf-tls-oob-pubkey-06
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2012 10:55:40 -0000

On 11/03/2012 07:58 PM, Hannes Tschofenig wrote:


> I unfortunately missed the meeting last time so I am probably not the best person to reflect the discussion from the meeting myself.
> RFC 6091is an informational RFC and would require to be upgraded to a standards track document or a downref needs to be specified in the tls-oob-pubkey document. 
> Dealing with such a downref to RFC 6091 would be useful if RFC 6091 would actually be a good fit. There are two problems:
> 1. OpenPGP support in TLS is IMHO not deployed.  


Hello,
 I've never done a survey on the deployment, but I trust your research.

> 2. A problem I noticed with re-using RFC 6091 is that the certificate capability indication does not allow a client to distinguish whether it supports processing of OpenPGP certificates vs. whether it is able to provide OpenPGP certificates. For this reason the structure is different in draft-ietf-tls-oob-pubkey.
>>> I didn't see the need to add OpenPGP support in this document. 
>> So the idea is to have multiple certificate type extensions for TLS?
>> This was the meeting consensus?
> Luckily there are not that many certificate formats. If someone would want to define a new extension then they should be using draft-ietf-tls-oob-pubkey.


Shouldn't in that case the oob-pubkey draft obsolete or update rfc6091?
I don't think that both the certificate type registries should be active.

>> Why wasn't this brought up to the mailing list given that this overrides
>> the previous consensus [0] on the mailing list?
> I am not the chair of the group. I let them to judge consensus in the way they want. 


This was not a question for you.

regards,
Nikos

v2.23.0 | Report a Bug | By Email