[TLS] Re: Adoption Call for Trust Anchor IDs
Andrew Chen <andrew.pkichat@gmail.com> Wed, 15 January 2025 21:25 UTC
Return-Path: <andrew.pkichat@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFDBEC14F74E for <tls@ietfa.amsl.com>; Wed, 15 Jan 2025 13:25:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gh94B4hZPH1T for <tls@ietfa.amsl.com>; Wed, 15 Jan 2025 13:25:48 -0800 (PST)
Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A4B5C1D8D7C for <tls@ietf.org>; Wed, 15 Jan 2025 13:25:48 -0800 (PST)
Received: by mail-ed1-x541.google.com with SMTP id 4fb4d7f45d1cf-5d4e2aa7ea9so388222a12.2 for <tls@ietf.org>; Wed, 15 Jan 2025 13:25:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736976346; x=1737581146; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=o0qfQVJzKakRqFQEmMIyc9o5QrbSjxBHqy4aZ/mqswM=; b=Rv/AstQXOZOGXgcseGnzK/7pxZopeakcA4OLqih4BnefKwkgV4m26LgaEpqzhcX74K lYaO/9ruhQ/Cu0/nvJt2S9cIsYgrVd8ZIJRUduYzD2yGPkFdzw5BZrMHyRb36Pf6rED1 HE55YRUybpXcabJxQGxdhh96g+Ep5upHoTwPYElb6ZDXwecwVFN8seO3NqWBlmdqqiLc G+dPXiXrKjd0/LHVg+LAUB/GDbaM0hxLXConu9sD7JLoLsYgODVbwXOmIErsuwfdUXMY Ti6MO/hFvbyAjc25KT5hhs25WUXC3Wh41rUhVMEq7ib0cQpOb7EvNUMXoJIAtUOerDe8 SKNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736976346; x=1737581146; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=o0qfQVJzKakRqFQEmMIyc9o5QrbSjxBHqy4aZ/mqswM=; b=Ki1KreJh6QIZJoHddIyBNnGFhSkIPfdYIhN8mDrMppdTGafN26TZN8U8F+bOZRMo6Q BCLpBQHJW5DoGyN/IZVlH8ZUNqsIbVNVbtWYTJR3eXuW5rIyJ+DpccX00qK1MgFXWfkO dGUU0fCBxl1NfJiVthRpQ0kttQaFSczToJzdqMgt/QCKt04I36/vM+VGmFIhly1ES5Cj 8YeCK05855rj6+RtPE6APt9HBoeCHUOVvWg++OtayKFx6SA0QPN690Cik+Dbs7XPWwSe i8DNEU6K1GHLGoK7ocO74Z2jLGFRtXJxQTLgR5F4M6bMsI9PIipzFUCeT5qRXWQK14tw MpOA==
X-Gm-Message-State: AOJu0YwIFiw2gnEfnZefuwpw8tiGgy5FJ7dKdMGzHKt7fcOa3mJyCz+w GtXe4UJK6d9Gndat2Ef08feiH5UHRturhULs2uCtPwr4zAe6FGuJI74RqoouicY1PhJ64GUDeLA 8H6P+dlNXFSkX+Iu1g51cQ6U4Fx8=
X-Gm-Gg: ASbGncvpq6FfOs0H/5XmM22pNmYzpGOsNK+kN8rfSHnwmJyXbsfYQn7ihiM8omjHkpC exkW+6bT2sTKudrnRGwaMIyc4SPji+4+vUnMts5g=
X-Google-Smtp-Source: AGHT+IFlkHyTLJ3WYVJPvhjMSsU911WwVCVD9chJ7PtducqVHm8hCvrn9hBt1xtXxljRUYeV+54e3tefzI2h93BUoGs=
X-Received: by 2002:a05:6402:1d4c:b0:5da:9d3:bc23 with SMTP id 4fb4d7f45d1cf-5da09d3bc5fmr2600309a12.24.1736976346274; Wed, 15 Jan 2025 13:25:46 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoDHaHXAcpXjtzoA7U-T7B0LoqxSxXsbp7-Rq+gF3shj7Q@mail.gmail.com>
In-Reply-To: <CAOgPGoDHaHXAcpXjtzoA7U-T7B0LoqxSxXsbp7-Rq+gF3shj7Q@mail.gmail.com>
From: Andrew Chen <andrew.pkichat@gmail.com>
Date: Wed, 15 Jan 2025 13:25:32 -0800
X-Gm-Features: AbW1kvYvs2fZwmgF3eLWup69rSe4XJYYg3GypRYJkaDEA6FFfbaghmnE1XpU2KI
Message-ID: <CAJNT1YXVRp7wdhApRSFXV9-yZaqTcRkixgckZe_TbV=RY2zfAg@mail.gmail.com>
To: Joseph Salowey <joe@salowey.net>
Content-Type: multipart/alternative; boundary="0000000000001a6854062bc55279"
Message-ID-Hash: FU65SKG5LJ2XMDUNB5SD43VAO33XGQT6
X-Message-ID-Hash: FU65SKG5LJ2XMDUNB5SD43VAO33XGQT6
X-MailFrom: andrew.pkichat@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Adoption Call for Trust Anchor IDs
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CLzChdOrUMKm3dJazXRiaWmZhf8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I support adoption. My interest is particularly in the WebPKI space, where annual removals of web trust bits starting this year will make finding common trust amongst clients an exponentially harder problem over time. I’m sure we’ll discover inefficiencies and problems as we debate the details of this draft, but I think this group is the best one to work through those issues. I’m looking forward to a collaborative discussion. Andrew On Wed, Jan 15, 2025 at 8:01 AM Joseph Salowey <joe@salowey.net> wrote: > At the trust tussle Interim in October we had consensus that the working > group was interested in working on the following problem: > > “Avoid client trust conflicts by enabling servers to reliably and > efficiently support clients with diverse trust anchor lists, particularly > in larger PKIs where the existing certificate_authorities extension is not > viable” > > After IETF 121, we asked for submissions for possible working group > adoption as a starting point for this work. We received two submissions: > > [1] Trust Anchor Identifiers, draft-beck-tls-trust-anchor-ids-03 > <https://datatracker.ietf.org/doc/draft-beck-tls-trust-anchor-ids/> > > [2] Trust is non-negotiable, draft-jackson-tls-trust-is-nonnegotiable-00 > <https://datatracker.ietf.org/doc/draft-jackson-tls-trust-is-nonnegotiable/> > > [1] defines a new protocol mechanism, while [2] provides an explanation of > why the mechanism in [1] may not be needed and may be problematic. Since > the second draft does not define a protocol mechanism we are not > considering it for adoption, but we request that working group members > review both documents and use [2] as input into determining whether we > should adopt [1] as a working group item. Adoption as a working group item > means the working group has change control over and can modify it as > necessary; an adopted document is only a starting point. Please respond to > this thread if you think the document should be adopted as a working group > item. If you think the document is not appropriate for adoption please > indicate why. This adoption call will close on February 7, 2025. Also > please remember to maintain professional behavior and keep the discussion > focused on technical issues. > > > Thanks, > > > Sean, Deirdre and Joe > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org >
- [TLS] Adoption Call for Trust Anchor IDs Joseph Salowey
- [TLS] Re: Adoption Call for Trust Anchor IDs David Benjamin
- [TLS] Re: Adoption Call for Trust Anchor IDs Bob Beck
- [TLS] Re: Adoption Call for Trust Anchor IDs Andrew Chen
- [TLS] Re: Adoption Call for Trust Anchor IDs Ryan Hurst
- [TLS] Re: Adoption Call for Trust Anchor IDs Brendan McMillion
- [TLS] Re: Adoption Call for Trust Anchor IDs Robert Relyea
- [TLS] Re: Adoption Call for Trust Anchor IDs Loganaden Velvindron
- [TLS] Re: Adoption Call for Trust Anchor IDs Martin Thomson
- [TLS] Re: Adoption Call for Trust Anchor IDs David Adrian
- [TLS] Re: Adoption Call for Trust Anchor IDs Watson Ladd
- [TLS] Re: Adoption Call for Trust Anchor IDs Mike Shaver
- [TLS] Re: Adoption Call for Trust Anchor IDs Stephen Farrell
- [TLS] Re: Adoption Call for Trust Anchor IDs Thom Wiggers
- [TLS] Re: Adoption Call for Trust Anchor IDs Bas Westerbaan
- [TLS] Re: Adoption Call for Trust Anchor IDs Clint Wilson
- [TLS] Re: Adoption Call for Trust Anchor IDs Kyle Nekritz
- [TLS] Re: Adoption Call for Trust Anchor IDs Christopher Patton
- [TLS] Re: Adoption Call for Trust Anchor IDs Kathleen Moriarty
- [TLS] Re: Adoption Call for Trust Anchor IDs Dennis Jackson
- [TLS] Re: Adoption Call for Trust Anchor IDs Kampanakis, Panos
- [TLS] Re: Adoption Call for Trust Anchor IDs Nick Harper
- [TLS] Re: Adoption Call for Trust Anchor IDs Salz, Rich
- [TLS] Re: Adoption Call for Trust Anchor IDs David Schinazi
- [TLS] Re: Adoption Call for Trust Anchor IDs Christopher Wood
- [TLS] Re: Adoption Call for Trust Anchor IDs Joseph Salowey