IETF Logo Mail Archive

Re: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 14 June 2022 21:01 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8CDC157B52; Tue, 14 Jun 2022 14:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.627
X-Spam-Level:
X-Spam-Status: No, score=-9.627 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gOF+RRrJ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=WehdYa2z
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6rOi8zY_QJ24; Tue, 14 Jun 2022 14:01:38 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63E0DC157B3B; Tue, 14 Jun 2022 14:01:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13855; q=dns/txt; s=iport; t=1655240498; x=1656450098; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=gsNJszIlbB+DV3WzRDFTqBKZYc5RpmTrSs5UhIkq2q8=; b=gOF+RRrJTYAK4v2DozQtK3LKvHbXkavzve0QelJl5Atqf+4BsX68Qc/s uVkQGvhMKfdnPZyPnt9rDrnu3p3gPm3e37J14xgjKNB2jE+M0XyDRqok3 eoJszWo4t8ZOT4i1wRjcBTGoSxKT6dENVzU2oUq+8pHutDuAMjqD2Z/Ri I=;
IronPort-PHdr: A9a23:2+J2lhNk/MRiNmnKtBAl6ncDWUAX0o4cdiYZ6Zsi3rRJdKnrv5HvJ1fW6vgliljVFZ7a5PRJh6uz0ejgVGUM7IzHvCUEd5pBBBMAgN8dygonBsPNAEbnLfnsOio9GskKVFJs83yhd0ZPH8OrbFzJqXr05jkXSX3C
IronPort-Data: A9a23:L8RMyKuoGp3FUnpYOeE0wtLJGufnVMBcMUV32f8akzHdYApBsoF/qtZmKTiCOP2NajH0foxxbIW+oUhSucfRzIVrSARkqi03Hy1GgMeUXt7xwmUckM+xwmwvdK/shiknQoGowPscEzmN/39BDpC79SMmjfzRGOKlYAL5EnkZqTFMGX9JZS1Lw4bVsqYw6TSIK1vlVeHa+qUzC3f9s9JACV/43orYwP9ZUFsejxtD1rA2TagjUFYzDBD5BrpHTU26ByOQroW5goeHq+j/ILGRpgs1/j8kDtej1738aEBPEvjZPBOFjTxdXK3Kbhpq/3NplP1lcqNHLx4L0l1lnPgpoDlJnZGuWAEiPaDkk+UGWB4eGCZ7VUFD0O6bfinm6JzKliUqdFOpmZ2CFnoeJoAR/M5sBzpU+boTLzVlRhKEisqtyba8VeR9wMIuMKHDIIcEknBt0T+fCuwpKbjfR76P7t9R3S0rrsFDAfiYYNAWARJjdh3Of1hON0sZTY46h6Kzm3P0fidEs3qUqLY5pW/Jw2RZ0bX2P/LUd8CEA8JPkS6woGPN/EzyBhYHONKbwCCItHmrg4fycYnTMG4JPLS88vgvi1qJyylDThYXTlC85/K+jyaDtxtkAxR80kITQWIarRHyH7ERhyGFnUM=
IronPort-HdrOrdr: A9a23:hckrwqgL1vR0qq+PLh0FTR82NnBQX5923DAbv31ZSRFFG/FwyPrBoB1L73DJYWgqNE3IwerwRJVpQRvnhPpICPoqTMiftWjdySWVxeRZjLcKrAeQYxEWmtQtt5uINpIOdeEYbmIKzPoSgjPIaOrIqePvmMvD6IeurEuFDzsaEZ2IhD0JbTpzZ3cGPTWucqBJcqZ0iPA3wgaISDAyVICWF3MFV+/Mq5ngj5T9eyMLABYh9U2nkS6owKSSKWnZ4j4uFxd0hZsy+2nMlAL0oo+5teug9xPa32jPq7xLhdrazMdZDsDksLlXFtyssHfrWG1SYczHgNkHmpDp1L/sqqiLn/4UBbU315oWRBDtnfKi4Xi57N9k0Q6d9bbRuwqTnSW+fkNgNyKE7rgpLycwLCEbzYtBOetwrhGkX9A8N2KxoA3to9fPTB1kjUyyvD4rlvMSlWVWVc8EZKZWtpF3xjIeLH4sJlOz1GkcKpgkMCgc3ocgTXqKK3TC+mV/yt2lWXo+Wh+AX0gZo8SQlzxbhmpwwUcUzNEW2i5ozuNwd7BUo+Dfdqh4nrBHScEbKap7GecaWMOyTmjAWwjFPm6eKUnuUPlvAQODl7fnpLEuoO26cp0By5U/3JzHTVNDrGY3P0bjE9eH0pFH+g3EBG+9QTPuwMdD4IURgMyweJP7dSmYDFw+mcqppPsSRsXdRvaoIZpTR+TuKGP/cLw5ljEWm6MiX0X2fPdlz+rTAWj+0P4jAreawtDmTA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AzBgDea4Ji/40NJK1agliBITFSB3UCWDlDhE6DTAOFMYUJgwIDgSmUfIUTgSyBJQNUCwEBAQ0BATcLBAEBhQICFoUoAiU0CQ4BAgQBAQESAQEFAQEBAgEHBIEJE4VoDYZCAQEBAQMSER0BATcBDwIBCBEDAQIrAgICMBoDCAIEDgUWDIJbAYIMVwMxAQ6fZwGBPgKKH3qBMYEBgggBAQYEBIE3ARZAgn8YgjgDBoE8gxSEJwEBgmGEQiccgUlEgRUnHIJnPoJiAoFIOA2DKTeCLpMDgl4HOgMcOIEFEoEhcQEIBgYHCgUyBgIMGBQEAhMSUx4CEwUHChwOFBwkGQwPAxIDEQEHAgsSCBUsCAMCAwgDAgMjCwIDGAkHCgMdCAocEhAUAgQTHwsIAxofLQkCBA4DQwgLCgMRBAMTGAsWCBAEBgMJLw0oCwMUDwEGAwYCBQUBAyADFAMFJwcDIQcLJg0NBBwHHQMDBSYDAgIbBwICAwIGFwYCAnEKKA0IBAgEHB4lEwUCBzEFBC8CHgQFBhEJAhYCBgQFAgQEFgICEggCCCcbBxYZHRkBBV0GCwkjHBwQCwYFBhYDJlIGIgEdlVkIgUyBFwQoIwggAoFgESQGOgOSFIMNRol5n1yBJwqDTIsalHAELYN1jD6YJIVXkQ+NJ5RJK4RjAgQCBAUCDgEBBjWBLDyBWXAVZQGCPVEZD44sFoNQil51OwIGAQoBAQMJAYI6jl8BAQ
X-IronPort-AV: E=Sophos;i="5.91,230,1647302400"; d="scan'208,217";a="947911811"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 14 Jun 2022 21:00:34 +0000
Received: from mail.cisco.com (xfe-aln-004.cisco.com [173.37.135.124]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 25EL0YY9017001 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 14 Jun 2022 21:00:34 GMT
Received: from xfe-rtp-004.cisco.com (64.101.210.234) by xfe-aln-004.cisco.com (173.37.135.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Tue, 14 Jun 2022 16:00:33 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-004.cisco.com (64.101.210.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Tue, 14 Jun 2022 17:00:33 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IvkhViIiKeeLSxvdH4Fi7ot9X1SlLqwaqcnv2u03kSmiIyJYdwNA/KQ6zIAHtVFn0ucryoLR5nx4dZG4ah5gwNo7mlyyWrrby3NbWHdQy3+gE+gJKATEw1x9Fymc9sdYcg2K/fx6c622NVfgYHUgl8SUd9CaXd4vdGezp51bfH8bGLsPx0o18NbssNNthfYbVTetxo58+I0AV9hU1p8DWN1dBDxctZiilgf6ahyg0dU2an8sNiepv7A+SABumcvKofPqZk6j4ZTjn7RI+I3VY3ehGiOAECcMQ27xdx2i2LtlT+MAsVcAYCosHLg9tmIvkJVBKKnmibgCNVTGktc8xw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gsNJszIlbB+DV3WzRDFTqBKZYc5RpmTrSs5UhIkq2q8=; b=LNCN24YzXEMwgaFta8YpsP6HLxdcqucP3CeoLb9ScvkVuEmvm1H/IYQ3YdPWF4JVccGqQ3V67xyFOw7X6gvvNYdbfA9sP8+jZwTiMQ6vuSVuZsqyjPzFdsv4nXyJNBAIDVyP15hUfA3N5ne+q7s1c7t3yVheUjP2fKINzRjK7/ZCYctv5B3RMFIQ9NnRl6CVeWaIs/XsZERfmo/+c3f4REJEeVqiukyB27YJLxHNkmRxf23CmjB+M2ZEjk7S4r+1cxNp0ZQlGN0BZybN/K9Edp5j97nlPdwxVWUYzHqz2UvVji/CwpuSEx1hkP0+cwTV1qbk3WG+P8zbbWMb5sCKqw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gsNJszIlbB+DV3WzRDFTqBKZYc5RpmTrSs5UhIkq2q8=; b=WehdYa2z4G/dvIsfMDpbFpAUrz4pfMTT3EGoME4nh78V1xWHeE5pGWxRAFdhc2Ok1K2JSSL0tcpjvwfUbGpusPzkp6oWxAp9Z+UyCmBuHDIdHkiXplkb5i/b0iLTeO20Vg13Ao0YLns9L+J4QmrpmVqtfuK+itcGQsgO+CkHtFA=
Received: from SA2PR11MB4972.namprd11.prod.outlook.com (2603:10b6:806:fb::21) by DM6PR11MB4121.namprd11.prod.outlook.com (2603:10b6:5:199::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.13; Tue, 14 Jun 2022 21:00:22 +0000
Received: from SA2PR11MB4972.namprd11.prod.outlook.com ([fe80::c9c0:b0fb:536e:fd3b]) by SA2PR11MB4972.namprd11.prod.outlook.com ([fe80::c9c0:b0fb:536e:fd3b%3]) with mapi id 15.20.5332.020; Tue, 14 Jun 2022 21:00:22 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Nick Sullivan <nick@cloudflare.com>
CC: The IESG <iesg@ietf.org>, "draft-ietf-tls-subcerts@ietf.org" <draft-ietf-tls-subcerts@ietf.org>, tls-chairs <tls-chairs@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>, Joseph Salowey <joe@salowey.net>, Sean Turner <sean@sn3rd.com>
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)
Thread-Index: AQHYgCei/6aEAyuGTkCP/hBx/2cc561Pc++A
Date: Tue, 14 Jun 2022 20:00:14 +0000
Message-ID: <B94973CD-A43A-4B4C-86F4-FB05D2CBD298@cisco.com>
References: <165399077061.5793.17870357533836784689@ietfa.amsl.com> <CAFDDyk-zSvo3owkq_BH_Hbbr_qQkm1dxufm_YQxaTKesKKXcsg@mail.gmail.com>
In-Reply-To: <CAFDDyk-zSvo3owkq_BH_Hbbr_qQkm1dxufm_YQxaTKesKKXcsg@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.61.22050700
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c6569325-0d68-4c77-bede-08da4e48e57e
x-ms-traffictypediagnostic: DM6PR11MB4121:EE_
x-microsoft-antispam-prvs: <DM6PR11MB41216D7244CCCAEF62460365A9AA9@DM6PR11MB4121.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 97zF7tL7TO5zD5SwX/JsGxoUvNkyBTNpBRpN/EIWxusMZ9s/recdtBUkjE4xbTMUBY4yB+dIlq3XE40sX9aY8Rs3gIZlDFgOKispPVZehkHR5BN2yrxLmw95/MOxqeDpBpLNk5AP+dNkNJBEBJS8xNF7sVRWxMSDg3pqiaIqKw7+0UC6ak53gv+L/yo8PW/LupcmgfUV3ybJgQEMYk+2dBLAayN/FONznxpRHWcccI3gQHAxwpdc5J4eBo09z5JsG2xlzhkouQKDgD8Jw+QipEQO7cz0CTZJdfm7bWQj9pDn4HUVFf1Yu9IG0fFUUG78txlW5R+V/RxsmnwuUF23qNpzvzm5JFiIez0PkllpTubkOVitefSgwP0H0grAbyk+9KmkD0AY4InSmnsuThPLRoXpEuQvX+9eXrXnQrHppB4W+64gJuSzRLh/1yE6VAz8snM7KnWjJJKDdOJsxYWbTPlvfEugeWAlVm0UFIumJbg9dcd4VGAbctk4Zim3KbrMcWxklJRq0BocNm6Y5InBVt/0NOS0QxyJn8Jw/cKRBkZv9Aqwabi5IuYfyIKhs7nY1oTdSZf5bw6n+XaSGLZiMOLlGQr/hQKjnk/HCOTNBb8hxDuzyY5Ck0SkaYMnU6WucF7NxueG0GjKwx86/n3Y54iga6WG4m1NDE/edQ6EQERnDHr7VEdkXzj572izEdgInY+6yoBL4iCw1NJDq12LhOj9+5tBbRniDzl2hAeJ4HYR17ZnYmMq8XwagBsbiTnJlUd1AarntDOyu6EuNoobHQjSO4z+3OD3NjyZO7yeV2wRyhLNGg8fki8vInSopPx/LeCzoAz8jDTM5QhfqOZmwsZWo2B5XAJJqYYrq9YM2XA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA2PR11MB4972.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(508600001)(2906002)(6486002)(6512007)(966005)(8936002)(53546011)(316002)(5660300002)(71200400001)(4326008)(91956017)(6916009)(66446008)(2616005)(33656002)(54906003)(224303003)(36756003)(66556008)(66946007)(64756008)(76116006)(66476007)(66574015)(166002)(186003)(6506007)(6666004)(122000001)(38070700005)(86362001)(83380400001)(38100700002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: q3dY6SFR8HNig3eNa1GmXKraU0bbAHOHS8hX/HG9gSGiMiaiMqt3RRWxjnKaJaTQCWorVQ4CX8bEfPd+XBLxmYtpaPj6md0HAuMqQ+T9axmmIfIs11Hi2iwSrs/h3fL/f2K4GiJ6NIGR1C2zw6WJXKZQfpHwOWpE7k23bhFeOw866LnELMI/KigdvXY46H1DcXZkiJDA/Ct8FmKOprgaF7KwMVTdCwHBLAU7JzEidafzXbwTLFySt/By1arUQ6/wTTkL4P4XAiQD+HOryiKExrxiaFuxYe1wORpTyMPkwD45Zv4+aBzoMeQjWizuMjKrziuwblfbs51e00c8lN1taCI+9TmCBl2WWdjpyY9kduOPmrs1lzbUdHmm4DY8AV3cNIMpy9UIhmUGbswa1hV4fuSfm+lNWnSYOeUaDGMP7S348yTFajHwcEPnHv9PJN29iSzK2hEJeEBWktreZOfEBmmG9GIh8KMhdgEtxBzPN2SZVSLFl21RBGl0GQxIfi5qKdNIpu6J+jnfJd9RC8JJAE+f/LSdcgH9uIgLPG6BY/j3fQd2BOu1lMdClY9diavONCJYZeDA0aa8rHHSlIGJ4bJaSM0Wqn3xcHhnaNfC9Wwqknxo4ZeboI6DD2dFxEa8vtmQEGzqazMgCAsADNR22K2Et/fi6bVJruPsO9+etpWMfZPcVL4ppYd0IYLBVt3EcQM1h/MtfweP9iySP/kVWYp6CmiiYGHSqy/Zh0EGp6l1V+SdVk+txYKHg1avv30DzR847N4CadMl4NuDPtPrcmzE0tA7gRaNGzpKnAYcmx2g54n3GLkYC6U2GacEtKV7Y/heJf7ckDwUqZonQvegdsCptTMZSCZmB9q+Q3vR3oTL5i5W7ez8UbGUN2ltiPfJoiirKJXu+dLbKmuWegYhWZ2YsxeDV7ZbKk4ANhoICk66hkqiqaTtfHUw1Ac+ejZHTukMJyZRk4YJXNhw3MrBZ24TxPVWiM1ZqAqLUIbjzagcw6dBytte21/7ZuGL9z6N54yQmXItm6nZoIxkhP22Yp4OWg2xAxUswuSrHuG0+UOW27+c7Kbb/g599LszFvYxdzFb1WoYqQHI72XEuyTZSzY2+qIqm9+AIE501FHGD4RAGfsWPtfn22XYRJf797MRO6gl1wNxGaxVTC5jI4OLLYS6EqT9w5TMnU3hCAlrlY2504gIrDIEwZmJHZPqsB6UpvVdYNfV0bsUdaIp+QsfrnpPE8qAw8ZwhxDfjUM3EmfBhhWDm9jolUlVns0ORXRKnFCRoJrNIFKDN2knGhG5AnXnvGWEW1HVgNypkI34ZqJwSu4ACFB0Tix6FBwR6qWIe27GiGIJrcTTD4CvPMy3rsg0lVlWfAIxfJWI8TxS5mgJU5upYcJjQaV4ct0dbkk2WiS5fqy15CP80/sZFMX4qbrZI8aY5tlpOkVxiXej2BIWEieBAzrpQWHVL88azjJNnQKJ1xosJxsu2tGbtyS6cyFn27Dk3wW68o/jrRc+0eij1oNKLeQjOH1zyYpcWsLtimf7CGuoMQM2CHA852uv0so4l5DydyOq82nwpzLBJmLTUgVsj75SkAqaNOeyg6VTYdHvi7tNgtOuRXqk5YFqt34VkvSz6XhSaLchE8JyaO1ONv2RoHWV2Dej4tVogtCfuQW7RsPx8wLNr6a6gS8Q+zZTyWfNZRmO0t2PHRnscUvEnghswB68CZnG2VBhjsZHe4vQ1rYe76ZUrsXEmzpQZnQwTJ6Hssl+sCPssE1M76iGedNrcm9Oi/111t3hnQ9Ko6oSCeyB
x-ms-exchange-antispam-messagedata-1: BcKjlmENHDQeXg==
Content-Type: multipart/alternative; boundary="_000_B94973CDA43A4B4C86F4FB05D2CBD298ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA2PR11MB4972.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c6569325-0d68-4c77-bede-08da4e48e57e
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2022 21:00:22.1090 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XvhLZTjwozx3l5nnoyu0aTxdlFGX5iY+b6xgRBK1uTksNclmZ0jvgfwOcCHe+JXnNd9F4BU7MQTktX1ifxCDYA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4121
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.124, xfe-aln-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/FMQor7vDx0NfzBJCtxCRblqsu70>
Subject: Re: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 21:01:42 -0000

Thank you Nick for your reply and for the changes.

Hope that this helped to improve the document,

Regards

-éric

From: Nick Sullivan <nick@cloudflare.com>
Date: Tuesday, 14 June 2022 at 12:47
To: Eric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-tls-subcerts@ietf.org" <draft-ietf-tls-subcerts@ietf.org>, tls-chairs <tls-chairs@ietf.org>, "<tls@ietf.org>" <tls@ietf.org>, Joseph Salowey <joe@salowey.net>, Sean Turner <sean@sn3rd.com>
Subject: Re: Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Hi Éric,

Thank you for your review. Responses inline and edits in Github (https://github.com/tlswg/tls-subcerts/pull/108/files).


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# Éric Vyncke, INT AD, review of # Éric Vyncke, INT AD, review of
draft-ietf-tls-subcerts-14

Thank you for the work put into this document. It solves a common and important
issue while keeping backward compatibility.

Please find below some non-blocking COMMENT points (but replies would be
appreciated even if only for my own education).

Special thanks to Joe Salowey for the shepherd's write-up including the WG
consensus and the intended status.

I hope that this helps to improve the document,

Regards,

-éric

## COMMENTS

### Section 1

```
   Furthermore, this mechanism allows the server to use modern signature
   algorithms such as Ed25519 [RFC8032] even if their CA does not
   support them.
```
Does it also mean that the signature algorithm could be weaker ?

In theory, TLS 1.3 (and by extension DCs) do not support weak signature schemes.


I found the use of `(D)TLS termination services`, `(D)TLS server`, `(D)TLS
peer` a little confusing on whether they represent the same entity.

I added some text in the introduction to clarify.

### Section 3.2

The small graphic in the text is really useful but:

* should include a figure legend
* the bottom part would be welcome in the introduction

Added

## Section 4.2

Thanks to Sean Turner for providing the explanation about the use of Cloudflare
OID into an IETF standard.

## Section 5.1

Unsure whether having such a short subsection is useful (albeit being harmless)
especially when there is only one subsection.

## Notes

This review is in the ["IETF Comments" Markdown format][ICMF], You can use the
[`ietf-comments` tool][ICT] to automatically convert this review into
individual GitHub issues.

[ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md
[ICT]: https://github.com/mnot/ietf-comments

v2.23.0 | Report a Bug | By Email