Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.txt
Russ Housley <housley@vigilsec.com> Mon, 01 February 2021 15:36 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AD1D3A123D for <tls@ietfa.amsl.com>; Mon, 1 Feb 2021 07:36:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cD1gjNMx1cyL for <tls@ietfa.amsl.com>; Mon, 1 Feb 2021 07:36:55 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 350823A123C for <tls@ietf.org>; Mon, 1 Feb 2021 07:36:55 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9E994300B5D for <tls@ietf.org>; Mon, 1 Feb 2021 10:36:52 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MB2D9WoPOp18 for <tls@ietf.org>; Mon, 1 Feb 2021 10:36:50 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id AE6D2300B03; Mon, 1 Feb 2021 10:36:50 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <B812F7AC-8E59-406E-9A54-A3EACFCD4F8D@sn3rd.com>
Date: Mon, 01 Feb 2021 10:36:51 -0500
Cc: IETF TLS <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1F0F901-8761-4C4E-BBC4-A6242A689E8F@vigilsec.com>
References: <161152940146.13632.832237048620145771@ietfa.amsl.com> <DCAE7E47-90AF-4729-B5D1-949ADBBF2B39@vigilsec.com> <B812F7AC-8E59-406E-9A54-A3EACFCD4F8D@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HwYWifaMjyhS1d_Bw854C_8Omlk>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 15:36:59 -0000
Works for me. > On Jan 31, 2021, at 11:58 PM, Sean Turner <sean@sn3rd.com> wrote: > > Do you think this would be clearer: > > The maximum validity period is set to 7 days unless > an application profile standard specifies a shorter > period. > > spt > >> On Jan 25, 2021, at 11:14, Russ Housley <housley@vigilsec.com> wrote: >> >> I have reviewed the recent update, and I notice one inconsistency. >> >> Section 2 says: >> >> In the absence of an application profile standard >> specifying otherwise, the maximum validity period is set to 7 days. >> >> Section 4.1.3 says: >> >> 1. Validate that DelegatedCredential.cred.valid_time is no more than >> 7 days. >> >> I think that Section 2 is trying to say that an application profile can make it even shorter than 7 days, but on my first reading I got the opposite. >> >> Russ >> >> >>> On Jan 24, 2021, at 6:03 PM, internet-drafts@ietf.org wrote: >>> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts directories. >>> This draft is a work item of the Transport Layer Security WG of the IETF. >>> >>> Title : Delegated Credentials for TLS >>> Authors : Richard Barnes >>> Subodh Iyengar >>> Nick Sullivan >>> Eric Rescorla >>> Filename : draft-ietf-tls-subcerts-10.txt >>> Pages : 19 >>> Date : 2021-01-24 >>> >>> Abstract: >>> The organizational separation between the operator of a TLS endpoint >>> and the certification authority can create limitations. For example, >>> the lifetime of certificates, how they may be used, and the >>> algorithms they support are ultimately determined by the >>> certification authority. This document describes a mechanism by >>> which operators may delegate their own credentials for use in TLS, >>> without breaking compatibility with peers that do not support this >>> specification. >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ >>> >>> There are also htmlized versions available at: >>> https://tools.ietf.org/html/draft-ietf-tls-subcerts-10 >>> https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-10 >>> >>> A diff from the previous version is available at: >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-10 >>> >>> >>> Please note that it may take a couple of minutes from the time of submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >
- [TLS] I-D Action: draft-ietf-tls-subcerts-10.txt internet-drafts
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Russ Housley
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Sean Turner
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Daniel Migault
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Russ Housley
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Michael Richardson
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Sean Turner
- Re: [TLS] I-D Action: draft-ietf-tls-subcerts-10.… Joseph Birr-Pixton