Re: [TLS] draft-rescorla-tls-subcerts-01
Melinda Shore <melinda.shore@nomountain.net> Mon, 24 April 2017 15:52 UTC
Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A218131744 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 08:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nomountain-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjBc1nlR3yxx for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 08:52:56 -0700 (PDT)
Received: from mail-pg0-x234.google.com (mail-pg0-x234.google.com [IPv6:2607:f8b0:400e:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3643131746 for <tls@ietf.org>; Mon, 24 Apr 2017 08:52:49 -0700 (PDT)
Received: by mail-pg0-x234.google.com with SMTP id g2so14990430pge.3 for <tls@ietf.org>; Mon, 24 Apr 2017 08:52:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomountain-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=EaMAkycvl70h4dIDMYLZZVBEzJaW3OtjKlepDooSSxA=; b=PlCb+VcQ/mVOd73V5qxPZrdzwtRX3H+ymEtxefsIgVYyZJ1GCX3C3PpYLgSjdsCy/2 KEKlbpcv6Zr3++25GZHdckktu4iEdKQIzumcWnM0sgEFg6OSH52VVohDGubjkhXGE8fG boH7iBQ5994ekYistlbHVi1+TrXQpbW3KPjV4AlwGDKx6Gwn8qSs3og1vZKCkWKxrjXH ApvBKkOQYONVgxHxmRaDpSCfYhYese2G+0odS/oczapyCgxBMgc39Vqb0QNhjUXoJjYl t6UwBR8Cr4Vj1GTAR/iqtVHVSzSAfPynkjqWrT4WN/sAYjef3lCmv1nMeaI6Ptq/lcjD jeFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=EaMAkycvl70h4dIDMYLZZVBEzJaW3OtjKlepDooSSxA=; b=IM42pZKYxyR5kKPF1X5D3PJlJGUU5aIdwuS1qOd1a0d3g6ela6TLrtAiLhi4AHFhzy riixoK4x9i3sezlMGWA3Lk6u7eEnSvSLNOlx+g8NaHXt2qZQbKrk1otFs0/Ga6GikvAV sc3lsUh3I5XRQKbYhZZ8Ut6VLAP0HqFN+yyZLgBHA1uoD7fY1Vi6wmUXqmriVnNcuhnw mWRUvi7tp0KjHsSqGh0d3Rq7oJtSbyQKa/0hlbOxliJedl69OTU9Aq1d8nXy1wUmr9Bd zVBvyYys/1fmedyQPa+An1RfDxzsOYO/TPWRb1iJDBGLEZp3flvXSvNZnarhHHhq1yQL CKhg==
X-Gm-Message-State: AN3rC/65e6kDeH4MdXZKIYjMpiFTc2MHRbwmp3PGMINm//ukTHgLu3WW a7LJfv6o3oMnIAZYH40=
X-Received: by 10.98.57.146 with SMTP id u18mr26191641pfj.9.1493049169274; Mon, 24 Apr 2017 08:52:49 -0700 (PDT)
Received: from Melindas-MacBook-Pro.local (63-140-90-74-radius.dynamic.acsalaska.net. [63.140.90.74]) by smtp.gmail.com with ESMTPSA id 66sm31717562pfg.14.2017.04.24.08.52.48 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Apr 2017 08:52:48 -0700 (PDT)
To: tls@ietf.org
References: <bea3cb60-fdfc-950f-f628-90eb87ed42ef@gmx.net> <20170421104857.GA20822@LK-Perkele-V2.elisa-laajakaista.fi> <c2a45dce-4c58-295f-3e16-335a424bc4c5@gmx.net>
From: Melinda Shore <melinda.shore@nomountain.net>
Message-ID: <ece25cec-986f-f359-6527-4273e895dafa@nomountain.net>
Date: Mon, 24 Apr 2017 07:52:46 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <c2a45dce-4c58-295f-3e16-335a424bc4c5@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="MsUSBJlPW7rWPlqcLRtdNNxBbRmbSHrNP"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Iyrt3OvvO3vPgtbq6zIUUyEnSk4>
Subject: Re: [TLS] draft-rescorla-tls-subcerts-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 15:52:57 -0000
On 4/24/17 7:39 AM, Hannes Tschofenig wrote: >> There is enormous amount of red tape obtaining intermediates, even >> technically constrained ones. And as consequence, it is enormously >> expensive (through not nearly as expensive as public CA). > In essence you are doing this through the extension as well just using a > different format. In some sense the proposal is about having a trusted issuer who's not included in public trust stores, which is a reasonable goal (there's a fantastic amount of work, including external audits, in having your intermediate included in browser trust stores, etc.). We haven't had a good delegation story since, like, ever, but now there's a somewhat compelling use case (CDNs) that needs attention and will benefit from a solution. Melinda
- Re: [TLS] draft-rescorla-tls-subcerts-01 Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] draft-rescorla-tls-subcerts-01 Ilari Liusvaara
- [TLS] draft-rescorla-tls-subcerts-01 Hannes Tschofenig
- Re: [TLS] draft-rescorla-tls-subcerts-01 Salz, Rich
- Re: [TLS] draft-rescorla-tls-subcerts-01 Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] draft-rescorla-tls-subcerts-01 Ilari Liusvaara
- Re: [TLS] draft-rescorla-tls-subcerts-01 Salz, Rich
- Re: [TLS] draft-rescorla-tls-subcerts-01 Melinda Shore
- Re: [TLS] draft-rescorla-tls-subcerts-01 Hannes Tschofenig
- Re: [TLS] draft-rescorla-tls-subcerts-01 Fossati, Thomas (Nokia - GB/Cambridge, UK)