[TLS] ASN.1 in draft-ietf-tls-trust-anchor-ids
Russ Housley <housley@vigilsec.com> Mon, 12 May 2025 20:45 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 794DD27BC431; Mon, 12 May 2025 13:45:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H8ZshZDvuzDv; Mon, 12 May 2025 13:45:01 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 007EC27BC424; Mon, 12 May 2025 13:45:01 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id C7B771A2BAD; Mon, 12 May 2025 16:45:00 -0400 (EDT)
Received: from smtpclient.apple (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 9F80B1A2E1C; Mon, 12 May 2025 16:45:00 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\))
Message-Id: <02C4002B-5DEF-4FAB-AF1A-496AF83D746F@vigilsec.com>
Date: Mon, 12 May 2025 16:44:50 -0400
To: draft-ietf-tls-trust-anchor-ids@ietf.org
X-Mailer: Apple Mail (2.3826.500.181.1.5)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=from:content-type:content-transfer-encoding:mime-version:subject:message-id:date:cc:to; s=pair-202402141609; bh=X1YtU7GRMND/00FbxIJOeLsyggKSv77T5bsMbf9Vt5Q=; b=qDcW4qRs7OvNWs2+uyDfGpK18wAcc0cKdkvDrohtL9wyTh9DHn109iF+NSM05EiK66QLjE4ChnnobAkY5bW52+QziWefZh9P0XxkErDgviMlVJcZMyAwXnvHelm8mlDmMXbGeytVuMky16sPhvDd8QORWgQbJ0gCj5JxXPL9fTVntYolpPp/e+vkIzVnIdgcjXsW+q7ZHDQKNCKoN+uKp6dJF/VZAL8Sn9dgN5tYekA1pOutE7oXkrI6dQ8DDWNfegzgOGdmIR/6GxcHZGjlYpUzt3IYbWE79yRdxxmC/ycz4qta29n72UU6Er6nFg8PiHN3I8JYCAR1E0ba8RgtYA==
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Message-ID-Hash: SZHHU5CHKKMB5YI4D755BAFDVG5WMO4B
X-Message-ID-Hash: SZHHU5CHKKMB5YI4D755BAFDVG5WMO4B
X-MailFrom: housley@vigilsec.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF TLS <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] ASN.1 in draft-ietf-tls-trust-anchor-ids
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MYIiD9oqLVET_uOQCVJBed13QYE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Please include a full ASN.1 module in the document that follows the RFC 5912 conventions for defining extensions. I have attached it.
I have assumed that the module identifier and the OID for the extension will be assigned from thr PKIX registries.
Russ
= = = = = = =
<CODE BEGINS>
TrustAnchorIdentifiers-2025
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-TrustAnchorIdentifiers-2025(TBD1) }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
IMPORTS
EXTENSION
FROM PKIX-CommonTypes-2009 -- From [RFC5912]
{ iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-mod-pkixCommon-02(57) };
-- Trust Anchor Identifiers Certificate Extension
ext-TrustAnchorIdentifiers EXTENSION ::= {
SYNTAX TrustAnchorIdentifier
IDENTIFIED BY id-pe-trustAnchorIdentifier }
id-pe-trustAnchorIdentifier OBJECT IDENTIFIER ::= { TBD2 }
TrustAnchorIdentifier ::= RELATIVE-OID
END
<CODE ENDS>
- [TLS] Re: ASN.1 in draft-ietf-tls-trust-anchor-ids Russ Housley
- [TLS] ASN.1 in draft-ietf-tls-trust-anchor-ids Russ Housley
- [TLS] Re: ASN.1 in draft-ietf-tls-trust-anchor-ids David Benjamin
- [TLS] Re: ASN.1 in draft-ietf-tls-trust-anchor-ids David Benjamin