Re: [TLS] comments on draft-subcerts
Russ Housley <housley@vigilsec.com> Thu, 20 August 2020 16:01 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECE013A085A for <tls@ietfa.amsl.com>; Thu, 20 Aug 2020 09:01:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmJUsz-Hxw4K for <tls@ietfa.amsl.com>; Thu, 20 Aug 2020 09:01:30 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 535FC3A082E for <tls@ietf.org>; Thu, 20 Aug 2020 09:01:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A17BE300B50 for <tls@ietf.org>; Thu, 20 Aug 2020 12:01:16 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 8F1FiWyi5DIB for <tls@ietf.org>; Thu, 20 Aug 2020 12:01:14 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 49BD4300670; Thu, 20 Aug 2020 12:01:14 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <EC4F759B-715F-4C98-B15D-BA6FCED70DDC@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E48E77CC-EB56-431C-970B-CC5168929B04"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
Date: Thu, 20 Aug 2020 12:01:15 -0400
In-Reply-To: <CAFDDyk8xNp7YbSJSNhNuxcbf7r8XFt_Lds8XnW7X63pqEVNgyA@mail.gmail.com>
Cc: IETF TLS <tls@ietf.org>
To: Nick Sullivan <nick@cloudflare.com>
References: <A2E098AE-6ACE-4999-ADF2-5C1211E70CCB@akamai.com> <FC3B9E6E-7F14-4585-97F0-845A049AD001@vigilsec.com> <CAFDDyk8xNp7YbSJSNhNuxcbf7r8XFt_Lds8XnW7X63pqEVNgyA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T0KUr6HiKuZ933rfTx6AqByQKJ8>
Subject: Re: [TLS] comments on draft-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 16:01:32 -0000
There are many RFCs that use the PEM encoding to provide example certificates:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Others use the output of dumpasn1 from Peter Gutmann.
Either one would be fine with me.
Russ
> On Aug 19, 2020, at 10:32 PM, Nick Sullivan <nick@cloudflare.com> wrote:
>
> Thank you Russ and Rich for your comments,
>
> I've attempted to address the comments here: https://github.com/tlswg/tls-subcerts/pull/80 <https://github.com/tlswg/tls-subcerts/pull/80>, save for the one about the example extension.
>
> Russ, which format do you think would be most useful for the extension? I'm having a hard time finding another extension to model this after.
>
> On Fri, Aug 14, 2020 at 10:00 AM Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> I have two comments:
>
> 1) The OID assignment for the ASN.1 module was assigned already by IANA. Please fill it in.
>
> 2) I think it would be very helpful to have an example of the extension in an Appendix. There was discussion on the list about it, and an error was found in the proposed example, which proves the need for an example.
>
> Russ
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls <https://www.ietf.org/mailman/listinfo/tls>
- Re: [TLS] comments on draft-subcerts Russ Housley
- [TLS] comments on draft-subcerts Salz, Rich
- Re: [TLS] comments on draft-subcerts Salz, Rich
- Re: [TLS] comments on draft-subcerts Watson Ladd
- Re: [TLS] comments on draft-subcerts Russ Housley
- Re: [TLS] comments on draft-subcerts Russ Housley
- Re: [TLS] comments on draft-subcerts Nick Sullivan
- Re: [TLS] comments on draft-subcerts Salz, Rich
- Re: [TLS] comments on draft-subcerts Russ Housley
- Re: [TLS] comments on draft-subcerts Salz, Rich
- Re: [TLS] comments on draft-subcerts Russ Housley
- Re: [TLS] comments on draft-subcerts Nick Sullivan