From nobody Thu Aug 20 09:01:33 2020
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id ECE013A085A
 for <tls@ietfa.amsl.com>; Thu, 20 Aug 2020 09:01:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level: 
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001,
 SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FmJUsz-Hxw4K for <tls@ietfa.amsl.com>;
 Thu, 20 Aug 2020 09:01:30 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 535FC3A082E
 for <tls@ietf.org>; Thu, 20 Aug 2020 09:01:19 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by mail.smeinc.net (Postfix) with ESMTP id A17BE300B50
 for <tls@ietf.org>; Thu, 20 Aug 2020 12:01:16 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1])
 by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 8F1FiWyi5DIB for <tls@ietf.org>;
 Thu, 20 Aug 2020 12:01:14 -0400 (EDT)
Received: from a860b60074bd.fios-router.home
 (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153])
 by mail.smeinc.net (Postfix) with ESMTPSA id 49BD4300670;
 Thu, 20 Aug 2020 12:01:14 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <EC4F759B-715F-4C98-B15D-BA6FCED70DDC@vigilsec.com>
Content-Type: multipart/alternative;
 boundary="Apple-Mail=_E48E77CC-EB56-431C-970B-CC5168929B04"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
Date: Thu, 20 Aug 2020 12:01:15 -0400
In-Reply-To: <CAFDDyk8xNp7YbSJSNhNuxcbf7r8XFt_Lds8XnW7X63pqEVNgyA@mail.gmail.com>
Cc: IETF TLS <tls@ietf.org>
To: Nick Sullivan <nick@cloudflare.com>
References: <A2E098AE-6ACE-4999-ADF2-5C1211E70CCB@akamai.com>
 <FC3B9E6E-7F14-4585-97F0-845A049AD001@vigilsec.com>
 <CAFDDyk8xNp7YbSJSNhNuxcbf7r8XFt_Lds8XnW7X63pqEVNgyA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/T0KUr6HiKuZ933rfTx6AqByQKJ8>
Subject: Re: [TLS] comments on draft-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
 group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
 <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
 <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 16:01:32 -0000


--Apple-Mail=_E48E77CC-EB56-431C-970B-CC5168929B04
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

There are many RFCs that use the PEM encoding to provide example =
certificates:
     -----BEGIN CERTIFICATE-----
     -----END CERTIFICATE-----

Others use the output of dumpasn1 from Peter Gutmann.

Either one would be fine with me.

Russ

> On Aug 19, 2020, at 10:32 PM, Nick Sullivan <nick@cloudflare.com> =
wrote:
>=20
> Thank you Russ and Rich for your comments,
>=20
> I've attempted to address the comments here: =
https://github.com/tlswg/tls-subcerts/pull/80 =
<https://github.com/tlswg/tls-subcerts/pull/80>, save for the one about =
the example extension.
>=20
> Russ, which format do you think would be most useful for the =
extension? I'm having a hard time finding another extension to model =
this after.
>=20
> On Fri, Aug 14, 2020 at 10:00 AM Russ Housley <housley@vigilsec.com =
<mailto:housley@vigilsec.com>> wrote:
> I have two comments:
>=20
> 1) The OID assignment for the ASN.1 module was assigned already by =
IANA.  Please fill it in.
>=20
> 2) I think it would be very helpful to have an example of the =
extension in an Appendix.  There was discussion on the list about it, =
and an error was found in the proposed example, which proves the need =
for an example.
>=20
> Russ
>=20
> _______________________________________________
> TLS mailing list
> TLS@ietf.org <mailto:TLS@ietf.org>
> https://www.ietf.org/mailman/listinfo/tls =
<https://www.ietf.org/mailman/listinfo/tls>


--Apple-Mail=_E48E77CC-EB56-431C-970B-CC5168929B04
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">There=
 are many RFCs that use the PEM encoding to provide example =
certificates:<div class=3D""><div style=3D"margin: 0px; font-stretch: =
normal; font-size: 11px; line-height: normal; font-family: Menlo;" =
class=3D""><span style=3D"font-variant-ligatures: no-common-ligatures" =
class=3D"">&nbsp; &nbsp; &nbsp;-----BEGIN =
CERTIFICATE-----</span></div><div style=3D"margin: 0px; font-stretch: =
normal; font-size: 11px; line-height: normal; font-family: Menlo;" =
class=3D""><span style=3D"font-variant-ligatures: no-common-ligatures" =
class=3D"">&nbsp;&nbsp; &nbsp; -----END =
CERTIFICATE-----</span></div><div><br class=3D""></div><div>Others use =
the output of dumpasn1 from Peter Gutmann.</div><div><br =
class=3D""></div><div>Either one would be fine with me.</div><div><br =
class=3D""></div><div>Russ</div><div><br class=3D""></div><div><blockquote=
 type=3D"cite" class=3D""><div class=3D"">On Aug 19, 2020, at 10:32 PM, =
Nick Sullivan &lt;<a href=3D"mailto:nick@cloudflare.com" =
class=3D"">nick@cloudflare.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div dir=3D"ltr" =
class=3D""><div dir=3D"ltr" class=3D"">Thank you Russ and Rich for =
your&nbsp;comments,<div class=3D""><br class=3D""></div><div =
class=3D"">I've attempted to address the comments here:&nbsp;<a =
href=3D"https://github.com/tlswg/tls-subcerts/pull/80" =
class=3D"">https://github.com/tlswg/tls-subcerts/pull/80</a>, save for =
the one about the example extension.</div><div class=3D""><br =
class=3D""></div><div class=3D"">Russ, which format do you think would =
be most useful for the extension? I'm having a hard time finding another =
extension to model this after.</div></div><br class=3D""><div =
class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Aug =
14, 2020 at 10:00 AM Russ Housley &lt;<a =
href=3D"mailto:housley@vigilsec.com" =
class=3D"">housley@vigilsec.com</a>&gt; wrote:<br =
class=3D""></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I =
have two comments:<br class=3D"">
<br class=3D"">
1) The OID assignment for the ASN.1 module was assigned already by =
IANA.&nbsp; Please fill it in.<br class=3D"">
<br class=3D"">
2) I think it would be very helpful to have an example of the extension =
in an Appendix.&nbsp; There was discussion on the list about it, and an =
error was found in the proposed example, which proves the need for an =
example.<br class=3D"">
<br class=3D"">
Russ<br class=3D"">
<br class=3D"">
_______________________________________________<br class=3D"">
TLS mailing list<br class=3D"">
<a href=3D"mailto:TLS@ietf.org" target=3D"_blank" =
class=3D"">TLS@ietf.org</a><br class=3D"">
<a href=3D"https://www.ietf.org/mailman/listinfo/tls" rel=3D"noreferrer" =
target=3D"_blank" =
class=3D"">https://www.ietf.org/mailman/listinfo/tls</a><br class=3D"">
</blockquote></div></div>
</div></blockquote></div><br class=3D""></div></body></html>=

--Apple-Mail=_E48E77CC-EB56-431C-970B-CC5168929B04--