[TLS] draft-ietf-tls-trust-anchor-ids-00
David Benjamin <davidben@chromium.org> Fri, 28 February 2025 22:06 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B30F6424C7F for <tls@mail2.ietf.org>; Fri, 28 Feb 2025 14:06:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -9.94
X-Spam-Level:
X-Spam-Status: No, score=-9.94 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.442, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B_xCzD02Twc7 for <tls@mail2.ietf.org>; Fri, 28 Feb 2025 14:06:12 -0800 (PST)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 69A9A424C65 for <tls@ietf.org>; Fri, 28 Feb 2025 14:06:12 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5e04861e7a6so4302800a12.1 for <tls@ietf.org>; Fri, 28 Feb 2025 14:06:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740780370; x=1741385170; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=Yywi2KVRXQAM9TRDrDViYjRkxV/MxsUAE9AacVsdpGE=; b=CZgwOV+AMG/hA30f4WjKpw4lg7LPsf9wVYGu4+1Nu9M1D1qI5SOAheMkcUZclFL+FJ /Uup+HBvJaP0GSOUHA3Z078H1ANRlZ+TZzNWmuDEMhsB88b1y1MmbWbrQG3RdbfBSmmn Klx0JAB5NM7w6OvFRXCi7A/QDHJX5lpn9+mS0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740780370; x=1741385170; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Yywi2KVRXQAM9TRDrDViYjRkxV/MxsUAE9AacVsdpGE=; b=CQpP3gklcJ+y/Ev/0pgF5KFlVfrKEuQ7xcKUZGuP8HbNZWwx2DySZcj9LfiwkO9gPQ 9/ztnBb4lEv4uIrh7uFwL4wZwcTJ4NaudJsqBtJoSoE03dt56FmPoAoxRNhRVVW/DAhk bQZOYYXkIdfLsHDtdZZh3es9iOY4i1lnauB/uSnhBVt5XqTEjohO8Dny1ScVeXKENGo5 hFwweg1imejZpFgL8xI8Ryb32U93Xrv5bfRAO9ASg9Bmdjfxy+6RKm1+pDq3e7vZ0ffW zYypdjSrak5aaPiXELArJWBCcKHjGyC/CtsTZvseZO5fYrIpGidIa0R67/mURRzXAcLE pp4w==
X-Gm-Message-State: AOJu0YyvusSItgwYbchbDqYXBZVRuhtgTUly+6fVbNA8J36JKA0rmyMq PMbbLsJj3CYPAhFTeHX0KwGW9+swPWC4oBBCdaN+QS1hZ36qeY6yNDwbPa0ZX2L5aiJbUeLzMAC QbKKywr37Prgen9SBirKUVP3I9p9rJ1XKlqE6/p2WKiR8QVr7D8A=
X-Gm-Gg: ASbGncscbI7XvaKcOnupyGqQWPLU5bWhPo39Zw2loHc4bCcACgx97fHC8lnACfJmQGk Hq8vVAfD7NjH9D1xWn86FY0fBL4WNN3fgubLkL02jfJwuhTjy8XffMFYffhzbRy93bAU0nbwUDR EzHXGJMw==
X-Google-Smtp-Source: AGHT+IFDAV0apeRDbLXcBKk1defaUq1nJNl2PZTZsnpvCzcgkXW2/3mMRUBNSMhNLCWe+nwwcopJKIRcljcW5qND39Y=
X-Received: by 2002:a17:907:7f93:b0:abe:cee1:27a5 with SMTP id a640c23a62f3a-abf26822606mr593300066b.35.1740780369908; Fri, 28 Feb 2025 14:06:09 -0800 (PST)
MIME-Version: 1.0
From: David Benjamin <davidben@chromium.org>
Date: Fri, 28 Feb 2025 17:05:53 -0500
X-Gm-Features: AQ5f1JqqtDbKbrykJb8549k5cDgYW3Z2qZKBdaDRG_WoblcrFR06vjPXp9M9dZ0
Message-ID: <CAF8qwaBsPSLM+ydCWx1wHEaDHwX34E4Oef8_w5cUshMrb51dxg@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000095126b062f3b0364"
Message-ID-Hash: AGZ2Q44VNB3N7LQR2IM7FYSVJM7AS5PS
X-Message-ID-Hash: AGZ2Q44VNB3N7LQR2IM7FYSVJM7AS5PS
X-MailFrom: davidben@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] draft-ietf-tls-trust-anchor-ids-00
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VWhEFjQrmeB75soI_QvApCL0KOA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Hi all, We recently published draft-ietf-tls-trust-anchor-ids-00: URL: https://www.ietf.org/archive/id/draft-ietf-tls-trust-anchor-ids-00.txt Status: https://datatracker.ietf.org/doc/draft-ietf-tls-trust-anchor-ids/ HTML: https://www.ietf.org/archive/id/draft-ietf-tls-trust-anchor-ids-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-tls-trust-anchor-ids Other than the name change, it's the same as draft-beck-tls-trust-anchor-ids-03, which we discussed recently. The repository has also moved to https://github.com/tlswg/tls-trust-anchor-ids with some shuffling[1,2] since it used to be the home of a predecessor design as well. Hopefully we haven't missed anything[3]! Bangkok is soon, so we don't have a whole lot for you right now, but we've been pondering how best to iterate on the starting point here. To that end, we're thinking: - Where the document doesn't do a great job of describing the initial starting design, we'll go ahead and make editorial fixes (e.g. https://github.com/tlswg/tls-trust-anchor-ids/issues/92) as reviewed PRs and whatnot. - Beyond that, we've been collecting points of interest from the various discussions. Nothing coherent yet (been a busy week), but I've requested some time at Bangkok to try to present and go over things. In the work leading up to draft-00, we made a lot of educated guesses on tradeoffs, and I'm particularly eager to reexamine those guesses with a broader perspective. - (Your thoughts here!) Finally, some of us are looking at some initial prototyping. As the current design touches several entities in the ecosystem, it seems valuable to get some experience early, to help guide this work. To that end, we've started a table of initial trust anchor ID allocations in the repository. (As with all other work at this stage in this WG, this is all for initial prototyping, to be replaced with wherever things settle. Perhaps we'll decide to use a different ID allocation scheme, or something else entirely. But this seemed a coherent enough place to start gathering experience for the WG, and I'd rather have information like initial IDs somewhere broadly accessible.) David [1] https://github.com/tlswg/tls-trust-anchor-ids/pull/93 [2] https://github.com/tlswg/tls-trust-anchor-ids/pull/94 [3] I noticed the draft isn't marked as replacing draft-beck-tls-trust-anchor-ids in the datatracker. I think that's something only the chairs can fix? Chairs, do you all mind pushing that button? Thanks!
- [TLS] Re: draft-ietf-tls-trust-anchor-ids-00 Luke T2
- [TLS] draft-ietf-tls-trust-anchor-ids-00 David Benjamin
- [TLS] Re: draft-ietf-tls-trust-anchor-ids-00 David Benjamin