Re: [TLS] [EXTERNAL] Re: Adoption call for TLS Flag - Request mTLS

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 03 April 2024 12:07 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0967BC151531 for <tls@ietfa.amsl.com>; Wed, 3 Apr 2024 05:07:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.177
X-Spam-Level:
X-Spam-Status: No, score=-2.177 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.08, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nh6L6DzMkQAi for <tls@ietfa.amsl.com>; Wed, 3 Apr 2024 05:07:20 -0700 (PDT)
Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11020002.outbound.protection.outlook.com [52.101.193.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28441C15152E for <tls@ietf.org>; Wed, 3 Apr 2024 05:07:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j/7Pkzsw7M6LmERRG/3BnQTZMYtC1ORxC9v3kmIeMgp1uv4XrSC0EHsGeN9gmXOArSrZv30XOJY1nMTDZeCx7lcqPbmHJ87R23mC9xz+89ZwKmXXMOWuVCWtbd2CAtLTFPzqHwFWnKz8Lagpk1DA4Jx4AI0JuZ0xsIZQQbH+gDdMevGQgEHlexiuO7jDX7bMy8WQ5MzCXMPeVkp+2ria18ersaPEBf3Bu/bRAwe7hAXoV5a0WeNhMIj5pkQiSlH3gQbDAzE2/0HQbZlMrpF7jsdmo2/keJMCveB6A8BKa+QjVd2TeE4M+SovEU8q1o2339YP0nULeYE/9QpdsBHDHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oH1NwhjUwbIvUpQ233WZLNzOln0nqqNWECwhD1AeyoQ=; b=UywWsQIxalK8J2aDRTceF/I4i8ECKlQ3fxaz0Br5LmbyFsiOmc48O2Y/xyLPEJhn8mF3ssPhwR/+kKeuTyrg5xr9QmOdcutXbKTQx/t57dC//Rc5ckoOGl6RKDIzhmGs8i3/4U1/nBqHU0d44rlvF3/18v1PlcicqlaoP0TJX2yutMlUB2Tn2CHYXxqWZlSh5Z/em9dHDh93uoxJIHwDdSIakpVPIAGA90elg9hchi8/NtPDX9zSCKxZRfEJrBchTToMP/x9H2+OUuYhH6UNecWd+VMw4NUWK1oLJv/iqSKDfO2WYls+AdAQzBIIz7FzTpVEHI963M9lmFCy7iiopQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oH1NwhjUwbIvUpQ233WZLNzOln0nqqNWECwhD1AeyoQ=; b=G65BvQSW9jZg6y6VfsS1Ki4PlSPOXzhHxv15P0xU2J8GhgCLNqZ94N5jPp5R9kzYieWW4NeQeomo+4uH5TQdkeATyCzaJ4neElHbe+xFXZF2DuZQvuzg+VRT6oKuZggNAYhT41Hzffq7XLpuUhP05LjevdX7cJLQtaspSeXIytc=
Received: from MW2PR2101MB1083.namprd21.prod.outlook.com (2603:10b6:302:a::24) by PH0PR21MB1909.namprd21.prod.outlook.com (2603:10b6:510:1a::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.9; Wed, 3 Apr 2024 12:07:17 +0000
Received: from MW2PR2101MB1083.namprd21.prod.outlook.com ([fe80::320e:8d15:c9cc:a872]) by MW2PR2101MB1083.namprd21.prod.outlook.com ([fe80::320e:8d15:c9cc:a872%5]) with mapi id 15.20.7472.007; Wed, 3 Apr 2024 12:07:16 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Watson Ladd <watsonbladd@gmail.com>, Eric Rescorla <ekr@rtfm.com>
CC: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
Thread-Topic: [EXTERNAL] Re: [TLS] Adoption call for TLS Flag - Request mTLS
Thread-Index: AQHahThCht4T9FfjrUe/mnQndh/zI7FVq44AgABb0ICAAGl5gA==
Date: Wed, 03 Apr 2024 12:07:16 +0000
Message-ID: <MW2PR2101MB1083FC742531255E548BDA9E8C3D2@MW2PR2101MB1083.namprd21.prod.outlook.com>
References: <8957179A-14D2-4947-B196-B68988B0E3CA@sn3rd.com> <CAG2Zi20wUSFMFUiySQMoM08hpvLY3eLe_F8sWDG+F7T7=E0SOw@mail.gmail.com> <CABcZeBPgmrDo37sRpRos6pFkeoG6QjMGeLhYkpXCHsEw7GCtYQ@mail.gmail.com> <CACsn0cmP9_2zufm0dmgkQJkpwn=b7Y2cZ13N_zDfhggLYunMRQ@mail.gmail.com>
In-Reply-To: <CACsn0cmP9_2zufm0dmgkQJkpwn=b7Y2cZ13N_zDfhggLYunMRQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=8c89fbf0-31de-461f-afce-aa9b28357293; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-04-03T11:54:10Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW2PR2101MB1083:EE_|PH0PR21MB1909:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OdWO2OivBN/xeE++oA0ErZGTe/29HmuIdMMNkV9e+RrqnjGEFkcuvV9TboONFZTfWyzedx5qm5Skrd37lRjzn1pvHeW1+HnyuGRa85CkW58fdNP/k44UE/zBaD8qVdNClcnSSE6IO/1Mf5POGpKrBulNUI42oyiYHvn6IwgpdEOO3EpnpRijfHoZJOP7lEz1mmVvhJTcj1G1wsBnQ8WR8RMxUe8LEzvPRN71QthzjsCD7nIrq7RnsydpBVT8NDAk6qdyGR7IWqfSa8i6/93v6xNxPGQBRyS75HZlp8LWFDPkrxgiAE5Fa2UNQgAepDLFH8+8jTCUlDc4HFp+Q3srzljnq0GkvbFPJYrC1CI0YQJ878ZVF/htHxdhmB3aB4HPUJydbYKLEqWveEd45nKsq9PDKjszYfoLYN5nIsyvIFVHDrxpXvH5pTPJtupIX7KlD2EJT/TVibPtHpeNT6pOnD/3jfogmvIlRK3ZyiHMKyNJBTvv9SoTA84oHeYeiBTtsw4ssPiL3UbSPQi+mP6DelGNb22/FmAVuMnxSwWXuZXurtxvYCsA9UsieEQSr/7gx1cCFliOyN6IPSk66+GA+mm1uLVA1zp6Uak5M6AmAWU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR2101MB1083.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iK8m2/8CUfNOhb40SicRim99FM35t0uExwPO5y+3VsuW3BCZLhWKk9iPQmmG277rtlnQmzHM5T9dv5xeOEl+q79HjFRyD5vTPnov6vDKBxDx1adFcjD7z5cqiAYV/8ZfHnYTccz8AqXRNH9DIs9H/qu6MZAnw98Gyun6yjewMJ17gsWwjViy/q8ucHKsksJ5knDzmTyBkhLz+wCKHCHrE9Ukmhu4VZx9DPacIGUss836rNvkO1AJXhiyzqHCLxYRMSx0+JrvF9yejbRoVDC0P2rk5bI8BU0tAjCjFuwnQObYUFzd+xJTVw0EAA/rapWsyr982XLI/ibEcX2LnvPDuZi/e+6MwN5Ihp2pbibSc7SW5LpxaBCAZo1RAEhUEujulvlL+/WVwOHlGUH9qQBAqETzVhsXqzzuDrhrC43NoIgGCqGCi4+KFZZ7Z9JC6LUHhez2iG0c+ubkBnumLj1D+qfGg0zcIGr2bqKV5Uv1e1up/xlKQZGJxFpexz2D8YjhCc7dRHk+V0CZesBlZeiareMXXjyY9O9H/2Xl/1J9SSShVZ6BFASX03DYFqlfTXUyYr+PPqlvlOO3cd/x1BOAN7w7EfPw160ij1Z+JyzihzBiyj3HyuBI7zykdSqToKGorByAECA8Q5+TqVeee3GhFmdrFyfxz32eYE8jyIG+SfaiE59Q4kC5ePIP/Rl7taLg7lgVro7znuVurbg5jMaM+B89u3hJQPVw+a09m4vhEzXTAkTOQRzkaHYdtYdM3/aaDZ1naeENq1jdnu5IPinbK78eUHp3+TX4LJOOIrqmlkNfab0EXHg/GVhpjbvCD/I21U9M+PneEoi84eFoY+ofXlJOUfm74+b0tNnOx9XXRjRslDI1oKaJGzp+gItS8HpHo0msAT0wao9t8xAl6s6Qc7+VaEA05pAGF9P+c6Q3cgVgJKbb5Azak56nzVTbzDvrnJmqk2xhKje0VAgVCG2lNAXN5IzfX6bPhrXzYrGsfkba5Ku+cIlJv6XwvRR5Z1CmenuH1HH7TjN/2Y0E5+OiRJx7HBxFHS9Y+VUJXjQ/xHQwGlWq5x4zalgy7klwCp3V7s+/rGYZS7YArtIU7Xr1QCIIpsh2yC/TTtILwSBEn9rKhSivlfnHofEl0gOZZA6+uKICIUol8w4GwWGCzrOkU0lmw+PtDdpc4lBrxufVXuvl+dqqxChi0LFcmyYG/xIldb+xFvrII+JAo7hbAD4sbUzPiQdjSXAoYNwOLBAtG1+qc3dCH5VbYhhhH1WNIWE9itJ2hLl7NZFB/HvOiwaqcEsQJpqqd45nlLzJ7xA3rr04eQ6zZQLypoyLms/u7NrUzRizrW4o5VZ/pJdhziAU4DYVsfmWxykulKXRBAcY5vyR/XTAtqD9bQkxiMrHduKc2cmaltiCPW2RaFf92CqrPGlS3QdFMnEnfrvwI0SkasNlxEn1+98JctgCSLzxOsyMVyxrfq3aVLw9h66COa/OxbqoGpZM6CS+VWhhZrPwdbL7sxFCiwAmYZjyCJScEe+UStJ0ErDiO9m/HuRze+YjlCuxrW1va1aYwMRbmdKYvRNYVqxID3v5pcRA7bUJrvzq
Content-Type: multipart/alternative; boundary="_000_MW2PR2101MB1083FC742531255E548BDA9E8C3D2MW2PR2101MB1083_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW2PR2101MB1083.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 04cde8be-ec98-4790-68f8-08dc53d69ab7
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2024 12:07:16.3379 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +1zoD4sg8UkwVug7/ebS7/+jHot4EbmLg6dV4k0QUgfLOljpQEuBJttl9almZ64AmqLwE+//jG1L279MQecEpg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR21MB1909
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/X8X038YSfB0bvcl4Ht1JRiiVbUc>
Subject: Re: [TLS] [EXTERNAL] Re: Adoption call for TLS Flag - Request mTLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 12:07:24 -0000

  *   Well, don't we want to say how this is supposed to work somewhere? I doubt this will take much time.
The authors may want to, but could this be an independent submission, rather than WG item? It seems that the real goal here is to enable a specific scenario between a cloud provider and a search engine… Furthermore, it appears that the authors recommend against general-purpose TLS stacks implementing this:

  *   Recommended shall be set to no (N)

Cheers,

Andrei

From: TLS <tls-bounces@ietf.org> On Behalf Of Watson Ladd
Sent: Tuesday, April 2, 2024 10:37 PM
To: Eric Rescorla <ekr@rtfm.com>
Cc: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>; TLS List <tls@ietf.org>
Subject: [EXTERNAL] Re: [TLS] Adoption call for TLS Flag - Request mTLS


On Tue, Apr 2, 2024, 5:08 PM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
Adoption should not be required to register a code point [0], as the policy is Specification Required.

I'm mildly negative on adopting this document. What is the reason we need to spend WG time on this, rather than just having a code point assignment?

Well, don't we want to say how this is supposed to work somewhere? I doubt this will take much time.

-Ekr

[0] As an aside the IANA considerations of draft-ietf-tls-tlsflags-13 should clearly have
a policy which matches 8447 S 7, which is to say that an I-D is sufficient.


On Tue, Apr 2, 2024 at 12:59 PM Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org<mailto:40cloudflare.com@dmarc.ietf.org>> wrote:
I'd like to see this problem solved. There was some discussion about whether an I-D is needed or all we needed was to register a code point somewhere. If most agree that an I-D is needed, then let's adopt it. I'm happy to review.

Chris P.

On Tue, Apr 2, 2024 at 12:22 PM Sean Turner <sean@sn3rd.com<mailto:sean@sn3rd.com>> wrote:
At the IETF 119 TLS session there was some interest in the mTLS Flag I-D (https://datatracker.ietf.org/doc/draft-jhoyla-req-mtls-flag/) also, see previous list discussions at [0]. This message is to judge consensus on whether there is sufficient support to adopt this I-D.  If you support adoption and are willing to review and contribute text, please send a message to the list.  If you do not support adoption of this I-D, please send a message to the list and indicate why.  This call will close on 16 April 2024.

Thanks,
Deirdre, Joe, and Sean

[0] https://mailarchive.ietf.org/arch/msg/tls/9e2S95H9YgtHp5HhqdlNqmQP0_w/
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls