[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120

Dennis Jackson <ietf@dennis-jackson.uk> Mon, 29 July 2024 14:18 UTC

Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2BAC14F5F4 for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 07:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TNJGsv2aGCD for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 07:18:29 -0700 (PDT)
Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [80.241.56.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6217C14F5EE for <tls@ietf.org>; Mon, 29 Jul 2024 07:18:28 -0700 (PDT)
Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4WX4Bc0PGgz9tWL for <tls@ietf.org>; Sun, 28 Jul 2024 16:49:12 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1722178152; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FTmu0tmUk7iDS2m9Zsu4Grr5CCcmwA5v1hMiTFZOtj4=; b=m883c2jJEO8rAh7VeoJXhrjCEC8IthkW+3MAmv8qXtrpe703Vcnb5nQ+BLoTOc6xALf8Ex lzDQs8QO7W9FUJNnPHA0pI/SzTzhYqh5smJ+KRgeezqnalJgdeKQ85qoDprVJmOk8CBMin 9HozB4mH4SMLDoigllPK3H22CEZQv0v7FSTuf94f1vRRp+bg6bn7R/+aKDfW6g+Xs3Ms7b qwxYjhjYbhfdhpzSfhp1G+DzhHGLL/FoVd8UPxyjyAEqI5PsrwERDbW+MTUO/wXQPzfBA/ aKukVmRAPdrJElqIU8E8v3yJqzoTTjQ4aHQKIgiERoCmJq4ZILbLpvVIpLSFAw==
Message-ID: <3bc7197e-e830-4a7f-92b3-5d15cd44b6b3@dennis-jackson.uk>
MIME-Version: 1.0
From: Dennis Jackson <ietf@dennis-jackson.uk>
To: TLS List <tls@ietf.org>
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: YTPROD6VGBQGDOJD646O3R2RU3LPM2OV
X-Message-ID-Hash: YTPROD6VGBQGDOJD646O3R2RU3LPM2OV
X-MailFrom: ietf@dennis-jackson.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XvHLipYfl4l7LaMihsiHQv9WQ2U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Mon, 29 Jul 2024 14:18:33 -0000
X-Original-Date: Sun, 28 Jul 2024 15:49:10 +0100

On 26/07/2024 15:24, Sophie Schmieg wrote:

> I don't think trust anchor negotiation needs a lot more discussion, 
> over what has happened already. All in all, I think it's a good 
> mechanism that is fairly well defined and it's not clear to me how it 
> would benefit from an interim.

The Trust Anchor Identifiers draft was first published only 4 weeks ago, 
received less than 10 minutes of discussion in the meeting and has a lot 
of unaddressed issues.

We would have had more time to discuss these issues if the author's 
presentation had focused on their new draft, rather than splitting the 
limited time with Trust Expressions, which I think we already knew was 
not going to be a viable option.

Many participants in the meeting expressed a preference for an interim 
so I would be surprised if there was a rough consensus for adoption. 
Especially as the concerns are fundamental to the design rather than 
about issues which could be addressed later.

However, I'm sure the chairs will be gauging the mood based on their own 
conversations with WG participants and deciding accordingly.

> PQ TLS on the other hand has a lot of open questions about things like 
> different variants of Merkle Tree Certificates that I would love to 
> flesh out further.

I completely agree, though I think the first task will be getting a 
shared understanding of the challenges and requirements, but I'm excited 
to talk about the different variants of MTC as well.

Best,
Dennis

N.B. I had to re-type this message. I"m not sure if the original is 
going to show up on the list or not.