[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 30 July 2024 19:47 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37410C151986 for <tls@ietfa.amsl.com>; Tue, 30 Jul 2024 12:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OKecVPT36Se0 for <tls@ietfa.amsl.com>; Tue, 30 Jul 2024 12:47:14 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2104.outbound.protection.outlook.com [40.107.93.104]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCBCC14F685 for <tls@ietf.org>; Tue, 30 Jul 2024 12:47:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nfWKb15X0ZM7IJBbixImJvo5vY9x5ybVJ/+3MPgHD56NESQc+q1kQCSmp9arNR42LqFw9HqhpDqwAaTfK7KlxFFDbja0lf8h6Zr8MQwz7sZLqSjAdtzLpPE/tJrseWRrcv9cTi4Hh6NW6PwEClkswqDSzGOORriKloiaCxqj+jSbqsdnCJvSSzw/OVdVWiaeu13ePJ34CCIpDIYNTfi8bM5kK3dewVV0KPo9qZMrWu7SvWWDluOnehTO0ENxsOEdLoyPdjbh33EuGhQB1nHhxAMaxKSt/2ea5BWO/aeaTf9mNqZ5C6icYP9io3LWiEdPKbE/NPiOGSAYkz6CKbg4Iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JPsfwUzC7kErOJuQAgtHRw73gyq1fOlvh5B5Z/8QA3s=; b=JDd1eVQ3pJQWvarrUxcU8JILmkfvan9Ykxjvsmf76i0Segl7dH6/FM4aAb0u/GamcOyzSBqOdmgdXNAMMYJv/0Dc789N2b2sDAYgQijZiXhFbAAvFHwJhy+vQVaVceNOlf3XcbKaQw2SDlwfS6EQbCSaSYOHhn5ussHV4Z6ffr19w8YWXy1hdcik9+2mIk2tSViyInhdInhwZMbC6NjUFL4nXFqfA2aeDElBW18QUhdTvWY87HUd1onZzORaWy/RN9LrTzYWHdmQECAhisGCWpNZklJn7oQC0pqg1Eno4F5cUUOwbPC+JW/tCmuv9zQmqPOnqwW9ovJcrY479DQuRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JPsfwUzC7kErOJuQAgtHRw73gyq1fOlvh5B5Z/8QA3s=; b=Zk4tDEBX7GoZIccfs3aWY5uytqIhT0vT4NRble7F3kESZlNX90h7kwAlnxAoE2bGmmE5synk15YR+/5nDf55Em56aUXrB+KNodYL0CbBn7XWOWB+S6xXxXbWKHUiJL18onspEuM8IlJbNABJNk/k6FdVPSCPSp9wlvURBiXyP6KxR3aHo8rmiMED6SLwUXXP6MgRqaGyyV8iXcXtuPLgxSghdJlqvMQk2fd4/1xLbZikehie9ZEuiknQX7xNJx8QhDMkajTjoQ+q6h47lBjdkILvGFQjYmtFgE1V88Bz9X4naNzxDKsPerJgUXuSSv9OFZU7xYE18rkfxjyRX2JRlw==
Received: from SN7PR14MB6492.namprd14.prod.outlook.com (2603:10b6:806:328::17) by MW4PR14MB6141.namprd14.prod.outlook.com (2603:10b6:303:22f::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7807.9; Tue, 30 Jul 2024 19:47:11 +0000
Received: from SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::4659:3696:6ad:2630]) by SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::4659:3696:6ad:2630%5]) with mapi id 15.20.7828.016; Tue, 30 Jul 2024 19:47:11 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, TLS List <tls@ietf.org>
Thread-Topic: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Thread-Index: AQHa34s94Eo+d5/ulkumVL4CK3Ufr7IJlfGAgALdtQCAAW3egIAAHokAgAF/mFA=
Date: Tue, 30 Jul 2024 19:47:10 +0000
Message-ID: <SN7PR14MB64922D77E880AF02544F815C83B02@SN7PR14MB6492.namprd14.prod.outlook.com>
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com> <0d0bd7c0-a34d-47e7-84cd-22f25537495e@dennis-jackson.uk> <6114AF6E-6A7E-4CD7-BA19-3B2E25B7F697@akamai.com> <LV8PR21MB4338446115FA314EC48CB77D8CB72@LV8PR21MB4338.namprd21.prod.outlook.com>
In-Reply-To: <LV8PR21MB4338446115FA314EC48CB77D8CB72@LV8PR21MB4338.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=08463b19-1069-40cc-9cb7-761c41f000c4; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-07-29T17:46:45Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN7PR14MB6492:EE_|MW4PR14MB6141:EE_
x-ms-office365-filtering-correlation-id: 2aa1c422-94a2-49e9-6dcb-08dcb0d06729
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|4022899009|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: mnny1Bnuuaw44xFwsY0x7pEC3+35DtWao/E+ZM4V3nOL1ILHyQ5NAb7pA73bWj5eRy90R6bkVZNKzmAsdsDfGzpx1a3X3f0kVDrhOL4lMByh/7cArnPNK6XpcN3qDkZcur/tsOSmmQsMIQ4jO85Ojbbh9r2/WmE4f7B1zVCSaDTmsVelGmthXdXn88qxEF5xuZvl1GJwpGBAeiXA1FiAtIyFxWQCYeW2/YEcfZX+72jkkaE8vmOJeP91K/Q8oBjqyLRlQnBPvN6PeytEx2VNEcjkHzGfGtkUgmJ6VJaNPB19bUwTJlKVwyaa7QLG8p2VIgzpqPcT7JLzEnZNwYHvGm1WJEkN3Nx32BBgYzeJXRDpVxyYNuPolTTCV4SQbh48uRlO0ArHWZgCzD1KBxMroGq/cywIJjnTyY2m9NsZEHLKKLnikJgD+hSCV3+9du9X4VDFlhBlMrnru3VZkI1DFc26+HEcWSamUl43Q6+keyrNXpBtMmG7/OBLaGG9fJeBXJBpRXFs/I99I9Rcz2GUJRUwTe6KBfyKLv6abyvuJhX0RwayJq1c7DIqPUnc0g4JAQ/sX09bQTqj0OqKOgNTr3173pWfH6ORG7fdv6FS0lomkRcSS9UMFkwgbvKNpbWWogsU5FgEOH+2zjkk85UhWf9alC2YdxepAScJqg1gfGbqV9/S9b2SwicA+XrGzgs7gWvdA9Ts/7ojynvLmPaCBALbucirDoMz5YW1osG7wCYe844xJsuLIGfCk/jbGblg8rTvWSkLNxtB72ngIxePd/jQfbOtc78uqDaTddUqZCtxJp4Lh6cxN0DhnIZuJKH9fl9EmERNHwMnNGtIykv5/YEe6WvKKHCXJwWnb45oS5gwJUeG/1AOswbKl0OkJzWEY0Kt7uuNQsbDCgIC/z15wZmqWNP6SdvRbPUpy9h8NJs43cOBlvWzwYeS2bfmv51Q2wSqn2AdalU8cSC05v/0ruv8ZiRU30I9eWw1OvZJshgDAnmmpct8Lpm+zVgLTrV9TJtwX1Rc+t6khvpThYG9JQ22zu3Lb1lKPtVvZt1RsGwDu75uwMMdNgLjaPFVhKYHjBGsPZn1l+lVcM3B96KsA9Tynxv3O2w3hSVzElO9yImTcA8puX10sSrMsyrrMH7ysm8nkP1kv7H9sqvHU9d/HF1JyxmwI6SwHsgysmOTWQpx97KppdybvHosZ5OPwlGQMtKW5JU0SzlqDrxx1yusnOXjGLKQL4sXNCCnZk/JNUqgLitmYBfwf6esO59NbGxGAps6JpHWrycThLeCLlqkiK8xb/jccIU1CkuoQGx4uReOQqtLtAw0XhSI1ZO2jFPSzR4Azgj3+rJFkQ19Os/nTiJSf9CezN0R2imvHOk5Igqgg1L2aRdXyNoilavroVPwMLiAMgfPOCC33il0xOV+8Q==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR14MB6492.namprd14.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(4022899009)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rLUlUOh9eulobwX86mQ4pM0s+ODQ1jUKmQMa/ceNuA0YcTs8b/Fs1nZnp7zptmDCUQDyMT1V3Xns0o8seOtp4xsCdL5ZbAuKSXqeuFmKijs5WfL+qXsdgcbYMoW3NFHBwsaAc2f0q/qmfHD3RgMIW8EL/DMSL/hLhTm35r00qR64mnLRBbjzv26bkR3/WDcg+AcBNGBIro9G2dDKO/q5pLW2VcwwSU3XPBsGvQy+WEYZmM72nPuggxQ1rJD+L6Di286fZAopxuQTQj5NxkuGFw8sFKhvpKKtS9M6FKdLGQbx5ZxyEZlEl3nW+b/koYif5DZmLWcX+ufrH4Ncb9S+gUE4SXu5MvfiEpwBsYrg/vzXD7JaQNfiNsqBS0m/yB0v9CbDiaZAhEqsqcW0zipBgOAG0bXXmPjAg7CQzjx4+FuRxshaHv0zkpOcM+TTD0LoC8mQB4JjtGWIPeRs3dTfg0Ikv3tn67dVzPq7uBajrC9kN7AVZtGihETfCM9UInQ8tdwsN8wjEgItf4lL7lc0A4ujo93GGac+kU2z5gB/QY/uYzm1Wl+CFCh23uXHnEZRwCGjAfuU1bBCFucqYfy+j5nHSpqJLBAd0uDv26xivV5LfSlCEhCJGQu6vrz2C+OWB0LiHqYaEpVlDWJtdApeZT/XHsrwsRNKnYFEUzeq0shBAr7+M3WE1zgx4F5DajLXm/XR7B1zUVYIlfWOF+acH2DcHWlhxRUetlWyOnadR5T+C7FsEdnbYHV0q1oJOCJUQSWiWSLih1P544XH/pGLfmtXJMGOuhUp2eujyMh4t+jByOOLX3T7od5Sr7mSPWRTiZe3kYV8vRODupCZrwEOvycCNMqNMe5ArY8z6CGSMRatJcRG08B8uU/JPKZcIvx1ZkQnyQH1l9FYoMnERcKt9ArlxB3rSACgvVWMQn2u4/gEnTgm4SIu+3VTYltu6m1+TsirvX6YTzCSqCsKMyLseY2eX8yVgwt4XZcXUeTP1V9XicK37yqm5yquoqtDgCkYSqoQzeWIOEmHXEYC+YFxJ5L/UpHPCYbFN/V5QfNLdT1B6HRq2giTT0Xjuh553IF4wm8Q+CTmC7ZOcpVUOncJutOWsc2cnMsOI0ceE0GZUZqBpxT47xFH7gDfBBTAH/RsvDbzvHZbM38w/uDyfRJZD5Cdv5Bq/yg2/vpIo/QFdPEY+bgnmzJQA2NJ3X94jYnpB7WJn43pRdGyg/z755GXQXYyc7OFnHYz6P1yrp/7ZlyrLqGzVDje8F+ZhIRPGcMLD05eTInmGuT3N29vYaQuCDyAv6mFHuC9rzsAYEFDdt62AlhMabdlnTl/DXAYUMq4fGxhc7LcBIoJMuc7DsEd23zzdaU2SIASSxpL9xD82vOxW+cbXQ2nvksVupYAXjauZmXUBd/RkWgs5ADD7P5wLK39LGGY9+Lc+Qj5A0MUi21QHKyOIxRdzj8kIOPDPq6jhj7aMPjfx9NmzU5k961n4G7WcbBoTs9rCSF9VH9qdMhbL1Xww5+Bp/p3w6hviTptdx5S/+loh/v3C4QLJCv0MgNKO7+AGMkExlRmEK2MhCfe2QiZo7yOSGrbjVmtoJDZ
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0473_01DAE27E.B0306810"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN7PR14MB6492.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2aa1c422-94a2-49e9-6dcb-08dcb0d06729
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2024 19:47:11.0125 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GF0/zEHc7CWmuFT/qGabbE2PBbXOc5wVLVdT9PRCNqo4jhUL9UDPr55rOz+wNh6sgY81k74Vv8OkPmN/ZTeMdp/ZOSKWcB50oLqWTU54BaU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR14MB6141
Message-ID-Hash: DDPFGKQPAG6P4NBP7AAIO3W7F72J26WE
X-Message-ID-Hash: DDPFGKQPAG6P4NBP7AAIO3W7F72J26WE
X-MailFrom: tim.hollebeek@digicert.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YI9qD7trbF_hI0P-U9jFQ_dilyk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
I agree with this. Also, the poll that was done at the TLS session is prone to being misunderstood. There was a poll about a preference between the two drafts, but the question of whether either of the drafts is necessary was skipped. I don't think it's fair to do a presumptive close on that unaddressed question. Someone asked on the chat, something along the lines of "does anyone other than Chrome want this?" So the question is out there and deserves an intelligent answer. I happen to be one of the people who perhaps does want something like this, but I want to have a full discussion on where we're going and why, instead of prematurely focusing on any particular draft or solution before we know what problem(s) we're trying to solve. I realize Google has spilled a lot of electrons on these questions, and I think everyone deserves an appropriate amount of time to digest and think through the complex issues these drafts raise. And I think and interim to focus on clarifying these important issues would be helpful. -Tim > -----Original Message----- > From: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org> > Sent: Monday, July 29, 2024 1:49 PM > To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>; Dennis Jackson > <ietf=40dennis-jackson.uk@dmarc.ietf.org>; TLS List <tls@ietf.org> > Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120 > > I agree that an interim meeting would be useful. It seems unlikely that we > will > make much progress on the mailing list alone. > > Cheers, > > Andrei > > -----Original Message----- > From: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> > Sent: Monday, July 29, 2024 9:00 AM > To: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>; TLS List > <tls@ietf.org> > Subject: [EXTERNAL] [TLS]Re: Discussions on Trust Anchor Negotiation at IETF > 120 > > >The Trust Anchor Identifiers draft was first published only 4 weeks > >ago, received less than 10 minutes of discussion in the meeting > > I strongly agree with this. Well, actually, everyone should be able to agree > with this because it's two factual statements. :) > > I think the challenge of having an interim will be that one group will want > to > discuss the details of the proposal, while another group will want to > discuss > the details of the problem we are trying to solve. I hope the chairs will be > able > to make things explicit and keep the discussions on-topic. > > If the authors share Sophie's opinion, they could withdraw the Trust > Expressions draft and just leave Trust Anchors as something to be discussed. > > > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS]Discussions on Trust Anchor Negotiation at I… Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Sophie Schmieg
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ryan Hurst
- [TLS]Re: Discussions on Trust Anchor Negotiation … Watson Ladd
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Salz, Rich
- [TLS]Re: Discussions on Trust Anchor Negotiation … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Eric Rescorla
- [TLS]Re: [EXTERNAL] Re: Re: Discussions on Trust … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara