[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120

Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 30 July 2024 19:47 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37410C151986 for <tls@ietfa.amsl.com>; Tue, 30 Jul 2024 12:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OKecVPT36Se0 for <tls@ietfa.amsl.com>; Tue, 30 Jul 2024 12:47:14 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2104.outbound.protection.outlook.com [40.107.93.104]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BCBCC14F685 for <tls@ietf.org>; Tue, 30 Jul 2024 12:47:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nfWKb15X0ZM7IJBbixImJvo5vY9x5ybVJ/+3MPgHD56NESQc+q1kQCSmp9arNR42LqFw9HqhpDqwAaTfK7KlxFFDbja0lf8h6Zr8MQwz7sZLqSjAdtzLpPE/tJrseWRrcv9cTi4Hh6NW6PwEClkswqDSzGOORriKloiaCxqj+jSbqsdnCJvSSzw/OVdVWiaeu13ePJ34CCIpDIYNTfi8bM5kK3dewVV0KPo9qZMrWu7SvWWDluOnehTO0ENxsOEdLoyPdjbh33EuGhQB1nHhxAMaxKSt/2ea5BWO/aeaTf9mNqZ5C6icYP9io3LWiEdPKbE/NPiOGSAYkz6CKbg4Iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JPsfwUzC7kErOJuQAgtHRw73gyq1fOlvh5B5Z/8QA3s=; b=JDd1eVQ3pJQWvarrUxcU8JILmkfvan9Ykxjvsmf76i0Segl7dH6/FM4aAb0u/GamcOyzSBqOdmgdXNAMMYJv/0Dc789N2b2sDAYgQijZiXhFbAAvFHwJhy+vQVaVceNOlf3XcbKaQw2SDlwfS6EQbCSaSYOHhn5ussHV4Z6ffr19w8YWXy1hdcik9+2mIk2tSViyInhdInhwZMbC6NjUFL4nXFqfA2aeDElBW18QUhdTvWY87HUd1onZzORaWy/RN9LrTzYWHdmQECAhisGCWpNZklJn7oQC0pqg1Eno4F5cUUOwbPC+JW/tCmuv9zQmqPOnqwW9ovJcrY479DQuRg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JPsfwUzC7kErOJuQAgtHRw73gyq1fOlvh5B5Z/8QA3s=; b=Zk4tDEBX7GoZIccfs3aWY5uytqIhT0vT4NRble7F3kESZlNX90h7kwAlnxAoE2bGmmE5synk15YR+/5nDf55Em56aUXrB+KNodYL0CbBn7XWOWB+S6xXxXbWKHUiJL18onspEuM8IlJbNABJNk/k6FdVPSCPSp9wlvURBiXyP6KxR3aHo8rmiMED6SLwUXXP6MgRqaGyyV8iXcXtuPLgxSghdJlqvMQk2fd4/1xLbZikehie9ZEuiknQX7xNJx8QhDMkajTjoQ+q6h47lBjdkILvGFQjYmtFgE1V88Bz9X4naNzxDKsPerJgUXuSSv9OFZU7xYE18rkfxjyRX2JRlw==
Received: from SN7PR14MB6492.namprd14.prod.outlook.com (2603:10b6:806:328::17) by MW4PR14MB6141.namprd14.prod.outlook.com (2603:10b6:303:22f::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7807.9; Tue, 30 Jul 2024 19:47:11 +0000
Received: from SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::4659:3696:6ad:2630]) by SN7PR14MB6492.namprd14.prod.outlook.com ([fe80::4659:3696:6ad:2630%5]) with mapi id 15.20.7828.016; Tue, 30 Jul 2024 19:47:11 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, TLS List <tls@ietf.org>
Thread-Topic: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Thread-Index: AQHa34s94Eo+d5/ulkumVL4CK3Ufr7IJlfGAgALdtQCAAW3egIAAHokAgAF/mFA=
Date: Tue, 30 Jul 2024 19:47:10 +0000
Message-ID: <SN7PR14MB64922D77E880AF02544F815C83B02@SN7PR14MB6492.namprd14.prod.outlook.com>
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com> <0d0bd7c0-a34d-47e7-84cd-22f25537495e@dennis-jackson.uk> <6114AF6E-6A7E-4CD7-BA19-3B2E25B7F697@akamai.com> <LV8PR21MB4338446115FA314EC48CB77D8CB72@LV8PR21MB4338.namprd21.prod.outlook.com>
In-Reply-To: <LV8PR21MB4338446115FA314EC48CB77D8CB72@LV8PR21MB4338.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=08463b19-1069-40cc-9cb7-761c41f000c4; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-07-29T17:46:45Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN7PR14MB6492:EE_|MW4PR14MB6141:EE_
x-ms-office365-filtering-correlation-id: 2aa1c422-94a2-49e9-6dcb-08dcb0d06729
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|4022899009|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: mnny1Bnuuaw44xFwsY0x7pEC3+35DtWao/E+ZM4V3nOL1ILHyQ5NAb7pA73bWj5eRy90R6bkVZNKzmAsdsDfGzpx1a3X3f0kVDrhOL4lMByh/7cArnPNK6XpcN3qDkZcur/tsOSmmQsMIQ4jO85Ojbbh9r2/WmE4f7B1zVCSaDTmsVelGmthXdXn88qxEF5xuZvl1GJwpGBAeiXA1FiAtIyFxWQCYeW2/YEcfZX+72jkkaE8vmOJeP91K/Q8oBjqyLRlQnBPvN6PeytEx2VNEcjkHzGfGtkUgmJ6VJaNPB19bUwTJlKVwyaa7QLG8p2VIgzpqPcT7JLzEnZNwYHvGm1WJEkN3Nx32BBgYzeJXRDpVxyYNuPolTTCV4SQbh48uRlO0ArHWZgCzD1KBxMroGq/cywIJjnTyY2m9NsZEHLKKLnikJgD+hSCV3+9du9X4VDFlhBlMrnru3VZkI1DFc26+HEcWSamUl43Q6+keyrNXpBtMmG7/OBLaGG9fJeBXJBpRXFs/I99I9Rcz2GUJRUwTe6KBfyKLv6abyvuJhX0RwayJq1c7DIqPUnc0g4JAQ/sX09bQTqj0OqKOgNTr3173pWfH6ORG7fdv6FS0lomkRcSS9UMFkwgbvKNpbWWogsU5FgEOH+2zjkk85UhWf9alC2YdxepAScJqg1gfGbqV9/S9b2SwicA+XrGzgs7gWvdA9Ts/7ojynvLmPaCBALbucirDoMz5YW1osG7wCYe844xJsuLIGfCk/jbGblg8rTvWSkLNxtB72ngIxePd/jQfbOtc78uqDaTddUqZCtxJp4Lh6cxN0DhnIZuJKH9fl9EmERNHwMnNGtIykv5/YEe6WvKKHCXJwWnb45oS5gwJUeG/1AOswbKl0OkJzWEY0Kt7uuNQsbDCgIC/z15wZmqWNP6SdvRbPUpy9h8NJs43cOBlvWzwYeS2bfmv51Q2wSqn2AdalU8cSC05v/0ruv8ZiRU30I9eWw1OvZJshgDAnmmpct8Lpm+zVgLTrV9TJtwX1Rc+t6khvpThYG9JQ22zu3Lb1lKPtVvZt1RsGwDu75uwMMdNgLjaPFVhKYHjBGsPZn1l+lVcM3B96KsA9Tynxv3O2w3hSVzElO9yImTcA8puX10sSrMsyrrMH7ysm8nkP1kv7H9sqvHU9d/HF1JyxmwI6SwHsgysmOTWQpx97KppdybvHosZ5OPwlGQMtKW5JU0SzlqDrxx1yusnOXjGLKQL4sXNCCnZk/JNUqgLitmYBfwf6esO59NbGxGAps6JpHWrycThLeCLlqkiK8xb/jccIU1CkuoQGx4uReOQqtLtAw0XhSI1ZO2jFPSzR4Azgj3+rJFkQ19Os/nTiJSf9CezN0R2imvHOk5Igqgg1L2aRdXyNoilavroVPwMLiAMgfPOCC33il0xOV+8Q==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR14MB6492.namprd14.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(4022899009)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rLUlUOh9eulobwX86mQ4pM0s+ODQ1jUKmQMa/ceNuA0YcTs8b/Fs1nZnp7zptmDCUQDyMT1V3Xns0o8seOtp4xsCdL5ZbAuKSXqeuFmKijs5WfL+qXsdgcbYMoW3NFHBwsaAc2f0q/qmfHD3RgMIW8EL/DMSL/hLhTm35r00qR64mnLRBbjzv26bkR3/WDcg+AcBNGBIro9G2dDKO/q5pLW2VcwwSU3XPBsGvQy+WEYZmM72nPuggxQ1rJD+L6Di286fZAopxuQTQj5NxkuGFw8sFKhvpKKtS9M6FKdLGQbx5ZxyEZlEl3nW+b/koYif5DZmLWcX+ufrH4Ncb9S+gUE4SXu5MvfiEpwBsYrg/vzXD7JaQNfiNsqBS0m/yB0v9CbDiaZAhEqsqcW0zipBgOAG0bXXmPjAg7CQzjx4+FuRxshaHv0zkpOcM+TTD0LoC8mQB4JjtGWIPeRs3dTfg0Ikv3tn67dVzPq7uBajrC9kN7AVZtGihETfCM9UInQ8tdwsN8wjEgItf4lL7lc0A4ujo93GGac+kU2z5gB/QY/uYzm1Wl+CFCh23uXHnEZRwCGjAfuU1bBCFucqYfy+j5nHSpqJLBAd0uDv26xivV5LfSlCEhCJGQu6vrz2C+OWB0LiHqYaEpVlDWJtdApeZT/XHsrwsRNKnYFEUzeq0shBAr7+M3WE1zgx4F5DajLXm/XR7B1zUVYIlfWOF+acH2DcHWlhxRUetlWyOnadR5T+C7FsEdnbYHV0q1oJOCJUQSWiWSLih1P544XH/pGLfmtXJMGOuhUp2eujyMh4t+jByOOLX3T7od5Sr7mSPWRTiZe3kYV8vRODupCZrwEOvycCNMqNMe5ArY8z6CGSMRatJcRG08B8uU/JPKZcIvx1ZkQnyQH1l9FYoMnERcKt9ArlxB3rSACgvVWMQn2u4/gEnTgm4SIu+3VTYltu6m1+TsirvX6YTzCSqCsKMyLseY2eX8yVgwt4XZcXUeTP1V9XicK37yqm5yquoqtDgCkYSqoQzeWIOEmHXEYC+YFxJ5L/UpHPCYbFN/V5QfNLdT1B6HRq2giTT0Xjuh553IF4wm8Q+CTmC7ZOcpVUOncJutOWsc2cnMsOI0ceE0GZUZqBpxT47xFH7gDfBBTAH/RsvDbzvHZbM38w/uDyfRJZD5Cdv5Bq/yg2/vpIo/QFdPEY+bgnmzJQA2NJ3X94jYnpB7WJn43pRdGyg/z755GXQXYyc7OFnHYz6P1yrp/7ZlyrLqGzVDje8F+ZhIRPGcMLD05eTInmGuT3N29vYaQuCDyAv6mFHuC9rzsAYEFDdt62AlhMabdlnTl/DXAYUMq4fGxhc7LcBIoJMuc7DsEd23zzdaU2SIASSxpL9xD82vOxW+cbXQ2nvksVupYAXjauZmXUBd/RkWgs5ADD7P5wLK39LGGY9+Lc+Qj5A0MUi21QHKyOIxRdzj8kIOPDPq6jhj7aMPjfx9NmzU5k961n4G7WcbBoTs9rCSF9VH9qdMhbL1Xww5+Bp/p3w6hviTptdx5S/+loh/v3C4QLJCv0MgNKO7+AGMkExlRmEK2MhCfe2QiZo7yOSGrbjVmtoJDZ
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0473_01DAE27E.B0306810"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN7PR14MB6492.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2aa1c422-94a2-49e9-6dcb-08dcb0d06729
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2024 19:47:11.0125 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GF0/zEHc7CWmuFT/qGabbE2PBbXOc5wVLVdT9PRCNqo4jhUL9UDPr55rOz+wNh6sgY81k74Vv8OkPmN/ZTeMdp/ZOSKWcB50oLqWTU54BaU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR14MB6141
Message-ID-Hash: DDPFGKQPAG6P4NBP7AAIO3W7F72J26WE
X-Message-ID-Hash: DDPFGKQPAG6P4NBP7AAIO3W7F72J26WE
X-MailFrom: tim.hollebeek@digicert.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YI9qD7trbF_hI0P-U9jFQ_dilyk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

I agree with this.

Also, the poll that was done at the TLS session is prone to being 
misunderstood.

There was a poll about a preference between the two drafts, but the question 
of
whether either of the drafts is necessary was skipped. I don't think it's fair 
to do
a presumptive close on that unaddressed question.

Someone asked on the chat, something along the lines of "does anyone other 
than
Chrome want this?"  So the question is out there and deserves an intelligent 
answer.

I happen to be one of the people who perhaps does want something like this, 
but
I want to have a full discussion on where we're going and why, instead of 
prematurely
focusing on any particular draft or solution before we know what problem(s) 
we're
trying to solve.

I realize Google has spilled a lot of electrons on these questions, and I 
think everyone
deserves an appropriate amount of time to digest and think through the complex 
issues
these drafts raise.

And I think and interim to focus on clarifying these important issues would be 
helpful.

-Tim

> -----Original Message-----
> From: Andrei Popov <Andrei.Popov=40microsoft.com@dmarc.ietf.org>
> Sent: Monday, July 29, 2024 1:49 PM
> To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>; Dennis Jackson
> <ietf=40dennis-jackson.uk@dmarc.ietf.org>; TLS List <tls@ietf.org>
> Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
>
> I agree that an interim meeting would be useful. It seems unlikely that we 
> will
> make much progress on the mailing list alone.
>
> Cheers,
>
> Andrei
>
> -----Original Message-----
> From: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
> Sent: Monday, July 29, 2024 9:00 AM
> To: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>; TLS List
> <tls@ietf.org>
> Subject: [EXTERNAL] [TLS]Re: Discussions on Trust Anchor Negotiation at IETF
> 120
>
> >The Trust Anchor Identifiers draft was first published only 4 weeks
> >ago,  received less than 10 minutes of discussion in the meeting
>
> I strongly agree with this. Well, actually, everyone should be able to agree
> with this because it's two factual statements. :)
>
> I think the challenge of having an interim will be that one group will want 
> to
> discuss the details of the proposal, while another group will want to 
> discuss
> the details of the problem we are trying to solve. I hope the chairs will be 
> able
> to make things explicit and keep the discussions on-topic.
>
> If the authors share Sophie's opinion, they could withdraw the Trust
> Expressions draft and just leave Trust Anchors as something to be discussed.
>
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-leave@ietf.org