IETF Logo Mail Archive

[TLS] Re: Trust Anchor IDs and PQ

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 06 February 2025 01:44 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9B81C1DC7E9 for <tls@ietfa.amsl.com>; Wed, 5 Feb 2025 17:44:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.005
X-Spam-Level:
X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.auckland.ac.nz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHJgJUW_mGUX for <tls@ietfa.amsl.com>; Wed, 5 Feb 2025 17:44:49 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01on2153.outbound.protection.outlook.com [40.107.107.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACCD6C1DC7E0 for <tls@ietf.org>; Wed, 5 Feb 2025 17:44:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XOGSU3JCTWTlHcwSAO/vdRoSnEL9oxkNF1hQA36kheAV4ganY3Nc/ASt4q4wnPuLZAj2FZmj1a3FA5lyHB0k1AH/DHLAoaEgqzG5sMzFOclXZDUGbboTS78NB+HbthRRXjiFXIxgX2U8bdWg3cf5YrZxDpnU1DTPnVSN2ufPl5XaskZkz2rmZtntQICk2s01X2sK6BUU1Igj/0jpm6NbWG1B+b8iPyUoS+n5MI6abChriaPMPDgswvcM1XjFpe/904QMAUk55UEfuQsAhWkbF4oNe3cMoP7NYXj3wLm+flMU/tooZQ4L9bc4oldMRcCADMR4q0p5FRuVNbVscVvu1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=y39BkbrmG+ufjisLVmS6yV/qNxdWjSk/Kd0QPnGRbd0=; b=AmuPwwGIixi5lsPTF8eoeDf6Tj4t54LUMZ9roqKBg7OKr5k7dIrAjHPtvZ9RnLKAKFgjEyaR2yfKfC8V4nX4PY9/zrVoXK11RgDYvu4e9bp0EsRTe5wFNwJUzsEhdZKJ8fH7br8a7PDjSVTpABDrfowz+5CGRIxj5m5Jany2PIIafXULSlVeFxuky+9j2Zhpw0Yw1OqSBxiRiQ1M91vnjhdQ6Z2ceyOG2qp0iI5eWEW9wB2SZOnJ3duFouZcG2CxS4GX8YVVJgGOXRgFWa2kVfx4H7p/rDq35xrxHeLJ+FRfTyUvmCtm5V0R0Rpa7vUyW7SO2zWV3PuzSSpQ46iQPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.auckland.ac.nz; dmarc=pass action=none header.from=cs.auckland.ac.nz; dkim=pass header.d=cs.auckland.ac.nz; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.auckland.ac.nz; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y39BkbrmG+ufjisLVmS6yV/qNxdWjSk/Kd0QPnGRbd0=; b=YEJqkH296XGbeDxWcppFth9iiHwVaqLQLtz0ivLW8ZoBKfawSZvJOZisdCpRBUW+dvkVt0UDJ9gkKHnAMAcc42Ib+fM2W2tZZs+USvVfMM6nQPnz+j/D+Q4WynmLPvXuw9zHwPBITdb7xeI9Q5a9ISNfyaT0+3Hj9DP5D2oPhSZhIYkEb2LW2CC86jFf0blbguvtdzgGq6oYmMk56b07XGolV3hrseZwrK14Mh1rDM7XOY8wSNEp/tOOc40WQNYMipezKKN0SyjfCK86vSL3dh1AWmrK0E57hhpgwNcTKvjvEDpIviAc7lRdGoW47PvEyVNx5o6Im7Y/0/+7nQ1O6Q==
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:229::18) by MEUP300MB0093.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:217::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8422.11; Thu, 6 Feb 2025 01:44:40 +0000
Received: from ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52]) by ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM ([fe80::2b6:430a:4d2a:5c52%7]) with mapi id 15.20.8422.010; Thu, 6 Feb 2025 01:44:40 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Rob Sayre <sayrer@gmail.com>, Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>
Thread-Topic: [TLS] Re: Trust Anchor IDs and PQ
Thread-Index: AQHbdjtTsavjvyDyX0+jBGHOq42BR7M1mWgAgAGXJYCAAKHTgIABsil1
Date: Thu, 06 Feb 2025 01:44:40 +0000
Message-ID: <ME0P300MB0713BFDCE8AEDD5708D6058DEEF62@ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM>
References: <CABcZeBMSp7dkCbC-qePquJfJ3=VB_oeWVpAjEQNKYkQboKByFQ@mail.gmail.com> <CAMjbhoXEizuONXnXS1qWs5c5j20L=1djbnFkTGQWxm_U=X3ong@mail.gmail.com> <2be4e021-e7f9-4550-ac10-55ded0b1af2d@dennis-jackson.uk> <CAMjbhoVVisBge_qdxHQKC58s-GAu6q9kPAsiq5-EEpLN1zCP1g@mail.gmail.com> <CAChr6Sz+xGvbp85fv-99wu943=FnwX6i5HTJGAWYeYQV89x1AQ@mail.gmail.com>
In-Reply-To: <CAChr6Sz+xGvbp85fv-99wu943=FnwX6i5HTJGAWYeYQV89x1AQ@mail.gmail.com>
Accept-Language: en-NZ, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.auckland.ac.nz;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: ME0P300MB0713:EE_|MEUP300MB0093:EE_
x-ms-office365-filtering-correlation-id: ac596afb-652c-4e77-e367-08dd464fd293
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700018;
x-microsoft-antispam-message-info: Ihzp1QFhVlME8phiBM1l7iXG4kXorfkeQtJLKmSgWlpR5xbnUd7G5h6QHEzzYBCnFoqHfIOWHfkjBkW/oJ6eX0pLdoFgxka684OSWx6Xpa7/mI2G9TJdHcqinOZo8UYsnxTz2S9AH7At7aBRNRRQL9Y8b1iXZIK3ptjFfYLymD5sM/ry7GHCskz0KQL/hBq4r5fnk+1QkmyKjP1CzqykbDtkzXb46epbljbj1O37Gxt/AB89rLQ4q9vNgiGnivusAwmBrx3Z+qDBlIh1o6GZoVZNH0Gi9f6hYLROwPz6x+8lz9j5jP4X8wbNEwzsvSdhjvyo0qCZd1T42LvyH12KEHBs9Ka9y3sPUxJ7acDfSbrMrMEfc0HHU53maGpfEVFDG+gCp2peSSrJNDPrP4GwEWoCAvxnaCAUaeWz2YMbwiQbkUi3qwrzS25ntuWDZG65HFnhkPo9HJs9/doMqs2BxjrF5H9+8EoVqamdklk3lTR2e01/jWvHFbnD49o1irvZ8kP2ZlTP0onnxDbS8tJ9J+ZNE3rbbp2BtYx8PHK7mHXQk/ob1yi139V2iciAcbKKQVq6KeNGKNgGXf9Xwrp6Mjru0/+LBNtg3xnLkbZox2Fnf2jBXhAauDACzSTA0hmufH50YJHR1RzhsbjAdQHv29n0+n8qEpP458bnKUK8bwU+JbGoCvDcPD684XuMuIX0w9psYqj6xrGzG/ilASM9x64t3f3W33twIow7pb+JA3bFVCrugkE1e0PB58xuJCzBFeJGf4Lsg5RkiAfIKCx1UqNhrjmMhAkr6+Bj7Yn7n90fDJPPjsIVaiwqQ3heYkvQDff3EmwSpFLYlltJXXuxfBgqDmnnhz6jbhifYWzZ51QBMFXv+EUNu5VZpomngovRoGWT0ydvf4fvtBan4ROkNdVF3/5YGX4CWv5uvU3dS9ZFFeQYN+wM8CH0nCMLkFjYTnsgMxJxuanYJn6w+BmO7wOZBtMkjna3x/nCgp7buNnvZm+fIZ8eZ9FITyE2ITG1oPGEN3QNtTLwX53Qte2DF6AdaHoKulaxIgXSybu8I316c6o0czJC325mdJATgMp6I7IYlN4InRzNYJt/FA7X4tpR5iZ9N4xm6wahH8z0RtZ4z0Hj3EJObb6WbBGW7e9HJLe1VKmXEZptt2gk7/Lk+Yh0FiSQ2+C2z70lrDW9ISU94LPnXa8xo/Lqb08ERTPrMTl53zIjB3f/c5BULu8+U4Li8RrTESuPNHI3DWDU4WNKsQiPRncYz2QAdI1kcAPL5W6tN9D0f4p6GHf1BKSBsG1rrfQkD1oSa43jdr6EtagyUnpqqOjrF1CjUAgmjBgBG3Was++NpaUwAK3YEh4fihQgq7n8vZ8iuNCzVVMrDPaLXLpHovcI85pFu+RcmLm/rKcRZ8MR651GTPukjzvFNQ9SxAUf1qC15bCj3DTkBODuuiCrcG3B5Wn4iWbQG0bi
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NKHqoGT95ANMbM52PMRPfIO13li4134p+2c8js4YXa+iFiZJpc8KnRjXI/PyaW2GENaa+SZIc7ajYEnkEYh1RnZFvE4Ag2Opy2tK70Uqm1A/d1gqk9RmcVr1aIZ4XfRcP1n1kA7D1vgGuOV+hkApiEbeaWQFAwDZwFuAc9uaZf+4IW5ERBu8FrYPOnYvBQouOIqpvPSqynApJasO4dm40FKitIsMSGRLHvSxJhQ5UYA/f4hf3JTJBjFgQxgkcSt6OM2oTd4gs3GPluDnLDC+3bnVNvBhajQt/R15rbJIpMeS1s0wKc7XK8z+JNU6P1Lamb9dWSz3eyI4bDynZY+1ZUxpifWrFrbSbIFfMOXnl7rfqCOUKa6nuMkMzXZGgSNIMgfEcIBlo9zqUcvVoRG5uHcVRinKG8RUcVoT2BPZSxXEk1LNMKCyfeGCcNDSzdu7q5c3OGvq1t0vuzY9nxy2fp7MHlJzFhPxjgts34TzKpQz2d87jvgW4w/QFVwbfn8TyToo+iDonH9Es5SUadZ6c+Aem0wHC6xcbhAzKGGl3mImVgiAoaSzecivmB9m3IKG0Sa3Gv6ovgPfMtThInsE9vj7863GIcCbzWJOt50oMgvt2FkR0sHBlfGQanWF3KGi3yZFFRaTperzxWHfHgwvpLUs/hZndgos+c3lNXAiWq0DYSTjkkYrTRrGiH5v7bnfsrPXfBJ0G5B+bL3/QX0RDQ5H66/JZw80uGCg3SONuC/W3JFBIcyONFVOTdECSlWThoH4d4j0caOY2P1jykocAtMH3R3HFFuSZWR6dca7GAAMmtbnck6nOqnlK0DNcpCaNNSim4I61FjkQIlvloNLK2ZfcTyndK66B4LVqJgBgnFhBSIuz1GXVQbBVU9Em5oayDmlqPh6yDrhlTBH8uGlXzO3EIBoz6IjRYXosIAyvNVOakFnDGu29KVsGjhdH+iJ0Pw23X3TAVJ8GOp+SoHtd76Ar5H0N0hO4fsdlWjew2aei1KVEztaRMag8sfHesz/BWUaM6gu4dLEA6hTXA1EO1BOuluIyCjZXn4QHiIHQz0wTMXzwQRMA2u97+/oN5UGmgb7v4+QDgkzeQMCfn9bYKhGxPhTnO3/qrlUaRk4f24cPA++iSoUdlBjIMdrQO3AFo0+rf2i54UU+3H0XqiNWAqkq2nx5+d7dSssZh2vECWUJwD/Aa2xAadHnWglwwZeDsGGJDySfDubfkC1foOk2g2hBCL0+ZYLufvBg/6ToF5GK6ggaQ+U6jjoIfCwPkPDx12mcIe6Puz/Z/QZocl4FNVihvam3O9/Hc7U7tTZkKR/vZ7/QV8CTqEgSr/TBTgDA2Kk5rvGfAWvJ0vRd2Y1MsraSEiYWWt03ICgJJCM5mTOzrzCkM9fEqNr6Gaga4HQwBJziFtUoQ+YWlFItHthj1O6ygcgERVEWTIgCmXd5XxurMREr9qrVO0pYhBY3Flnt75yVUOTiC5u/O46/1ebxV55HKw1dhh6Q/z+Um3JeE04FHAOeITCBoZkfQcVUgYxP9cdWPXFOY+6XjZpsK95OFvTtjIOjywpTyXhwjrhFHk7QCX9w/WjgtB8CanFJkRQ
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: ac596afb-652c-4e77-e367-08dd464fd293
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2025 01:44:40.5389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qGioPtgdX16gKRjYDS61fWCx+T3XbBmqHbhZy4sIxEnpg8rGFoVDBntHyarrCdfAgG4uOvawvKO9aDodnzqjurvyW9x58TGXH6IuGg8XV1o=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEUP300MB0093
Message-ID-Hash: 6J6D4VCTQBGSANRTQLT4LVW25PUZCPD5
X-Message-ID-Hash: 6J6D4VCTQBGSANRTQLT4LVW25PUZCPD5
X-MailFrom: pgut001@cs.auckland.ac.nz
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Dennis Jackson <ietf=40dennis-jackson.uk@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Trust Anchor IDs and PQ
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/aIfGvQxtA3dPxgwVFGQZMfVh1ZI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Rob Sayre <sayrer@gmail.com> writes:

>Well, the other thing about HSTS is that it's specified to be only "for web
>sites" It is right in the first sentence.
>
>"This specification defines a mechanism enabling web sites..."
>
>I asked about this with regard to ACME, and they told me to get lost. Fine
>(also kind of funny), but we need to be careful about whether we're
>discussing TLS in general, or just web browsers.

Isn't that what 99% of TLS work is targeted at, with an occasional token
acknowledgement of non-web use?  It's the same with HTTP, when HTTP/2 was
being standardised someone asked for a few minor tweaks to allow it to still
function as the universal substrate that HTTP 1.x is and was told "let them
eat HTTP 1.x".  It was an explicit acknowledgement that we're only designing
this for the web, and nothing else matters, or possibly exists.  So there's
always an implicit "this is intended for web use" unless explicitly stated
otherwise in the text.

Peter.

v2.29.0 | Report a Bug | By Email | System Status