IETF Logo Mail Archive

Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts

Sean Turner <sean@sn3rd.com> Thu, 18 May 2017 22:58 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ECDA12EB9A for <tls@ietfa.amsl.com>; Thu, 18 May 2017 15:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Su98n8JBkZVi for <tls@ietfa.amsl.com>; Thu, 18 May 2017 15:58:44 -0700 (PDT)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6870E1294CE for <tls@ietf.org>; Thu, 18 May 2017 15:53:31 -0700 (PDT)
Received: by mail-qk0-x22f.google.com with SMTP id k74so48806426qke.1 for <tls@ietf.org>; Thu, 18 May 2017 15:53:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=v49H+JODZiTVVLX6dcv5QyZDC+YwvnC1YyUNUw0FmWQ=; b=J4DWq9BDilzFVochjwG26lxg/M8BwuWw5Q1TZORc0Nf7vjIOGK5kDVQopX3CGjYVKp ELSrNkvE1K+7lfOWft82Tbab5+7coUHTjVPoU9hSkntWQ4tEfW+L5eRMs4IEiLSmyUyH RZYWxQF5eUBjePvZ8mAmeLs2B4KxtapK/ObFk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=v49H+JODZiTVVLX6dcv5QyZDC+YwvnC1YyUNUw0FmWQ=; b=NyCu070uqy66GfMFFg+lEv8vhOKjaYc2iUJCEDDpEPqm6PhaIIVa/SAUGIpLP9KIPP CzSqaFo4XD5S27z0ptPhBLoigo7YTPzbpsJRR2+4Eoc/6U/7R0aTGiNPRJvg8YPG6bmE 5dj8kmufZKoPkZkvZviIUgtdCl64ESw98uwM8L+UVRC7ryy333JIOeV3eAh9QV/a1H1q DLYhni9dwB4v0jLfMwplQ/nPQBqMVLUbKlnvN2Z/43ZJTZaPWJR0B3KeKWIisI9ne1Mb X5FpR/ljwh5nqJi+j71J9+V5tEx6DS4c62gpYazaVJB/2Q9wu9k3X+BUKCMTGHujv7nO HaIw==
X-Gm-Message-State: AODbwcCQTAPRn8NKLCgP1r1kL18gnjSwZIRcOQ5DPvQBDwa8a+fMhwyI HDT6ftjh1u9i1TIC
X-Received: by 10.55.129.195 with SMTP id c186mr2487849qkd.255.1495148010651; Thu, 18 May 2017 15:53:30 -0700 (PDT)
Received: from [172.16.0.18] ([96.231.219.90]) by smtp.gmail.com with ESMTPSA id x44sm4653457qtc.68.2017.05.18.15.53.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 May 2017 15:53:29 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com>
Date: Thu, 18 May 2017 18:53:28 -0400
Cc: lurk@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0956863E-7D11-47A7-BD67-5D9DB3A3574A@sn3rd.com>
References: <601C7C89-F149-4E97-A474-C128041925EA@sn3rd.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/dtpozAnQ-3i_Vpn2bTqhdJ8ulnU>
Subject: Re: [TLS] WG Call for adoption of draft-rescorla-tls-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2017 22:58:45 -0000

All,

During the WG call for adoption, a couple of questions were raised about comparison/analysis of sub-certs versus proxy and/or short-lived certificates.  There is some discussion currently in the draft, but the chairs feel that these issues need further discussion (and elaboration in the draft) prior to WG adoption.  So let’s keep the conversation going.

J&S

> On Apr 12, 2017, at 15:31, Sean Turner <sean@sn3rd.com> wrote:
> 
> All,
> 
> At our IETF 98 session, there was support in the room to adopt draft-rescorla-tls-subcerts [0].  We need to confirm this support on the list so please let the list know whether you support adoption of the draft and are willing to review/comment on the draft before 20170429.  If you object to its adoption, please let us know why.
> 
> Clearly, the WG is going to need to work through the trade-offs between short-lived certificates and sub-certs because both seem, to some, to be addressing the same problem. 
> 
> Cheers,
> 
> J&S
> 
> [0] https://datatracker.ietf.org/doc/html/draft-rescorla-tls-subcerts

v2.23.0 | Report a Bug | By Email