[TLS] Re: Adoption Call for Trust Anchor IDs
Bob Beck <beck@obtuse.com> Wed, 15 January 2025 16:25 UTC
Return-Path: <beck@obtuse.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7C55C15199D for <tls@ietfa.amsl.com>; Wed, 15 Jan 2025 08:25:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.83
X-Spam-Level:
X-Spam-Status: No, score=0.83 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HELO_DYNAMIC_IPADDR=1.951, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=obtuse.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6YepVeJl3-4b for <tls@ietfa.amsl.com>; Wed, 15 Jan 2025 08:25:27 -0800 (PST)
Received: from h198-166-139-10.ptr.cidc.telus.com (h198-166-139-10.ptr.cidc.telus.com [198.166.139.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5304C151072 for <tls@ietf.org>; Wed, 15 Jan 2025 08:25:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=obtuse.com; s=20200401; t=1736958325; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eeHp0xl1laKN6WA7EzyHL0Ff4ixUMt/6YmvdbI+9z1E=; b=YDh/mGK+CXHuhoHgVrdm3jtjrdzcXL7o9jTGemMCBQ+N+mc3GVidUqGI3AhILAv4kVPdiP a5Q1TucbG5avMG74QOZKrXcvWjBQwZt4j87IgT8WJllTlq7WNwcYp4JZn4OxrCuoiuUy03 uvo7I7fqckOhEfGphAw2rJtUGPSI2Tg=
Received: from smtpclient.apple (<unknown> [192.168.20.3]) by mail.obtuse.com (OpenSMTPD) with ESMTPSA id 1aaf5b1c (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 15 Jan 2025 09:25:25 -0700 (MST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\))
From: Bob Beck <beck@obtuse.com>
In-Reply-To: <CAOgPGoDHaHXAcpXjtzoA7U-T7B0LoqxSxXsbp7-Rq+gF3shj7Q@mail.gmail.com>
Date: Wed, 15 Jan 2025 09:25:15 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <107CBABF-3B65-4F0D-8FD3-53736F31EE85@obtuse.com>
References: <CAOgPGoDHaHXAcpXjtzoA7U-T7B0LoqxSxXsbp7-Rq+gF3shj7Q@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3776.700.51.11.1)
Message-ID-Hash: AUQUBPBLCDGXDTGCIUJOLA45QWUA3L47
X-Message-ID-Hash: AUQUBPBLCDGXDTGCIUJOLA45QWUA3L47
X-MailFrom: beck@obtuse.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bob Beck <beck@obtuse.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Adoption Call for Trust Anchor IDs
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/eIBBY_12j-xiRJU2BUovc8T7oQk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Rather obviously, I support adoption. I believe TAI is a good starting point for a practical solution for the problem we agreed was a useful thing to solve at the interim. > On Jan 15, 2025, at 8:59 AM, Joseph Salowey <joe@salowey.net> wrote: > > At the trust tussle Interim in October we had consensus that the working group was interested in working on the following problem: > > “Avoid client trust conflicts by enabling servers to reliably and efficiently support clients with diverse trust anchor lists, particularly in larger PKIs where the existing certificate_authorities extension is not viable” > > After IETF 121, we asked for submissions for possible working group adoption as a starting point for this work. We received two submissions: > > [1] Trust Anchor Identifiers, draft-beck-tls-trust-anchor-ids-03 > [2] Trust is non-negotiable, draft-jackson-tls-trust-is-nonnegotiable-00 > > [1] defines a new protocol mechanism, while [2] provides an explanation of why the mechanism in [1] may not be needed and may be problematic. Since the second draft does not define a protocol mechanism we are not considering it for adoption, but we request that working group members review both documents and use [2] as input into determining whether we should adopt [1] as a working group item. Adoption as a working group item means the working group has change control over and can modify it as necessary; an adopted document is only a starting point. Please respond to this thread if you think the document should be adopted as a working group item. If you think the document is not appropriate for adoption please indicate why. This adoption call will close on February 7, 2025. Also please remember to maintain professional behavior and keep the discussion focused on technical issues. > > Thanks, > > Sean, Deirdre and Joe > _______________________________________________ > TLS mailing list -- tls@ietf.org > To unsubscribe send an email to tls-leave@ietf.org
- [TLS] Adoption Call for Trust Anchor IDs Joseph Salowey
- [TLS] Re: Adoption Call for Trust Anchor IDs David Benjamin
- [TLS] Re: Adoption Call for Trust Anchor IDs Bob Beck
- [TLS] Re: Adoption Call for Trust Anchor IDs Andrew Chen
- [TLS] Re: Adoption Call for Trust Anchor IDs Ryan Hurst
- [TLS] Re: Adoption Call for Trust Anchor IDs Brendan McMillion
- [TLS] Re: Adoption Call for Trust Anchor IDs Robert Relyea
- [TLS] Re: Adoption Call for Trust Anchor IDs Loganaden Velvindron
- [TLS] Re: Adoption Call for Trust Anchor IDs Martin Thomson
- [TLS] Re: Adoption Call for Trust Anchor IDs David Adrian
- [TLS] Re: Adoption Call for Trust Anchor IDs Watson Ladd
- [TLS] Re: Adoption Call for Trust Anchor IDs Mike Shaver
- [TLS] Re: Adoption Call for Trust Anchor IDs Stephen Farrell
- [TLS] Re: Adoption Call for Trust Anchor IDs Thom Wiggers
- [TLS] Re: Adoption Call for Trust Anchor IDs Bas Westerbaan
- [TLS] Re: Adoption Call for Trust Anchor IDs Clint Wilson
- [TLS] Re: Adoption Call for Trust Anchor IDs Kyle Nekritz
- [TLS] Re: Adoption Call for Trust Anchor IDs Christopher Patton
- [TLS] Re: Adoption Call for Trust Anchor IDs Kathleen Moriarty
- [TLS] Re: Adoption Call for Trust Anchor IDs Dennis Jackson
- [TLS] Re: Adoption Call for Trust Anchor IDs Kampanakis, Panos
- [TLS] Re: Adoption Call for Trust Anchor IDs Nick Harper
- [TLS] Re: Adoption Call for Trust Anchor IDs Salz, Rich
- [TLS] Re: Adoption Call for Trust Anchor IDs David Schinazi
- [TLS] Re: Adoption Call for Trust Anchor IDs Christopher Wood