[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
Dennis Jackson <ietf@dennis-jackson.uk> Mon, 29 July 2024 14:12 UTC
Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50E13C14F6BA for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 07:12:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Qe0gU7dDvoM for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 07:12:43 -0700 (PDT)
Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E89BCC14F5EA for <tls@ietf.org>; Mon, 29 Jul 2024 07:12:42 -0700 (PDT)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4WWl2r34cpz9tcR for <tls@ietf.org>; Sun, 28 Jul 2024 03:56:20 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1722131780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eRNE5Mv0q1ZpdVDjpOwU2y7iafrmaA3rBBevQgyBG/k=; b=0i8D9ZHs08uHKcJMNhzvNfwlUecVDUYbZSlWuVFlCt4DZnMq9qKSAMj7CUgQwsCyzamAso KSJnJBuwNqq/4v56CQ3alRBl2pTFP11uv4bqHYjMpVXMa45bNl/D6jdk3/Mzf/+575614t LaHHngTNs77ABt7/yaRcNfR+JZ3w81FDOJdc4QMYN1R2U9zyA6CaxQFC4jLvxB92RMbrGY 4Pj3AYi/4iP+QLlrk11SHn4xrpb+Ert0GaTsDQCRl1zmFM/kmfnMuxapaVRyKZWOuc7dmp JVJsSWSeufCVJbVZhHUo0uJyLNFBoPocfU2FTsRwBtbHtiUHF//myFHcipYVAw==
Message-ID: <37483eb9-baed-468e-94d0-bf5054f878e1@dennis-jackson.uk>
MIME-Version: 1.0
To: tls@ietf.org
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
Content-Language: en-US
From: Dennis Jackson <ietf@dennis-jackson.uk>
In-Reply-To: <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4WWl2r34cpz9tcR
Message-ID-Hash: 5OFENTTEL6GVCJIZE5QO6LUGU2JI3G6R
X-Message-ID-Hash: 5OFENTTEL6GVCJIZE5QO6LUGU2JI3G6R
X-MailFrom: ietf@dennis-jackson.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/iV3Ncek0XeJZzT2LAQH8Sh6xXeE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Mon, 29 Jul 2024 14:12:47 -0000
X-Original-Date: Sat, 27 Jul 2024 18:56:17 -0700
On 26/07/2024 15:24, Sophie Schmieg wrote: > I don't think trust anchor negotiation needs a lot more discussion, > over what has happened already. All in all, I think it's a good > mechanism that is fairly well defined and it's not clear to me how it > would benefit from an interim. The Trust Anchor Identifiers draft was first published only 4 weeks ago, received less than 10 minutes of discussion in the meeting and has a lot of unaddressed issues. I feel that if the authors had chosen to focus their presentation on their new draft, rather than splitting their time slot with Trust Expressions, there would have been much more time for discussion at the end of the meeting. As I noted, many participants in the meeting expressed a preference for an interim so I would be surprised if there was support for adoption. Especially as the concerns I want to present are fundamental to the design rather than about issues which could be addressed later. However, I'm sure the chairs will gauge how close we are to a rough consensus on adoption based on their own conversations with the other WG participants. > PQ TLS on the other hand has a lot of open questions about things like > different variants of Merkle Tree Certificates that I would love to > flesh out further. If we want an interim, we should focus on that > question, and leave trust anchors out of the discussion, in my > opinion, moving them towards adoption instead of drawing out the > process even longer. I agree the scope of PQ TLS is much wider and will also need some substantial time to discuss. I think the first job will be figuring out problems we're trying to solve and our requirements, but I'm excited to talk about the different variants of MTC as well. Best, Dennis
- [TLS]Discussions on Trust Anchor Negotiation at I… Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Sophie Schmieg
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ryan Hurst
- [TLS]Re: Discussions on Trust Anchor Negotiation … Watson Ladd
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Salz, Rich
- [TLS]Re: Discussions on Trust Anchor Negotiation … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Dennis Jackson
- [TLS]Re: Discussions on Trust Anchor Negotiation … Tim Hollebeek
- [TLS]Re: Discussions on Trust Anchor Negotiation … Eric Rescorla
- [TLS]Re: [EXTERNAL] Re: Re: Discussions on Trust … Andrei Popov
- [TLS]Re: Discussions on Trust Anchor Negotiation … Ilari Liusvaara