[TLS] Fwd: New Version Notification for draft-davidben-tls-trust-expr-00.txt
David Benjamin <davidben@chromium.org> Thu, 19 October 2023 15:38 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76DC4C180DEB for <tls@ietfa.amsl.com>; Thu, 19 Oct 2023 08:38:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.258
X-Spam-Level:
X-Spam-Status: No, score=-14.258 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qD0j7YprEPnO for <tls@ietfa.amsl.com>; Thu, 19 Oct 2023 08:38:52 -0700 (PDT)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D189AC180DED for <tls@ietf.org>; Thu, 19 Oct 2023 08:38:52 -0700 (PDT)
Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-d9a58aa4983so9592647276.0 for <tls@ietf.org>; Thu, 19 Oct 2023 08:38:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697729931; x=1698334731; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=96IEkruI2zsrkpHE7n5JiB05O//cBsTi8O6HRjX4B+8=; b=nHl8ZRyH+1KO0IvgH0NHQYGjZppiuZpEZFI0fVlk2TdejmY5fZ/11C2EJabfChdL3h MCK7Blfm+tkpQ+uVWRXVxm1NaGKHsjpM/J4IY8vHMlgv6F++vLwUs1BWImUJEc0+zSio Dz4nvAB6RgHZEDCp9pGoT0D9xluuXtf9RgU0U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697729931; x=1698334731; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=96IEkruI2zsrkpHE7n5JiB05O//cBsTi8O6HRjX4B+8=; b=B4ChE/J5D7wzShaakJbUKUABzmTHlREWysrTFo+DL27KSVaNpiCVG6JdDFZWhFGlP7 mSQUhd8nSj8Rva1o6yEo+3abTmUk0tHzoCBRVmaAYZY4Vd+tjnHUtQMbW17O3RWPud1K Zo74JeJLnY0DksH5qeuzpLnoi1z2B+/V502fhSv8NjfWg2Rmf0darIxKLMNi+tw5hvdW sMWnP54th05rYLFeOXwf0GDTUGZKLA7KHXwssxc4Em0vblis/rl56xq1SzLYhEuPIfYD CL7ROkWZzKIyq6tw4EeXfP3KSDGtbuumbrnapvgbEqnQq7BjSJ1fiVFjMbiykHMu6a6E DDQw==
X-Gm-Message-State: AOJu0YxcSg+wqlY07kDdm4ey++rONwb4al7z5QvS04LwJocX4tsVehoi 6oGyYTdD6FL6CF0FpxyAMN6LdR1o2lsIfbs0u0ScmxOu8HzWD2ixjPaF
X-Google-Smtp-Source: AGHT+IEilVZlF+ahFK/d7WdIYr0PDgdmNwf6iRtCl9hw3l+V7TmVawA/nczrp2/083dsZLJG+h2/IpnS31SF37dOA38=
X-Received: by 2002:a25:b782:0:b0:d81:4107:7a3 with SMTP id n2-20020a25b782000000b00d81410707a3mr2692349ybh.23.1697729931370; Thu, 19 Oct 2023 08:38:51 -0700 (PDT)
MIME-Version: 1.0
References: <169772976566.3300.76695789086640793@ietfa.amsl.com>
In-Reply-To: <169772976566.3300.76695789086640793@ietfa.amsl.com>
From: David Benjamin <davidben@chromium.org>
Date: Thu, 19 Oct 2023 11:38:33 -0400
Message-ID: <CAF8qwaBCF-0dE2D+gk3vBnnLQ-SWuER_Nboo1OUhP9iqE3hrZQ@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Cc: Devon O'Brien <asymmetric@google.com>, bbe@chromium.org
Content-Type: multipart/alternative; boundary="0000000000007c81ac0608138d55"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jpVMGyTeYhM8vLTTkteYlxXbh7c>
Subject: [TLS] Fwd: New Version Notification for draft-davidben-tls-trust-expr-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2023 15:38:56 -0000
Hi all, We just published a document on certificate negotiation. It's a TLS extension, which allows the client to communicate which trust anchors it supports, primarily focused on use cases like the Web PKI where trust stores are fairly large. There is also a supporting ACME extension, to allow CAs to provision multiple certificate chains on a server, with enough metadata to match against what the client sends. (It also works in the other direction for client certificates.) The hope is this can build towards a more agile and flexible PKI. In particular, the Use Cases section of the document details some scenarios (e.g. root rotation) that can be made much more robust with it. It's very much a draft-00, but we're eager to hear your thoughts on it! David, Devon, and Bob ---------- Forwarded message --------- From: <internet-drafts@ietf.org> Date: Thu, Oct 19, 2023 at 11:36 AM Subject: New Version Notification for draft-davidben-tls-trust-expr-00.txt To: Bob Beck <bbe@google.com>, David Benjamin <davidben@google.com>, Devon O'Brien <asymmetric@google.com> A new version of Internet-Draft draft-davidben-tls-trust-expr-00.txt has been successfully submitted by David Benjamin and posted to the IETF repository. Name: draft-davidben-tls-trust-expr Revision: 00 Title: TLS Trust Expressions Date: 2023-10-19 Group: Individual Submission Pages: 35 URL: https://www.ietf.org/archive/id/draft-davidben-tls-trust-expr-00.txt Status: https://datatracker.ietf.org/doc/draft-davidben-tls-trust-expr/ HTML: https://www.ietf.org/archive/id/draft-davidben-tls-trust-expr-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-davidben-tls-trust-expr Abstract: This document defines TLS trust expressions, a mechanism for relying parties to succinctly convey trusted certification authorities to subscribers by referencing named and versioned trust stores. It also defines supporting mechanisms for subscribers to evaluate these trust expressions, and select one of several available certification paths to present. This enables a multi-certificate deployment model, for a more agile and flexible PKI that can better meet security requirements. The IETF Secretariat
- [TLS] Fwd: New Version Notification for draft-dav… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… Ilari Liusvaara
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… Ilari Liusvaara
- Re: [TLS] Fwd: New Version Notification for draft… Colm MacCárthaigh
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… Ilari Liusvaara
- Re: [TLS] Fwd: New Version Notification for draft… David Benjamin
- Re: [TLS] New Version Notification for draft-davi… David Benjamin
- Re: [TLS] Fwd: New Version Notification for draft… Carl Wallace