Re: [TLS] Martin Duke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)
Sean Turner <sean@sn3rd.com> Fri, 27 May 2022 16:22 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7FCFC14F687 for <tls@ietfa.amsl.com>; Fri, 27 May 2022 09:22:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhSw-k7BRWFa for <tls@ietfa.amsl.com>; Fri, 27 May 2022 09:22:45 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED74EC14EB1E for <tls@ietf.org>; Fri, 27 May 2022 09:22:45 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id em1so4359897qvb.7 for <tls@ietf.org>; Fri, 27 May 2022 09:22:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MCFhZTDoTWYWtJGIL2ZnTC9qeR+MHbRk5EyJbaKsrsU=; b=gIqqdPl9ScKEYPGLyRRUh8vUz/zkgGXX/YdRZWzFLuAyrrlHqr8cKIfVIexchVsBU2 oeIf9Q5DY10YTwCXLYQb+axeBC8Zb6hZ7101HBhgTpG746YfAC6TOVNjNzMnILqFm5kv MemzSgMeNldgrv3YcNLrNdnw8Vdox8aWGPBH0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MCFhZTDoTWYWtJGIL2ZnTC9qeR+MHbRk5EyJbaKsrsU=; b=CjyeEX8F3BhGEt5aFRf8hLa/awHf71k3sLAfXWnrmv8Y1Qxse90Wbu89MrZi1Gajr0 +2oKImlOPbhM5CxTrM/jN1cvl/Xfp4BPMIFgiXeEjpnBDPd0xysB68nrIA3fL7sAen3j 1A3AE9Uy3QT+w2kYWdxEIOUArp9gIH7EGDrbVvAXqG28w8BZv708kSuhPtya0Yps3H9a JjLETeKW1x7lUwjR0T3DEyfdSYP4GcAJl2tFM0c1ravNTJ3h3qD0NBtFuFqPzoRegKW5 I0B9j1Mu/0uX5EaOjU3mXZAnERKTtcNCJ6z71ui11sTOzGsh1vhVhmEeOETrKIthiFC3 T+yQ==
X-Gm-Message-State: AOAM533etyIFnnk1NnRF+3qdq7lZmaETghEukHmWmpTcrkHJuI2tKBQ+ /8DXOkCk4GL0LwVnRqMDmn71yg==
X-Google-Smtp-Source: ABdhPJwpfUbfFGpTJnJVwovDUlPWwApg6h4OYsCMXb5EPyXKP2lV/J1UI8jWhpsc9QxFfv6F4/eU8Q==
X-Received: by 2002:ad4:5d41:0:b0:462:6534:3eef with SMTP id jk1-20020ad45d41000000b0046265343eefmr11699727qvb.102.1653668564559; Fri, 27 May 2022 09:22:44 -0700 (PDT)
Received: from smtpclient.apple (pool-72-83-85-4.washdc.east.verizon.net. [72.83.85.4]) by smtp.gmail.com with ESMTPSA id f1-20020ac87f01000000b002f39b99f6bbsm2990353qtk.85.2022.05.27.09.22.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 May 2022 09:22:43 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <165332358036.50360.16927014968631988994@ietfa.amsl.com>
Date: Fri, 27 May 2022 12:22:42 -0400
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-subcerts@ietf.org, TLS Chairs <tls-chairs@ietf.org>, TLS List <tls@ietf.org>, Joe Salowey <joe@salowey.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1EA0292B-E2C0-4439-9E44-7497FCBF9780@sn3rd.com>
References: <165332358036.50360.16927014968631988994@ietfa.amsl.com>
To: Martin Duke <martin.h.duke@gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lTkwBCQfsRY7HRmqNVK10QV0fNc>
Subject: Re: [TLS] Martin Duke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2022 16:22:49 -0000
> On May 23, 2022, at 12:33, Martin Duke via Datatracker <noreply@ietf.org> wrote: > > Martin Duke has entered the following ballot position for > draft-ietf-tls-subcerts-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > A question to remedy by ignorance of ASN.1: > > How customary is it for the final standard to use an ASN.1 codepoint from > Cloudflare's private namespace? In other contexts I would expect change control > to lie with a more public institution. > > Put another way, what would happen if Cloudflare were purchased by EvilCorp one > day? I believe the WG did discuss switching the OID to the PKIX arc, but an OID is like you age - it’s just a number. Once assigned, nobody can really take it back. As far as common, it happens - I am hesitant to say all the time, but it is not uncommon. There are OIDs for modules, extensions, and algorithms out of company arcs and gov’t arcs. E.g., Digest algorithms: SHA*-> Gov’t x25519, x448, Ed25519, Ed448 (RFC 8410) -> Thwate arc. TAMP (RFC 5934) -> Gov’t Arc. I am sure there are more. spt
- [TLS] Martin Duke's No Objection on draft-ietf-tl… Martin Duke via Datatracker
- Re: [TLS] Martin Duke's No Objection on draft-iet… Salz, Rich
- Re: [TLS] Martin Duke's No Objection on draft-iet… Sean Turner
- Re: [TLS] Martin Duke's No Objection on draft-iet… Martin Duke