[TLS] Fwd: New Version Notification for draft-ietf-tls-subcerts-09.txt

Nick Sullivan <nick@cloudflare.com> Fri, 26 June 2020 23:51 UTC

Return-Path: <nick@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D2C83A0D52 for <tls@ietfa.amsl.com>; Fri, 26 Jun 2020 16:51:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FNYO5V_dyO_y for <tls@ietfa.amsl.com>; Fri, 26 Jun 2020 16:51:49 -0700 (PDT)
Received: from mail-ua1-x933.google.com (mail-ua1-x933.google.com [IPv6:2607:f8b0:4864:20::933]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48E2A3A0D30 for <tls@ietf.org>; Fri, 26 Jun 2020 16:51:49 -0700 (PDT)
Received: by mail-ua1-x933.google.com with SMTP id x14so3568842uao.7 for <tls@ietf.org>; Fri, 26 Jun 2020 16:51:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ioC5o+CWX20XZ2YFMUoHJa2IFtvlwxCVjhh+IHnApdk=; b=V1ZGrh6NRAAr1Dh4SKIluYaoMCmyzGGmSMKw5yylFNeiXo3cY8YstWuOEnEQqOprSD zKakZqKZUNXWgpv7ZhOZtEDrMzP04wKA4cichTRgtkPmi3YfwfYh65DkPVIgpn2eMVD/ i5fuT8EZR+QDTTul8IQ8nW614dDAy+JEJLW5o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ioC5o+CWX20XZ2YFMUoHJa2IFtvlwxCVjhh+IHnApdk=; b=lxurtmdGsSJx9x6lajuddmOkpxa+IkFdDjlS5pGivGEQBDop/PVdAXx94K/m6Ci04+ VhRtmEt5GDSF69FRawAe1hYsEBTgHuS48pb9NnwMJAVNnR/+g6JgN7logpXpErqVOrap 9EHOLmuXp95u/PRfJK8BV58L+LKRj1MrurOY22cyckCRzXR+9WvI7ye3OnB7j20tOqJn wkSvM87eyfoqBAMbJUfhz3pttg3jd5kcxGxyPj39phzdZ7V/x8tvoxjF+U+ZzVxD763D 7IVylXFQtbTeT+R+AYs51bNjQmFG4wR4cwRGerCgRSqwSBN9/ybDEda4Elf4wvFxG6vF w+Vg==
X-Gm-Message-State: AOAM532nkyKD+mSyybH1dY5/KpEiCnALdLDk1VCnos5lf8gxJP2gPGJe xO7IuTnBOM6t9ey6QDdQtpyzW4m/5/qZ4PLh9LXRL7KItrhqEg==
X-Google-Smtp-Source: ABdhPJxNczIW2IOwC+Rw2ZT9S3wDjKh8T0phAOMcsmKN1GZqS17kqEsTK06iHQQ0N5c48xGeja9S0pgHlCkWJjddn0Y=
X-Received: by 2002:a9f:3b18:: with SMTP id i24mr4287779uah.52.1593215507679; Fri, 26 Jun 2020 16:51:47 -0700 (PDT)
MIME-Version: 1.0
References: <159321525091.3808.9987324221405950713@ietfa.amsl.com>
In-Reply-To: <159321525091.3808.9987324221405950713@ietfa.amsl.com>
From: Nick Sullivan <nick@cloudflare.com>
Date: Fri, 26 Jun 2020 16:51:31 -0700
Message-ID: <CAFDDyk_rG8LwE694rfgiLTekCJJUjmMvC_k5vQ3CSEqVbtaE-w@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000064400405a90564da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lo0gEGRbckALZNj5guVKmH1-yhI>
Subject: [TLS] Fwd: New Version Notification for draft-ietf-tls-subcerts-09.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jun 2020 23:52:01 -0000

TLSWG,

We have submitted draft-09 of the Delegated Credentials draft. This draft
incorporates the reviews of -07 from the WGLC process as well as changes
from draft-08 from the list that weren't covered during the WGLC.

Here's a quick summary of the changes:
   draft-09
   *  Fix section bullets in 4.1.3.
   *  Add operational considerations section for clock skew
   *  Add text around using an oracle to forge DCs in the future and
      past
   *  Add text about certificate extension vs EKU
   draft-08
   *  Include details about the impact of signature forgery attacks
   *  Copy edits for readability
   *  Fix section about DC reuse
   *  Incorporate feedback from Jonathan Hammell and Kevin Jacobs on the
      list

Best,
Nick

---------- Forwarded message ---------
From: <internet-drafts@ietf.org>
Date: Fri, Jun 26, 2020 at 4:47 PM
Subject: New Version Notification for draft-ietf-tls-subcerts-09.txt
To: Richard Barnes <rlb@ipv.sx>sx>, Subodh Iyengar <subodh@fb.com>om>, Eric
Rescorla <ekr@rtfm.com>om>, Nick Sullivan <nick@cloudflare.com>



A new version of I-D, draft-ietf-tls-subcerts-09.txt
has been successfully submitted by Nick Sullivan and posted to the
IETF repository.

Name:           draft-ietf-tls-subcerts
Revision:       09
Title:          Delegated Credentials for TLS
Document date:  2020-06-26
Group:          tls
Pages:          18
URL:
https://www.ietf.org/internet-drafts/draft-ietf-tls-subcerts-09.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/
Htmlized:       https://tools.ietf.org/html/draft-ietf-tls-subcerts-09
Htmlized:
https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-09

Abstract:
   The organizational separation between the operator of a TLS endpoint
   and the certification authority can create limitations.  For example,
   the lifetime of certificates, how they may be used, and the
   algorithms they support are ultimately determined by the
   certification authority.  This document describes a mechanism by
   which operators may delegate their own credentials for use in TLS,
   without breaking compatibility with peers that do not support this
   specification.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat