IETF Logo Mail Archive

[TLS] Re: PKI dynamics and trust anchor negotiation

David Benjamin <davidben@chromium.org> Thu, 06 February 2025 22:20 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D3A3C1CAE6C for <tls@ietfa.amsl.com>; Thu, 6 Feb 2025 14:20:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.402
X-Spam-Level:
X-Spam-Status: No, score=-9.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JdOwNY7pO-RK for <tls@ietfa.amsl.com>; Thu, 6 Feb 2025 14:19:57 -0800 (PST)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C5C6C204D1B for <tls@ietf.org>; Thu, 6 Feb 2025 14:19:57 -0800 (PST)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-ab7800d3939so132128266b.2 for <tls@ietf.org>; Thu, 06 Feb 2025 14:19:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1738880395; x=1739485195; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nKgld+XDZOz2F4MBTHGuVKRFSAuLH/kkOSYP3ZxCHPI=; b=HQUEuah5lbjthf5pmlzulZjoQqqYowjzeV+OzFDiVWzD+njTTsJVmjP6LxCS9vCgOX q4jkB10QBalks4K3IwcDy8/emAdL6SMRsSsI/z2UyqawdiI7H05tVt9w5azfLSar/5Vj aFiie49xD8Wkfbp4Q+ngkxQFITRwPOrg7Ilto=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738880395; x=1739485195; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nKgld+XDZOz2F4MBTHGuVKRFSAuLH/kkOSYP3ZxCHPI=; b=m1UQDnrK0hJWM/HWRaFFDZCN68fzCQefhrGjHNXXiMUwgtCnq75qh1frfRGpakB8XX DLDJW3qkJi59p9VwgiQjfM87frOZURuMT4XrvRA7Uc16T1+/374pkTqDw3Gk9lV1ofuf DK9KxpxFqFLjMipmWK6p30j/Jzj0tOJbI+IG37w0XfbjTYw+ieLZXf4XfYOtxKs3IBlH wDB+OhdoR8NxUekBu9RT5/A25o0Qqbch2m/Kgx7wKwpLhBUxKBo9PX/CBe74v76h2ECO oe/YgToGIz8MxHJb0JkNw3j+UTUMozUoaOYbzdGQjpprhq6LbGwockT0m2lpDo6N/1Ks eUfA==
X-Gm-Message-State: AOJu0YyYE/n3B+rKItkNICtpR9Xta2JaB83phGzNMjGMzyHYuxG9eOFw 0pTFXrV33LbRsne61sv2y9TY01L2vFiaHsYApS550/HeE5Gct9WNIxJzzcDA+5xfGtFmJb6Xhjs vdqTE+XUZr0O7FCs7Js0krWxNwWnNeDFi4ffG2Yo0LNuT1kgS
X-Gm-Gg: ASbGncsIxI5yo6/GD8Br81JZWh/GnjbUOPDfT1gbhX7MkRxPV8riIUuP59FWSQ8EAxW mA5MBmHjw4Ij5J0jJrbcySZyXKoOVjLInVySVOR+AoXpY6xauUO+fZs25iQQ/QTRiZvHre28=
X-Google-Smtp-Source: AGHT+IEjCsIRab9JsIS1/BIZyxhf44hPqyDdfdhWCFNWlYrK2Y6SM7xLb2M8+M12OL36P1kbq2RkJC8zYFMLd4KjTRw=
X-Received: by 2002:a17:907:c04:b0:ab6:d575:3c53 with SMTP id a640c23a62f3a-ab789a9d80emr84915766b.11.1738880395415; Thu, 06 Feb 2025 14:19:55 -0800 (PST)
MIME-Version: 1.0
References: <CAF8qwaANSCodvYKAxSJf1EFnJaXmFAfD+USCg+kRVY9eRa1zow@mail.gmail.com> <11C994AA-D3B4-435E-8385-829AE615D992@akamai.com>
In-Reply-To: <11C994AA-D3B4-435E-8385-829AE615D992@akamai.com>
From: David Benjamin <davidben@chromium.org>
Date: Thu, 06 Feb 2025 17:19:38 -0500
X-Gm-Features: AWEUYZlGGdRQYloCpJ_OOZc4nJO_50qGgQeOYS6ZFwiUP_UY9sclZz4npPiI2Y0
Message-ID: <CAF8qwaDWPqZ4fW4FUgPq+Zc89z_YPyorDQipD2B2ZG_fSJyX2w@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: multipart/alternative; boundary="00000000000046f2a6062d80a4ea"
Message-ID-Hash: SO7FHPBZFD6ZIMY4XE5PNXRRBPSSKPQR
X-Message-ID-Hash: SO7FHPBZFD6ZIMY4XE5PNXRRBPSSKPQR
X-MailFrom: davidben@google.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: PKI dynamics and trust anchor negotiation
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/nRp_OaYGO_4kPDHZTdra0wSO-AM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

On Thu, Feb 6, 2025 at 4:40 PM Salz, Rich <rsalz@akamai.com> wrote:

>
>
> First, to correct a misrepresentation: this draft is not a veiled attempt
> to completely diverge from the Web PKI and fragment the ecosystem.
>
>
>
> I never said that the draft is such a veiled attempt, and I don’t recall
> any other postings saying that.  I am concerned that the fragmentation is a
> highly likely outcome.
>

Hi Rich,

This was not in reply to you specifically. :-p

As for why fragmentation is not a likely outcome, the rest of the message
(not in your quoted portion) addresses this directly. Did you have any
specific thoughts here?

David

v2.29.0 | Report a Bug | By Email | System Status