[TLS] Re: PKI dynamics and trust anchor negotiation
Watson Ladd <watsonbladd@gmail.com> Sat, 08 February 2025 18:48 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A98CC14F6BB for <tls@ietfa.amsl.com>; Sat, 8 Feb 2025 10:48:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vF1tLlpYl7eE for <tls@ietfa.amsl.com>; Sat, 8 Feb 2025 10:48:10 -0800 (PST)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AF6AC151079 for <tls@ietf.org>; Sat, 8 Feb 2025 10:48:10 -0800 (PST)
Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-4361815b96cso20690445e9.1 for <tls@ietf.org>; Sat, 08 Feb 2025 10:48:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739040489; x=1739645289; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=7KoexjQM46jYhT4ku2FB7YsZqCEWdamFLSI92nkaa5w=; b=IOqrMaRG8FGLAmdNDfXbQ8z1jdC5uhGak1A2R4jFyj0KJUV84KDW2/Ep2gKCAysimd r2q9/88LJd3u+0hICq6xAGW3uHsXhnTz7Tejrm79UNL8eNqE6EemgmVPyz7QimipuAY+ ReZLA095kOuIZPk96g6QrqrnA8azGa6306oRHOICyM0S1N6/6Xe6nS3/cMemyvoDKP2s jyIybR94tCfm9Z+Pr16oYQ495dYaP3y/aI7QPk76H0ew1NF6yf6YSIatk5TChw+StUo0 DURHeISSmas/LbY51NJ/rZOZiuvw2EQp7+qTU86dLQ3e7FiPo5Nco7/1MwEEDH3rqz4I SkXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739040489; x=1739645289; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7KoexjQM46jYhT4ku2FB7YsZqCEWdamFLSI92nkaa5w=; b=aWFs36XYhIesvuZ04zVzTnpq48k+95KmfkIOyurcYWVtW6o9B5y0LbF9gZrEgkZUQg 2c+xY/UtbzTVNtQU78BJ8B3AlNMrwlAIfCgBRcS04vUPEOnuYMta56TLe0uBTf4DfYhE 9RRTvI4az0sZcSEIocxqQvE2mKLFhvrzddHfMFOpZrUiM9E0kXI9y5wACG1hev9O7Fky glY0ILxkiULoADjdOiaJAdBicQll+qS/sbXvONlK5geyFB8nlrSU1XOfBqbygRKEZbb9 MQZ79ZLBN+q8kI+UuQNHrsW/umVY8d/pzFVefDmtRVwj2lm6adFffTI2xx+pc9weBO2N eW1A==
X-Forwarded-Encrypted: i=1; AJvYcCUoLvzm4F9PHeo4lynz08cu2XVMWtj6DGlBO8zPCyP9uwI66TIY5ZiEEc996zGbv7CPY+0=@ietf.org
X-Gm-Message-State: AOJu0YzDmgEgaIJh0/f4LvpPAOCbVQu5fjJZgm+Nv2NbmUWkaMK/j9V8 BE16iJ8IrZPqfQayG0F5GRlB8JaYo5HYZUvs2QfcuPYnXyxhvZiCDxJ/TWtQKRlD8RMqmTt+oGR XZL31zuaxCdomPWmAWg3eTDpnV0M=
X-Gm-Gg: ASbGncs7BZ+1sMpgd1Biu5zRDUN30Nphpq5IFxDl4UZ0UT6hQFkyB/fOqgOxFrneDX1 EwUGnMMN6TPQ2a0i//kLAAiBL9qS77s84HEAh36aMv/dKe3J6i/NWT5+yc32EnPVrC/oao/C8GZ hb7+DSX7XIzljkkAqQ8VK86e36kDe1Wg==
X-Google-Smtp-Source: AGHT+IHRCopFelGnkKVNGwRFfSzLDw1TsUxjixG2CCVRhPFb6W0YsZLlM4iFIMynOz7yof+Mr70grIK/08EC4Tq+TWg=
X-Received: by 2002:a05:600c:19d4:b0:431:44fe:fd9f with SMTP id 5b1f17b1804b1-439249b04e3mr60100035e9.23.1739040488393; Sat, 08 Feb 2025 10:48:08 -0800 (PST)
MIME-Version: 1.0
References: <CAF8qwaANSCodvYKAxSJf1EFnJaXmFAfD+USCg+kRVY9eRa1zow@mail.gmail.com> <CACsn0ckxGKq2pnNrRXqyb1UtHnJHunByrEmr3o=1Y5XrWx4X0g@mail.gmail.com> <CADQzZqteTezp4tfC02voQ2wr1U0WY+2sBrWwEgg-s3AY2ZChnw@mail.gmail.com> <CAF8qwaCkBj1Fq1Ofp29xGatQc_TVMKqEJ=mm7+k+T5O4YiqgwA@mail.gmail.com> <CACsn0cn_gxr-akwj7dS_17ch7x8Xyj6yJfMiKn-01Ns4bVOjRg@mail.gmail.com> <CAMjbhoVWY=pv1jeHLzC9R-+KOyZSe1nwOe7cEns7MnZB89eAQg@mail.gmail.com> <CACf5n78QBZE967EJenEOu6T=yyt1QmVEob_joiBC-gDYHDA8=w@mail.gmail.com>
In-Reply-To: <CACf5n78QBZE967EJenEOu6T=yyt1QmVEob_joiBC-gDYHDA8=w@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 08 Feb 2025 10:47:57 -0800
X-Gm-Features: AWEUYZk4ydAj4qEunaIDA8IVATfJlSFF4XXKXk1WsJTSnaCv-dfPnFCRcRa6aVg
Message-ID: <CACsn0cm5TLmD1kku+g4FUdZ7=d5L61TcoH-wCxToTBhb4rzMLw@mail.gmail.com>
To: David Adrian <davadria@umich.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 7RWAYNHXJV52CNHIA2C3UXCLE4PLS4S6
X-Message-ID-Hash: 7RWAYNHXJV52CNHIA2C3UXCLE4PLS4S6
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org>, Mike Shaver <mike.shaver@gmail.com>, "<tls@ietf.org>" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: PKI dynamics and trust anchor negotiation
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/o6nbzWsgty0lym498N_3O3Ng3Hs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
On Sat, Feb 8, 2025 at 9:44 AM David Adrian <davadria@umich.edu> wrote: > > To be clear, the client does NOT send its full list of trust anchors by default. There is a server-side DNS signaling mechanism that allows the client to pick a single anchor without sending the full set. > > The feedback at IETF Vancouver was to move away from a client signals, server selects (via trust store name and version) to a server signals, client selects (via OIDs in DNS) Somewhat of a side note: I was under the (possible mis)-impression that the trust anchor indicator was originally an indicator of the complete set owned by the client (which I think is what trust store name and version meant), not one per root, vs. compressing the already existing authorities_extension without needing a shared dictionary (which trust anchor identifiers now does). While this might seem like a small difference it has a rather large impact on the impact of clients that CAs don't care about to implement. Separately: A DNS based hint of what indication would be useful to send solves some problems but not others. It doesn't really help servers determine what the universe of clients is supporting and isn't that they see without some more information. Sincerely, Watson > > On Sat, Feb 8, 2025 at 3:12 AM Bas Westerbaan <bas=40cloudflare.com@dmarc.ietf.org> wrote: >>> >>> Silly clarification: the TAI identifier is just a compact identifier >>> for the root cert, like (making it up) a 4 byte identifier? So the >>> client sends the entire list of root certs supported, so about 100, so >>> 400 bytes? >>> >>> In that case I think you can inject it into an end-entity cert on >>> issuance, and into the root representations in the trust store. >> >> >> Yeah, this is an interesting alternative design. You can reduce the size quite a bit more with simple compression techniques. See >> >> https://github.com/davidben/tls-trust-expressions/issues/64 >> https://github.com/bwesterb/go-ncrlite >> >> >>> >>> Where >>> this doesn't work out well is on cross signs where the cert can root >>> to multiple places/when more than one cert is needed to cover and the >>> config only has one, but this would solve a bunch of the issues for >>> command line programs where the trust store format is a bag of certs >>> on disk. It could also work for cross signs since the intermediates >>> used are known by the CA. >>> >>> Sincerely, >>> Watson >>> >>> _______________________________________________ >>> TLS mailing list -- tls@ietf.org >>> To unsubscribe send an email to tls-leave@ietf.org >> >> _______________________________________________ >> TLS mailing list -- tls@ietf.org >> To unsubscribe send an email to tls-leave@ietf.org -- Astra mortemque praestare gradatim
- [TLS] PKI dynamics and trust anchor negotiation David Benjamin
- [TLS] Re: PKI dynamics and trust anchor negotiati… Salz, Rich
- [TLS] Re: PKI dynamics and trust anchor negotiati… David Benjamin
- [TLS] Re: PKI dynamics and trust anchor negotiati… Watson Ladd
- [TLS] Re: PKI dynamics and trust anchor negotiati… Mike Shaver
- [TLS] Re: PKI dynamics and trust anchor negotiati… Dennis Jackson
- [TLS] Re: PKI dynamics and trust anchor negotiati… Bob Beck
- [TLS] Re: PKI dynamics and trust anchor negotiati… David Benjamin
- [TLS] Re: PKI dynamics and trust anchor negotiati… David Benjamin
- [TLS] Re: PKI dynamics and trust anchor negotiati… Watson Ladd
- [TLS] Re: PKI dynamics and trust anchor negotiati… Bas Westerbaan
- [TLS] Re: PKI dynamics and trust anchor negotiati… David Adrian
- [TLS] Re: PKI dynamics and trust anchor negotiati… Watson Ladd
- [TLS] Re: PKI dynamics and trust anchor negotiati… David Benjamin