IETF Logo Mail Archive

Re: [TLS] I-D Action: draft-ietf-tls-subcerts-13.txt

Achim Kraus <achimkraus@gmx.net> Sun, 15 May 2022 07:55 UTC

Return-Path: <achimkraus@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E51AC15EB2B for <tls@ietfa.amsl.com>; Sun, 15 May 2022 00:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.956
X-Spam-Level:
X-Spam-Status: No, score=-3.956 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bl_N35K91As7 for <tls@ietfa.amsl.com>; Sun, 15 May 2022 00:54:57 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E49F9C15EB2A for <tls@ietf.org>; Sun, 15 May 2022 00:54:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1652601294; bh=1cr6abDJ52BcOtaBNRR7k/1oZ/h4TjMjtscJ8WTShXA=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=O3NC4LNTC1U/l+E31GTqHoIUpd4iRjW6B0e8DRiaO2Ye28TcIEAmlfBrX3qlH3F2G d511R0vfMIOFGBMkjD2CPS7VZF7DQipSSXlvVpSUI3GKkyPcgWgD0mLvTYMl0FfcxG t9mU+nHoY8heHAObvAwQ1HQJhh3ywe8BJH8B8tEo=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from [192.168.178.10] ([5.146.193.130]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MkYXs-1nTRKK3IZ4-00m6xD for <tls@ietf.org>; Sun, 15 May 2022 09:54:54 +0200
Message-ID: <39287ef5-22f9-6364-eaf0-b0b342217edc@gmx.net>
Date: Sun, 15 May 2022 09:54:54 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1
Content-Language: de-AT-frami
To: "tls@ietf.org" <tls@ietf.org>
References: <165214307510.14431.17642536027852335227@ietfa.amsl.com>
From: Achim Kraus <achimkraus@gmx.net>
In-Reply-To: <165214307510.14431.17642536027852335227@ietfa.amsl.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:x69ojB8wSFRbFN1hh8T823oZXciUx5K8FfqO60Xo+puMj6kGIU5 wTkjZKAki+NS+SYgpLB39uYETfoqqnV/WVAKFzYYmIP7tAAW8Zmn8OlH1nj1sbw1vnFPz91 20UJYWnmiZtJganzyXKBzyMpSfzBWelG0gTfcQBmAMudFywTBlzwc1/9Fl3nnSwZXVyltsk v+LxtsEa1S4R/dLsXM/tg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:+xcOQnolsmA=:65QBI3GnYXgH6ARdTwS7Uk MgDc4x0eaDhaM/4gdAo1WKYzjXhGHAyvit5Vk/HleciT619v0ZxU3eQ+r9b35qnbhljwd6IBM aWe1BZv+9htgP6xzArzlv+b7oBlmB0+WCSXv7kPycm/zvTLpxgIyF2oKKB2GMOR4eK3PeVXyh 08TLKQUQ+cN4HzGi6w5TBs2vCvLGtdH7+S1vQydSXomOz4kmEpQW/+GgTJ97M+ZeITeprOjN/ AIgZrV9oSOsfCGPgjyuuRBLxBKg7LFISX6wqe1wXvOp2mKGeUSd1+KLptUf6tqKIVlcrqg/Wf hLthv7L1Pk1cFxhS6+Dm/XM4VbMBIDklicfynuh4KUXu49K2xNISA5B72w8pkdEFSAt3zLQx7 ZyROWxFMaCBHjCA/mo3Dvm4sfAKXeQ6TMLDNStatDzL8zxtBUXbBCT/FhiZeZAPMuIfe3whbs gZxTUrZTtIRhwlwY2I3nI0lUTuFEWhKE1I0KuXqZ38Cfeypijx6v2LRh1v5Hic5wuEH2IL1Bc 8sFzbm8Ot5PR5KdVTJVnQ6PhvlpRdMEkE3JsMjLFZKzEoh0fg7eRyCrzxnpKry0gF1jSs0XGn rmokEi78eH2/roNI4lEoz3RkuV5JuDM9uxCV1a8Dem5l+/OOAfC3q5UbK1a0xpf8OE4anVZt2 uO9qjnemaP57UMRDZ/r9uh0shtzoqr2iJfARBO+tC2CtRZ6tCmztKT1BIqy5T+ZyluSHMTkAm qN4aT8n1UGFymCWok9vfnWTfarikmrv+jDy/A3lUTepD/0ZcT3xGgnKZx8UOpndxPbF/xgqis u5rZLxBhvfUID7x5GpS8DWqKbbd1rJBjyOV6Hhc2hLRpRdDNPYx3EkgpAq9eUPfPzLWNE9e49 uO8CzsqHkqe1W7ww66OyU+wL1hxKAep1LrWjqNG++lf/yGfuwRD0+CyTj3pg7fOMt5NPXAO/X 6xdcINnBUtBHrcDYKq60KOfuSwchvFcJz7G9s2BroPrXnucEHd1voF0iA9tczKH57m0FI/arA DFCwZsM+2u3qNx3p5Sef8DI7UZ+4rgnsM+SQbTLrWxkjgRA/RzjSj82iCwFC5X/lwAAijxe4B QWZTBKNW9GMsM/NKx889IN1SA9vbFWjU60wf3bagQymIH8+jwpL23Cykw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qHg57h5x-JimaOPHQDDt-ysH_po>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-subcerts-13.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 May 2022 07:55:01 -0000

Hello list,

are there any considerations about using tls-subcerts also with other
certificate types than X509?

Especially RFC7250 (Raw Public Key) would raise the question, how to
handle certificate types, which don't carry a "notBefore". Maybe a
default value can be used.

I created https://github.com/tlswg/tls-subcerts/issues/107

best regards
Achim Kraus


Am 10.05.22 um 02:37 schrieb internet-drafts@ietf.org:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
>
>          Title           : Delegated Credentials for (D)TLS
>          Authors         : Richard Barnes
>                            Subodh Iyengar
>                            Nick Sullivan
>                            Eric Rescorla
> 	Filename        : draft-ietf-tls-subcerts-13.txt
> 	Pages           : 17
> 	Date            : 2022-05-09
>
> Abstract:
>     The organizational separation between operators of TLS and DTLS
>     endpoints and the certification authority can create limitations.
>     For example, the lifetime of certificates, how they may be used, and
>     the algorithms they support are ultimately determined by the
>     certification authority.  This document describes a mechanism to to
>     overcome some of these limitations by enabling operators to delegate
>     their own credentials for use in TLS and DTLS without breaking
>     compatibility with peers that do not support this specification.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/
>
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-13
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-subcerts-13
>
>
> Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

v2.8.7 | Report a Bug | By Email