Re: [TLS] Duplicate oid_filters

Sean Turner <sean@sn3rd.com> Sat, 10 March 2018 00:35 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3654124319 for <tls@ietfa.amsl.com>; Fri, 9 Mar 2018 16:35:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AUK0qXQymGat for <tls@ietfa.amsl.com>; Fri, 9 Mar 2018 16:35:12 -0800 (PST)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 358E91242F5 for <tls@ietf.org>; Fri, 9 Mar 2018 16:35:12 -0800 (PST)
Received: by mail-qt0-x233.google.com with SMTP id m13so13020672qtg.13 for <tls@ietf.org>; Fri, 09 Mar 2018 16:35:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=w31vCr3Oc1KVx6PLw0tc8Lf3pCA6lStYgY7Gw4g2+VI=; b=ZVVcnYkeC4o6dQhZmosd85A4JOT4QUWk9c+MTnshnx0y69Ajo772JVOoP9+MCzI3Dt MYfIEO8xyh/n/SMmrpuuiNqPIKDMlES8huepL9dTlrN+tPo9iuI6S59yLBp3IvaSAyIl VvC1tNYu2qQkP/YIgdsRfbqNYBAz2XWz3F0SU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=w31vCr3Oc1KVx6PLw0tc8Lf3pCA6lStYgY7Gw4g2+VI=; b=oajypojo81NNzaD455/9SyF4AEl9rMCMv7aOdPKoQjWAHaWlgeesAfZqd8k5MKj3S5 jy4s9MBhNy3FPNQOso0l2TRRGT/OEzmgKliBIwTUlbFpSXsAVnncxFmfYBMDFjc7Gvoc 0NzNyP8/anREIcvacZc9A7bFlCWnrTSkhCjvBjP/FIySEAaXQuBbKZl0HL94gKUAQuEW ByhmBDDhiKGtskbDWeygPD1MvSxxHgartzlregIZNU7h5VE8Pzar5RRWD9R/qvT59xpG w77QL9hDmqFA6ykVqMCZ3ikDGLDJ2RbIVYpjnmzpHmRS0vJGM9sinP0USUK3KRiT9XB2 QsYA==
X-Gm-Message-State: AElRT7Ei1oGB/x2xd2kBIKGZqDi8IEdoG7A/WRFUefNZ6xuF5GCG18sD mJtiaWk9gRnAHzVb1SLp2Z9OLg==
X-Google-Smtp-Source: AG47ELszzCQf5HJGkODeZe5zhrkKSQf0pIpa9E4I95oNHyVVeTeXZrOKEMZni55JodDMciRoAvsSIA==
X-Received: by 10.237.61.112 with SMTP id h45mr526268qtf.225.1520642111293; Fri, 09 Mar 2018 16:35:11 -0800 (PST)
Received: from [172.16.0.18] ([96.231.225.106]) by smtp.gmail.com with ESMTPSA id q49sm1455561qtq.93.2018.03.09.16.35.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Mar 2018 16:35:10 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <92c3be5c-4522-4072-d4ce-d7b41cdfebf0@akamai.com>
Date: Fri, 09 Mar 2018 19:35:09 -0500
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F0DDF644-3C44-401F-8C13-46E9BE2ED9C0@sn3rd.com>
References: <CABcZeBPCz229n6sZZYGF=suFoXVt1MdCWJU5e1gyG0sj=Zgt5Q@mail.gmail.com> <92c3be5c-4522-4072-d4ce-d7b41cdfebf0@akamai.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qTX1CG8msVOrnD6q5e9QaGYY4Ec>
Subject: Re: [TLS] Duplicate oid_filters
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Mar 2018 00:35:14 -0000

Okay so the OIDs can’t appear twice in the certificate, because certificate extensions are only supposed to appear once so why don’t we just follow suit and require no dupes?

spt

> On Mar 9, 2018, at 16:44, Benjamin Kaduk <bkaduk@akamai.com> wrote:
> 
> (See also https://github.com/tlswg/tls13-spec/issues/1179)
> 
> On 03/09/2018 03:35 PM, Eric Rescorla wrote:
>> See issue #1166.
>> 
>> The current text neither allows nor prohibits the same OID appearing
>> twice. We should do one or the other.
>> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls