IETF Logo Mail Archive

Re: [TLS] comments on draft-subcerts

Russ Housley <housley@vigilsec.com> Tue, 14 July 2020 18:51 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E436D3A08A9 for <tls@ietfa.amsl.com>; Tue, 14 Jul 2020 11:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQSGQbnlM8x7 for <tls@ietfa.amsl.com>; Tue, 14 Jul 2020 11:51:15 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C3763A09D6 for <tls@ietf.org>; Tue, 14 Jul 2020 11:51:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A4CA7300B79 for <tls@ietf.org>; Tue, 14 Jul 2020 14:51:11 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id k92nKFof-xVU for <tls@ietf.org>; Tue, 14 Jul 2020 14:51:10 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 72BA6300AA6; Tue, 14 Jul 2020 14:51:10 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <0E6AD5FA-69AB-4BB0-ABE3-F1BAEE9DA1C7@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_94D38963-EFE0-4FFB-8247-AA1190908139"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Date: Tue, 14 Jul 2020 14:51:11 -0400
In-Reply-To: <A2E098AE-6ACE-4999-ADF2-5C1211E70CCB@akamai.com>
Cc: IETF TLS <tls@ietf.org>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
References: <A2E098AE-6ACE-4999-ADF2-5C1211E70CCB@akamai.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sLimfoxloLt_74Af3sjifg8INZs>
Subject: Re: [TLS] comments on draft-subcerts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2020 18:51:23 -0000

Rich:

> Sec 4.2 doesn’t seem to agree with the complete ASN1 in Appendix A.  The latter has DelegatedCredentialExtn which is mentioned in prose and a TBD in 4.2  Perhaps a comment or some other words to tie them together?  Or does that issue just go away when IANA does the registration?

I do not see a problem.  

DelegatedCredentialExtn is the name of the module, and the OID that goes with it will be assigned by IANA in the future.

id-ce-delegationUsage is the OID that defines the X.909 certificate extension.  in Section 4.2 and Appendix A, this is assigned under the Cloudflare PEN arc as { 1 3 6 1 4 1 44363 44 }.

Russ

v2.23.0 | Report a Bug | By Email