IETF Logo Mail Archive

Re: [TLS] ETSI releases standards for enterprise security and data centre management

"Salz, Rich" <rsalz@akamai.com> Tue, 11 December 2018 13:27 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F16E7129533 for <tls@ietfa.amsl.com>; Tue, 11 Dec 2018 05:27:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.161
X-Spam-Level:
X-Spam-Status: No, score=-4.161 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id et-CmRgjFqt3 for <tls@ietfa.amsl.com>; Tue, 11 Dec 2018 05:27:44 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44635127333 for <tls@ietf.org>; Tue, 11 Dec 2018 05:27:44 -0800 (PST)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id wBBDLrbP030447; Tue, 11 Dec 2018 13:27:42 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=S20Bu/6CWfRaSZAlRW3kw75snR7De9ZpR4qP8Xe2+cA=; b=k4aZwmy1LCwXJ4ZkKNDzcZKjoT0ZxqkYeEdJ2cEUOgqW2ga+irrC0Dol4JlQvaezfNuQ RvgsEBnNEyP2X2IgUFaC/FCN2Qml2Lnr/uwPzuyhCT+soOSvYFWB2lqw+tnCxqChWR96 Wh3UgGX4EB78Ocwv2QEKPPalnBseEeOOKQYe1xKN5+GruEDxJ/qz45NVrfzazfYKOfG4 /EUcMRfwuxIa3oTVfBFliMioMZy0ZLmQc+x1cE/gkBthn4IslgjF6Cp7xQ8u9c4zLmbu +vMjWF0un7neoVgEM42e1UPsaBNFg1C/HI3iXHxhnCoqhmGoQjXgua7CUCZVEYvT1oN8 yg==
Received: from prod-mail-ppoint3 (a96-6-114-86.deploy.static.akamaitechnologies.com [96.6.114.86] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2pa8qm0yst-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 11 Dec 2018 13:27:41 +0000
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1]) by prod-mail-ppoint3.akamai.com (8.16.0.21/8.16.0.21) with SMTP id wBBDGvM6020903; Tue, 11 Dec 2018 08:27:41 -0500
Received: from email.msg.corp.akamai.com ([172.27.25.30]) by prod-mail-ppoint3.akamai.com with ESMTP id 2p8a6gn5ae-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 11 Dec 2018 08:27:40 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb5.msg.corp.akamai.com (172.27.27.105) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 11 Dec 2018 07:27:40 -0600
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1365.000; Tue, 11 Dec 2018 07:27:40 -0600
From: "Salz, Rich" <rsalz@akamai.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Kurt Roeckx <kurt@roeckx.be>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] ETSI releases standards for enterprise security and data centre management
Thread-Index: AQHUiVXXQFagoRrVsk25xkld3wlR0qVqb6uAgAADZQCAABQ6AIAACr0AgAVf9wCABysIAIACxesA///FuYA=
Date: Tue, 11 Dec 2018 13:27:39 +0000
Message-ID: <455987A3-6348-48AD-8460-AF41EB5861BE@akamai.com>
References: <CADqLbzKd-AgDRv2suZ-0Nz4jNUqKg0RNT8sgQd-n793t+gEN3g@mail.gmail.com> <CAHOTMVKZT1ScvHeP3=Kv2zodVimHkaAtG-2DTq6ojnF+q-OMSQ@mail.gmail.com> <CADqLbzL16cnm-WQXj4bh9awOp6Qqnu21cQd3T9XxpVhHse8yoQ@mail.gmail.com> <CAHOTMV+ppxTmNaBdTOEkXzX_LWWcE=RMu4sxN3CsHTEga_8M2Q@mail.gmail.com> <7de09a4c-4ba9-d4ac-3371-89af3294f424@huitema.net> <87in08lipp.fsf@fifthhorseman.net> <20181209173520.GA4007@roeckx.be> <87woogqntt.fsf@fifthhorseman.net>
In-Reply-To: <87woogqntt.fsf@fifthhorseman.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.14.0.181202
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.44.220]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5867ACF055FB384AAE3A9EF06B0F9BD0@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-11_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812110121
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-12-11_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812110122
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uTBb2uonwu1auTzBeT49fTyQnJI>
Subject: Re: [TLS] ETSI releases standards for enterprise security and data centre management
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 13:27:46 -0000

    > All the linters will give an error about that, see for instance:
    > https://crt.sh/?id=1009623020&opt=x509lint,cablint,zlint
    
    right, so what is to be done about that, when some of these CAs are
    clearly violating the BRs?  Transparency is only as useful as the
    actions we can take once violations are uncovered.  Unactionable
    transparency just sounds like despair to me.  So what's the action?

The IETF is not the protocol police, nor are we the data-format police as you well know.  All we can do is name-and-shame when interop fails.

What are these BRs of which you speak?  Not an IETF spec.  Go report violations to the place that wrote them I guess.

I've also heard tell of an anyone-can-join discussion group, https://groups.google.com/forum/#!forum/mozilla.dev.security.policy, where these kinds of things are discussed.

	/r$, yes I know all this.  So does dkg I believe.

v2.23.0 | Report a Bug | By Email