[TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120

Dennis Jackson <ietf@dennis-jackson.uk> Mon, 29 July 2024 14:07 UTC

Return-Path: <ietf@dennis-jackson.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3775C151540 for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 07:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dennis-jackson.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S0n7PQf6xuPc for <tls@ietfa.amsl.com>; Mon, 29 Jul 2024 07:07:17 -0700 (PDT)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62511C151073 for <tls@ietf.org>; Mon, 29 Jul 2024 07:07:15 -0700 (PDT)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4WX8fn44hLz9tLV for <tls@ietf.org>; Sun, 28 Jul 2024 20:10:25 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dennis-jackson.uk; s=MBO0001; t=1722190225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rXxJDUE4l0AEzGY8yHACy1P8LJi02I2akWfKilMOwIk=; b=c1zveTu95lIMFCmGTyP4seCjZGUuXVWY3R+jPoJ8X/FN2wIiy59cHQFRu8rOStf9bP3f2a /LWyTaSfMfHPqKs+PMv6sPSiLp4798TFss0fH4cfVFU1aFYwmQSdYzCw71IAFzzcl17En0 4g8v/RERXCqqC/sb2up6cT49ePnGPVTxBuMbMMkHV1Ru93rV33JKDvBkcKQiP2cMTmLRQO 2FLjU80QsRXs+zDMM1QX6DMsCG8MKGVojMZr5RQvljFhTQLXaYmJNdnWH0GPwKkFoMpNeR 7dHA+yF7TPFKMvcSybGtSm2LtjIGZpBJfA2n2uLCBmRsrRLdQPAKPOgZZH7D9A==
Message-ID: <0d0bd7c0-a34d-47e7-84cd-22f25537495e@dennis-jackson.uk>
MIME-Version: 1.0
From: Dennis Jackson <ietf@dennis-jackson.uk>
To: TLS List <tls@ietf.org>
References: <d1589f89-35cb-489f-b195-30feb3e7e40f@dennis-jackson.uk> <SN7PR14MB6492663C2AE4A15639D62F5583AA2@SN7PR14MB6492.namprd14.prod.outlook.com> <e7aee41a-0df4-4048-8692-6805d06cfadd@dennis-jackson.uk> <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
Content-Language: en-US
In-Reply-To: <CAEEbLAa5bZ3zQX=A74THsxtgkryF4sCVCt1P+BTdDi9faraciw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: EVTISCMJI7QSOWURXP7BSH5NU5WU4MJY
X-Message-ID-Hash: EVTISCMJI7QSOWURXP7BSH5NU5WU4MJY
X-MailFrom: ietf@dennis-jackson.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Discussions on Trust Anchor Negotiation at IETF 120
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/w-R6-73O9Da4NENyC8wXukHrxpI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>
Date: Mon, 29 Jul 2024 14:07:22 -0000
X-Original-Date: Sun, 28 Jul 2024 19:10:04 +0100

On 26/07/2024 15:24, Sophie Schmieg wrote:

> I don't think trust anchor negotiation needs a lot more discussion, 
> over what has happened already. All in all, I think it's a good 
> mechanism that is fairly well defined and it's not clear to me how it 
> would benefit from an interim.

The Trust Anchor Identifiers draft was first published only 4 weeks ago, 
received less than 10 minutes of discussion in the meeting and has a lot 
of unaddressed issues.

We would have had more time to discuss these issues if the author's 
presentation had focused on their new draft, rather than splitting the 
limited time with Trust Expressions, which I think we already knew was 
not going to be a viable option.

Many participants in the meeting expressed a preference for an interim 
so I would be surprised if there was a rough consensus for adoption. 
Especially as the concerns are fundamental to the design rather than 
about issues which could be addressed later.

However, I'm sure the chairs will be gauging the mood based on their own 
conversations with WG participants and deciding accordingly.

> PQ TLS on the other hand has a lot of open questions about things like 
> different variants of Merkle Tree Certificates that I would love to 
> flesh out further.

I completely agree, though I think the first task will be getting a 
shared understanding of the challenges and requirements. I'm excited to 
talk about the different variants of MTC as well.

Best,
Dennis

N.B. I had to retype this message. I"m not sure if the original is going 
to show up on the list or not.