IETF Logo Mail Archive

[TLS] Re: Adoption Call for Trust Anchor IDs

Joseph Salowey <joe@salowey.net> Tue, 18 February 2025 21:39 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2F42C1CAF2A for <tls@ietfa.amsl.com>; Tue, 18 Feb 2025 13:39:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ghKs-R3ps_Ah for <tls@ietfa.amsl.com>; Tue, 18 Feb 2025 13:39:40 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0E04C180B60 for <tls@ietf.org>; Tue, 18 Feb 2025 13:39:39 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-307c13298eeso2628511fa.0 for <tls@ietf.org>; Tue, 18 Feb 2025 13:39:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20230601.gappssmtp.com; s=20230601; t=1739914777; x=1740519577; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=H0F+iL+wPvSQYwKJAVWFd9uHiSqhU2+NaTXJbDFiZGA=; b=bKvimOz7jJEnFUd6t99woTTbueFEqsZDl0M2Cs2sXsBl+onDvsn6fIBi1IkVIK5Irn WokMxLZMGIyqijYSoQhChRNN8/GforCcHfFxNF3Ccqg3PW4RXGtF1Fz0aqz6FxQfXjDq dIsxYx2dpADfF+a7coemDXNg49iiD1Pxf7ay78hYglk81mnh27DZg6vNgGkKnOVd8Xi+ jnw9PHIoS8XQsx0gGD/v9Zs4jHRkUA1x+yEszYpoGYeBXJJlhFrvHr6S+eR4uv/rpG6Y 6ciKWjilDm3rxqKdcgSt5Y82oY547RPSRAILWq7Aodlq2M0okvjy2HNDVcxpjlisvnJS K9DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739914777; x=1740519577; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=H0F+iL+wPvSQYwKJAVWFd9uHiSqhU2+NaTXJbDFiZGA=; b=rsiw/BoAnq1S6HCO7fE6bLWZOREfijXASThIiHJc1RJsLwAXDDSjJ3Awy1hqPhYQq+ z7Yd+ew7KMxvRm193T9uZ5LldG614mQkbTQj2LJrHfIuawwQ4fje6iB7eHX9JWxutIQF oTisKRx5PePHtpzvrsUnpVYmSqeaS7C6lI2WSh2nexyj0283zeEkdv3Q5SWiog+fsCpm 335YrR+NlRN09Mt8mFG4O/flVOvU4w3ApAMT1x27m9xpfK067fLd/y9cO956lWUE79ZP vOyfxndDqTt1meRBEf2p4LiEfLkw8EB6jbH7b3qjeDo/Ff5o6Xwb9w9MCEkKiKw4P2AM /z7Q==
X-Gm-Message-State: AOJu0YwKd84DReJuL3kpkmob++81x97TGeVspf3NZrwWpB3oVsTUoUrH 82UjcsjVG6QQDD3naoqkHzXwZaaP0OAilNV3NtSDjcEWyEEV74uZhEr1TjFdz/svKhuBFbD2AD4 cE2UafeGpyMo5E749FQPaOyYOpsWNIiLqK+wmmejOzG6afkpr6vQ=
X-Gm-Gg: ASbGnctlByr+5sdX4TcOzcY5qrO9ruZQjKK2lWecBbDI/3k6mImbFF8efumFhbdw7hc SdbbaCQ8tC44tlL9rXeyWoxhvob3kkplzpDq4hOnsN0NlQVSZ4Meq/vbp7I+FtLOj1CRssynF
X-Google-Smtp-Source: AGHT+IFvgbjj5h5nFBaBNk3m8r25gskrVuPG7bRMroa2kwilUifCmebHf7wOskvjwMJDQblto1lAbXQw5prfCnIsE40=
X-Received: by 2002:a05:651c:210a:b0:308:e9ae:b5b1 with SMTP id 38308e7fff4ca-30a4411a192mr6356891fa.9.1739914776089; Tue, 18 Feb 2025 13:39:36 -0800 (PST)
MIME-Version: 1.0
References: <CAOgPGoDHaHXAcpXjtzoA7U-T7B0LoqxSxXsbp7-Rq+gF3shj7Q@mail.gmail.com>
In-Reply-To: <CAOgPGoDHaHXAcpXjtzoA7U-T7B0LoqxSxXsbp7-Rq+gF3shj7Q@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
Date: Tue, 18 Feb 2025 13:39:24 -0800
X-Gm-Features: AWEUYZmq0F9148E_gQosXZ02mnm6ovzPi3A0qZhDdfGV56LHjWuyr9SNGHgDc6U
Message-ID: <CAOgPGoCjSu0_UUXnQtX0nYw1=ZapPKC8_4QAjfE=QyYZbvCf0w@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002b3f59062e717a82"
Message-ID-Hash: BNJI2LDSNW7BRZWI3QLPAGH25B5HSP64
X-Message-ID-Hash: BNJI2LDSNW7BRZWI3QLPAGH25B5HSP64
X-MailFrom: joe@salowey.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Adoption Call for Trust Anchor IDs
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ytuT0Ud7n93CM9DsgpJ1TE0BskE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

The adoption call for draft-beck-tls-trust-anchor-ids-03
<https://datatracker.ietf.org/doc/draft-beck-tls-trust-anchor-ids/> has
completed. The chairs judge that there is consensus to adopt this draft.
The consensus of the group was rough with people weighing in on both sides.
>From the discussion it's clear that the draft and approach will need more
work. Since this is an area the working group has expressed interest in,
the chairs believe that it is better for this development and discussion to
happen within the working group.  The adoption of this draft does not
preclude the adoption of other drafts based on other ideas in this area,
such as those discussed on the list. These additional drafts may influence
or even supersede the direction of this work. We hope for productive
discussion and collaboration within the working group.

Thanks,

Joe, Sean, and Deirdre

On Wed, Jan 15, 2025 at 7:59 AM Joseph Salowey <joe@salowey.net> wrote:

> At the trust tussle Interim in October we had consensus that the working
> group was interested in working on the following problem:
>
> “Avoid client trust conflicts by enabling servers to reliably and
> efficiently support clients with diverse trust anchor lists, particularly
> in larger PKIs where the existing certificate_authorities extension is not
> viable”
>
> After IETF 121, we asked for submissions for possible working group
> adoption as a starting point for this work. We received two submissions:
>
> [1] Trust Anchor Identifiers, draft-beck-tls-trust-anchor-ids-03
> <https://datatracker.ietf.org/doc/draft-beck-tls-trust-anchor-ids/>
>
> [2] Trust is non-negotiable, draft-jackson-tls-trust-is-nonnegotiable-00
> <https://datatracker.ietf.org/doc/draft-jackson-tls-trust-is-nonnegotiable/>
>
> [1] defines a new protocol mechanism, while [2] provides an explanation of
> why the mechanism in [1] may not be needed and may be problematic. Since
> the second draft does not define a protocol mechanism we are not
> considering it for adoption, but we request that working group members
> review both documents and use [2] as input into determining whether we
> should adopt [1] as a working group item.  Adoption as a working group item
> means the working group has change control over and can modify it as
> necessary; an adopted document is only a starting point.  Please respond to
> this thread if you think the document should be adopted as a working group
> item. If you think the document is not appropriate for adoption please
> indicate why.  This adoption call will close on February 7, 2025.  Also
> please remember to maintain professional behavior and keep the discussion
> focused on technical issues.
>
>
> Thanks,
>
>
> Sean, Deirdre and Joe
>
>

v2.29.0 | Report a Bug | By Email | System Status