[Trans] draft-ietf-trans-rfc6962-bis-31
Rashmi Jha <rashmij@microsoft.com> Wed, 19 June 2019 22:15 UTC
Return-Path: <rashmij@microsoft.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D99A112029F; Wed, 19 Jun 2019 15:15:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPrKhYfR_lZY; Wed, 19 Jun 2019 15:15:35 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700126.outbound.protection.outlook.com [40.107.70.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87E49120052; Wed, 19 Jun 2019 15:15:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=UJrtisI0IDGvf6t5mL3uirTw+jFILKgppWzk6clBr3NjySiygPr5cgr7aQsMI4n2QHIG+qAB/ybujbtWOJPlHokkUwrFYglVK1fRPTpII9p3k0zB3gFUUK8djODVcBY3LqdfK+zcNi1pXdNnfDhFjiDDKp/cNyD/KwEeeHVyBdM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B6Rq0Trw0O35BZH5CjmARqz8TEFBNOgJRgCiHhAq9DY=; b=KwExpXH3YNJq/eTJtit139LFsNpFYxwb+c2lCaequVVNKcFVZHxeGUgng2T/4fi8NUUgpGAg+2mof+Jo7WsdDIkpBO5x52vBUsTy/RWqKJXd6EuWmV/3qhVd0ufKMZIynGjrXACFGRJ8+ci/1q4iATYSD8IcBE6luAUFn+mWGPQ=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none;dkim=none;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B6Rq0Trw0O35BZH5CjmARqz8TEFBNOgJRgCiHhAq9DY=; b=BB2t2qUXnwCfIiNuLkJx1VxR4dvybbXl1WyXVUQccOhBwdyV4CMgQv1n04/+aZ2H5DuYVRvryC+qW3h0U03VbuPl9hezXWK41QLSY3Kw5iSK0NiZam3k7WB2ge3L/ZgJaKgJKxSFQraKKAWx0cuGe6NQ5cHFtdshRxGQ1ISpZtI=
Received: from MWHPR21MB0846.namprd21.prod.outlook.com (2603:10b6:300:77::12) by MWHPR21MB0288.namprd21.prod.outlook.com (2603:10b6:300:7a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2008.4; Wed, 19 Jun 2019 22:15:34 +0000
Received: from MWHPR21MB0846.namprd21.prod.outlook.com ([fe80::7494:1d1:dd28:75fc]) by MWHPR21MB0846.namprd21.prod.outlook.com ([fe80::7494:1d1:dd28:75fc%3]) with mapi id 15.20.2008.007; Wed, 19 Jun 2019 22:15:34 +0000
From: Rashmi Jha <rashmij@microsoft.com>
To: "trans@ietf.org" <trans@ietf.org>
CC: "draft-ietf-trans-rfc6962-bis@ietf.org" <draft-ietf-trans-rfc6962-bis@ietf.org>, "benl@google.com" <benl@google.com>, "agl@google.com" <agl@google.com>, "ekasper@google.com" <ekasper@google.com>, "rob@sectigo.com" <rob@sectigo.com>
Thread-Topic: draft-ietf-trans-rfc6962-bis-31
Thread-Index: AdUm63nX6SEEUQM9QPCVcL3rkFMn6w==
Importance: high
X-Priority: 1
Date: Wed, 19 Jun 2019 22:15:33 +0000
Message-ID: <MWHPR21MB0846D2C92633AE28A7B012EAA7E50@MWHPR21MB0846.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=rashmij@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-06-19T22:15:32.0885132Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=af73b2cf-e319-4fda-b462-a1b48dd78ee0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rashmij@microsoft.com;
x-originating-ip: [167.220.104.235]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7289d131-d16b-4233-1b21-08d6f503a620
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MWHPR21MB0288;
x-ms-traffictypediagnostic: MWHPR21MB0288:
x-ms-exchange-purlcount: 2
x-o365-sonar-daas-pilot: True
x-microsoft-antispam-prvs: <MWHPR21MB02888759445E7995EDD39366A7E50@MWHPR21MB0288.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0073BFEF03
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(376002)(346002)(396003)(39860400002)(189003)(199004)(2906002)(6506007)(8990500004)(4326008)(316002)(4744005)(6916009)(5660300002)(33656002)(53936002)(256004)(81686011)(26005)(102836004)(8936002)(7736002)(2501003)(14454004)(186003)(3846002)(52396003)(6116002)(10090500001)(99286004)(86362001)(54906003)(478600001)(68736007)(74316002)(14444005)(76116006)(73956011)(8676002)(66946007)(52536014)(790700001)(64756008)(10290500003)(22452003)(66446008)(66476007)(66066001)(66556008)(236005)(5640700003)(55016002)(71190400001)(6306002)(54896002)(6436002)(476003)(7696005)(2351001)(25786009)(1730700003)(71200400001)(486006)(81156014)(9686003)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0288; H:MWHPR21MB0846.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: SuXOYbUfw0a+ftSYRDMQO2AtZvJ0nFaS8YFC/URwTTH3GuQfim2zzF9+X9vL241ypNZPtTjMNJa0U6j/WudzvbaNP66b37l3AsEOzazHiSHOqpcikHovIMyKVd4WB1UWMmQOGaEaEnriT65qA7NgKuM4T05D26n3ATzKfF2lU3nvize4Ty5OPvJvE7sdZYtwrptl9qRQOSi3VEFy3j7hacwtmVuslAI/kwHQEiSjmLUt/TszCFem8DUco6RSdqBos1tIGB9AZt0UXU3mJJfS4Elxxlt5Zfl4KF5IKvfn9UFskaPZ/TTq22w2yRmK736p2JCx5HtOLGe9dbt7so7SVLFoacTB/4UEoke+AHr3R1oz8URGbFO6oM8QIpZri6XdixjcapLuYomDbG7Kn0caF0kjzkuFeGIhqrTrnOpPpgA=
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB0846D2C92633AE28A7B012EAA7E50MWHPR21MB0846namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7289d131-d16b-4233-1b21-08d6f503a620
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2019 22:15:33.9143 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rashmij@microsoft.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0288
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/gUNquqjqMxCBzGlEv511ytnkg20>
Subject: [Trans] draft-ietf-trans-rfc6962-bis-31
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2019 22:15:38 -0000
Have you looked into the options of not requiring CT for CAs which are constrained to a brief list of domains ? I understand this was considered in the past but couldn't find details why this was not accepted. Named constraint by default provide the assurance as to what domains they will issue. CT becomes an additional network call in in issuance of certificate which can be prevented. Opinions ? Could you assist to forward it to the right email aliases if this isn't one? Thanks, Rashmi Jha. Azure Security Program Manager Microsoft Corporation rashmij@microsoft.com<mailto:rashmij@microsoft.com>
- [Trans] draft-ietf-trans-rfc6962-bis-31 Rashmi Jha
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Paul Wouters
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Eran Messeri
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Rashmi Jha
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Watson Ladd
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Rashmi Jha
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Paul Wouters
- Re: [Trans] draft-ietf-trans-rfc6962-bis-31 Paul Wouters