Re: [Trans] Murray Kucherawy's Discuss on draft-ietf-trans-rfc6962-bis-36: (with DISCUSS)
"Salz, Rich" <rsalz@akamai.com> Fri, 14 May 2021 15:31 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 809383A3695; Fri, 14 May 2021 08:31:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bnp9yvC54NHa; Fri, 14 May 2021 08:31:35 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 202793A3692; Fri, 14 May 2021 08:31:34 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14EFTFIT004613; Fri, 14 May 2021 16:31:31 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=OlUCJTdbkcX17Q+C/YzVjGlCURUOP90KwP69PYF+B58=; b=SAQOx1jSaqUvZHe3PmY+cn0emC75VUtalmDWR4RwiotUWJgH1Mx7dhI7niJgSohaKwqA O/ZK2Z1ELf42hwgguermtC4LG1yZ7mtOONNZiYxIENBC9Fa3UbnmQQuDRkmYkNG9pWny F+6NJeaksrOnpI4ZDf8EKWkxYftlRyGmFU53geqEFxzzV+iQlClWy0MgCE1MF/n8F01B rQGrgc+Pzbptwgot9CeiVGrhURwk8nB1fR1svdlvvVJtnJ5nmwQGPONdr3LCkPPpccyg AYLBhJlOdCj1xokYSaX+pFKf8SxY33rIr0xzRxRXg/+7rr82RpNpIsn03RPf8Z4e6qZu ZQ==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 38hnd27cq6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 14 May 2021 16:31:31 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.1.2/8.16.1.2) with SMTP id 14EFJsoo029900; Fri, 14 May 2021 11:31:30 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.32]) by prod-mail-ppoint1.akamai.com with ESMTP id 38gpn04ntx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 14 May 2021 11:31:30 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 14 May 2021 11:31:30 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.012; Fri, 14 May 2021 11:31:29 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: "David A. Cooper" <david.cooper=40nist.gov@dmarc.ietf.org>, "trans@ietf.org" <trans@ietf.org>
Thread-Topic: [Trans] Murray Kucherawy's Discuss on draft-ietf-trans-rfc6962-bis-36: (with DISCUSS)
Thread-Index: AQHXSMhjrT94qdfOpUCpuiLlMr+N0KrjGtqA
Date: Fri, 14 May 2021 15:31:29 +0000
Message-ID: <6FA09B51-45C3-497E-BC9F-A2C128F17B2C@akamai.com>
References: <62a613c5-3cc3-e7fa-506d-d4875e88e546@nist.gov>
In-Reply-To: <62a613c5-3cc3-e7fa-506d-d4875e88e546@nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050201
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_6FA09B5145C3497EBC9FA2C128F17B2Cakamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-14_06:2021-05-12, 2021-05-14 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 mlxlogscore=986 suspectscore=0 bulkscore=0 adultscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105140122
X-Proofpoint-GUID: FQVWB81RjA18hLSe6qTunIlLkdTb2Mjf
X-Proofpoint-ORIG-GUID: FQVWB81RjA18hLSe6qTunIlLkdTb2Mjf
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-14_06:2021-05-12, 2021-05-14 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=914 bulkscore=0 clxscore=1011 impostorscore=0 priorityscore=1501 spamscore=0 suspectscore=0 mlxscore=0 adultscore=0 phishscore=0 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105140123
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.18) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint1
Archived-At: <https://mailarchive.ietf.org/arch/msg/trans/ZAq8J5nh1Jci-txXGZTjC3zEYkA>
Subject: Re: [Trans] Murray Kucherawy's Discuss on draft-ietf-trans-rfc6962-bis-36: (with DISCUSS)
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 May 2021 15:31:40 -0000
* I suppose an algorithm could be added to the TLS SignatureScheme registry even if it did have one, two, or three hundred KB public keys and so was unlikely to ever be used for TLS. However, I just wanted to raise a potential issue with limiting Certificate Transparency to only using signature schemes approved for use with TLS. This is a reasonable point to consider, but as the WG has been in “get this draft published and then close” for a few years now, it’s probably too late.
- [Trans] Murray Kucherawy's Discuss on draft-ietf-… Murray Kucherawy via Datatracker
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Salz, Rich
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Murray S. Kucherawy
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Salz, Rich
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Murray S. Kucherawy
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… David A. Cooper
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Salz, Rich
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Paul Wouters
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Salz, Rich
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Salz, Rich
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Rob Stradling
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Paul Wouters
- Re: [Trans] Murray Kucherawy's Discuss on draft-i… Salz, Rich