Re: [Trans] path validation

Melinda Shore <melinda.shore@gmail.com> Mon, 29 September 2014 20:34 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D507A1ACAD8 for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 13:34:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xPrKGQ7GjPf for <trans@ietfa.amsl.com>; Mon, 29 Sep 2014 13:34:23 -0700 (PDT)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E1AD1A9252 for <trans@ietf.org>; Mon, 29 Sep 2014 13:34:23 -0700 (PDT)
Received: by mail-pa0-f45.google.com with SMTP id rd3so8658529pab.4 for <trans@ietf.org>; Mon, 29 Sep 2014 13:34:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=Ml15oyXgQjqWlfNAJRqLLDcxZwB9ILg249JSCjCV3Ek=; b=eqIEq8YAqLOj9JQvaI8kGb5jULLGRnptAEYz0G2BekO+2bhzOO9u2UZOXT3GFN8pEW K95gk8R2prC2+PmMHToSCYu4FGPgw6vdLub+uBmJ+dRbKLwOGOVKydrPboZnak9rnpw6 0YK4I354gBq0SP268HV/iyZXtfY8rZk2NW0HPnAFd1HE66dC5LJ7VKEMEJpTnzxR5ebK GsOPKeiRwL+uwb1pzHgvAy5FZZ1LAvw0ycWcpfcRn0/n2fS2E3Qm9O6Gg064Zh1vaqvm KwQdmBPJpDM48SVnm6lkzAhxQnx75xUYReu6FxRUGSWJaRJKLx2itBoQY40im85z6QNS 2Dpw==
X-Received: by 10.70.95.229 with SMTP id dn5mr11733855pdb.4.1412022862706; Mon, 29 Sep 2014 13:34:22 -0700 (PDT)
Received: from spandex.local (209-112-214-211-rb1.nwc.dsl.dynamic.acsalaska.net. [209.112.214.211]) by mx.google.com with ESMTPSA id nb4sm13135547pdb.73.2014.09.29.13.34.21 for <trans@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 29 Sep 2014 13:34:22 -0700 (PDT)
Message-ID: <5429C24B.1050002@gmail.com>
Date: Mon, 29 Sep 2014 12:34:19 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: trans@ietf.org
References: <54296FB2.1060109@bbn.com> <4262AC0DB9856847A2D00EF817E81139233695@scygexch10.cygnacom.com> <544B0DD62A64C1448B2DA253C011414607D1629838@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <4262AC0DB9856847A2D00EF817E8113923370C@scygexch10.cygnacom.com> <544B0DD62A64C1448B2DA253C011414607D162989C@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
In-Reply-To: <544B0DD62A64C1448B2DA253C011414607D162989C@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/ZqwWwOn6xVKm731fw-lEzipOmT4
Subject: Re: [Trans] path validation
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Sep 2014 20:34:25 -0000

On 9/29/14 11:26 AM, Rick Andrews wrote:
> The CABF Baseline Requirements don't require the intermediate to be
> technically constrained, and most are not. The language about
> technical constraints is there to address Mozilla's CA policy
> (https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/inclusion/)
> which waives the audit and disclosure requirements for intermediates
> ("subordinates" in Mozilla's language) that are technically
> constrained.

We've received a reminder from our friendly area director not
to introduce any normative dependencies on CAB Forum documents
or processes, as well as a query about how much x.509 processing
should be specified, as well.

Melinda