IETF Logo Mail Archive

Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 24 June 2022 16:04 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 188B3C15D4AE; Fri, 24 Jun 2022 09:04:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.055
X-Spam-Level:
X-Spam-Status: No, score=-0.055 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MALFORMED_FREEMAIL=2.052, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPhsAXj9QPc1; Fri, 24 Jun 2022 09:04:35 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BBA3C15D49B; Fri, 24 Jun 2022 09:04:35 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id k15so3158403iok.5; Fri, 24 Jun 2022 09:04:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version:content-transfer-encoding; bh=F3lVV2RdRC9ftG07nE1axF3OgMVwwPz6Lp4XcxVY16g=; b=LKk2gZ10yGp9S8/MZ4W9gklASWObJ6JH9Of/+LxzulZNZg91Uy2DmuoxeZfyExZ/im uO7XX7VYuTkRDx3TwgPY5VBMIrBDpNYS9raFMT5f7HMQKP0a/JHFwpn/oOw64Xett5tL vOXiBm9TFrBqhmoElOMJiP+7YUo4SKR1iGPSNR3qH7gov4OAK7YeeKGQ1YZSsgPENOCw h3NjPl0vS6UAqTEXYEXq6C8k3Kp0srqkJzr0ZiNkWWi8rQXqsRLbz/nRqGV6t1u35AYm ollo+6pwWRDfo0DXnbn+tud3EsoKNHb/tk8HNFRh9aH50JKb/TypgV9twyVUiXZz3hTO bBPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=F3lVV2RdRC9ftG07nE1axF3OgMVwwPz6Lp4XcxVY16g=; b=ng8PHkiD9p2BGGQyyftKSkgmMiaqBS78v3wALsWXpXMATuJ0BPYi+YLAWTesvREgtn l2n30HEO9zYdsMtLyOy5l8X5TPZwqfDmbQ7E3X+FnrCt+be94YzY5Ss6ZuMGvbFDBw4c b5f+ZP8XIRv+PQiCWvnovAKmzajO2GC+K2tYvf1v4vKSnsKD0UCbCO96b8PGTXdOQkd3 59aa7x2fy20wa9vRI/NlVm5ykNEstZQ17Q0u1NhDg2BwULtdAqQvfkColS+9SzdQ9cPx oBUgg1ciDl3jEXi8Jmi1YkOkuaTSFziALl6us59JANLUc6YXLXk4vmwAtKtDU+7Wh8Ee cJJQ==
X-Gm-Message-State: AJIora/MLGK7lqEoAO9JWw0VAvYImc4tnEtbmUQIpTvLrKSd22JmDhaH njaD/5OzdjZDkgPDj3mlK75Ljnap9d8=
X-Google-Smtp-Source: AGRyM1uof3UMKz2dkKlUM4e5F2LdY4aa1nsLxxeYelLgLi8eSAAfBIarGuloFO3N0tXXGqEgyPrduA==
X-Received: by 2002:a05:6638:3802:b0:32e:3d9a:9817 with SMTP id i2-20020a056638380200b0032e3d9a9817mr9101807jav.206.1656086673615; Fri, 24 Jun 2022 09:04:33 -0700 (PDT)
Received: from [192.168.68.106] (IGLD-84-229-147-215.inter.net.il. [84.229.147.215]) by smtp.gmail.com with ESMTPSA id i83-20020a6bb856000000b0065a47e16f53sm1400168iof.37.2022.06.24.09.04.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Jun 2022 09:04:33 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.62.22061100
Date: Fri, 24 Jun 2022 19:04:28 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Valery Smyslov <valery@smyslov.net>, uta@ietf.org, draft-ietf-uta-rfc6125bis@ietf.org
CC: uta-chairs@ietf.org
Message-ID: <A7E6035E-7BCF-4BB3-BB87-D261ED98532D@gmail.com>
Thread-Topic: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <032e01d8878f$c2e8f630$48bae290$@smyslov.net>
In-Reply-To: <032e01d8878f$c2e8f630$48bae290$@smyslov.net>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/244nOnRZdoOEyp-4ML3YPWOdEvs>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2022 16:04:39 -0000

So here's a few comments. Thanks Valery for the reminder!

* The DTLS reference should change to DTLS 1.3.

* See Appendix A of [VERIFY]

* The rules are brief - it's not clear from the text if this is a summary of the totality of the new RFC, or just the changes from the previosu version.

* No definition is given for "FQDN" even though the name being an FQDN is a major component of the document's scope. Specifically, are enterprise hostnames (that are not on the public DNS) in scope? Are .local names?

* Similarly, it is not clear to me whether certs obtained through DANE are in or out of scope.

* And the same question for delegated credentials (draft-ietf-tls-subcerts).

* The Common Name RDN... can appear more than once in the subjectName. I'm probably missing something, but how is this different from multiple server names appearing in SAN when the certificate protects multiple services?

* XMPP backward compatibility: does the XmppAddr still need to be mentioned in -bis?

* the service provider SHOULD request [...] an SRV-ID or URI-ID that limits the deployment scope of the certificate to only the defined application service type. This is only somewhat accurate, because an HTTP client would happily accept the DNS-ID, no matter what other SRV-IDs are found there.

* Which identifier types a client includes in its list of reference identifiers, and their priority, is a matter of local policy - given the situation today, can we have a normative recommendation for clients to be strict in constructing their reference list? If we don't include such normative text, we're basically telling people to make the easier choice and build lenient clients.

Thanks,
	Yaron

On 6/24/22, 09:01, "Uta on behalf of Valery Smyslov" <uta-bounces@ietf.org on behalf of valery@smyslov.net> wrote:

    Hi,

    this is a reminder, that WGLC for draft-ietf-uta-rfc6125bis-06
    is still in progress and we received no single message 
    in response to the call. Please, consider reviewing the draft
    (possibly once again) and sending your opinion about its shape. 
    We hope people do care.

    Regards,
    Leif & Valery.

    > -----Original Message-----
    > From: Valery Smyslov [mailto:valery@smyslov.net]
    > Sent: Sunday, June 12, 2022 11:39 PM
    > To: uta@ietf.org; draft-ietf-uta-rfc6125bis@ietf.org
    > Cc: uta-chairs@ietf.org
    > Subject: WGLC for draft-ietf-uta-rfc6125bis-06
    > 
    > Hi,
    > 
    > this message starts a Working Group Last Call for
    > draft-ietf-uta-rfc6125bis-06:
    > https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/
    > 
    > The WGLC will last for two weeks and will end June the 27th.
    > Please send your comments to the list before this date.
    > 
    > Regards,
    > Leif & Valery.
    > 


    _______________________________________________
    Uta mailing list
    Uta@ietf.org
    https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email