[Uta] Requesting adoption of draft-rsalz-use-san
"Salz, Rich" <rsalz@akamai.com> Sat, 13 March 2021 23:32 UTC
Return-Path: <rsalz@akamai.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D3DD3A125E for <uta@ietfa.amsl.com>; Sat, 13 Mar 2021 15:32:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.345
X-Spam-Level:
X-Spam-Status: No, score=-2.345 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YckwJIWnE1nr for <uta@ietfa.amsl.com>; Sat, 13 Mar 2021 15:32:00 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2149B3A125F for <uta@ietf.org>; Sat, 13 Mar 2021 15:32:00 -0800 (PST)
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12DNP2uG023998 for <uta@ietf.org>; Sat, 13 Mar 2021 23:31:58 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : mime-version; s=jan2016.eng; bh=kbr2D1yeZfIfjeOxvfHLdIMlaeXqdqLKNkFkWZD3eM0=; b=N2RD3cWNGmp6zqN9TrVFT5sv/R+SuOHgZ542+CATo0mdBt+CHHwMz56dRMRrsBE/nI+P SiR7d9+siSBhaiZdYSwJxWCP/gF2fS96IWzzXdd3xI5NbDIsq8k6/WaxAQQ+7qlvUgp+ NUfubpU3tZ/Tl6HNJ07kUhmhKEOAx5D9sKtZrdBhdPKBIrBfv4aZVOwB7LwI2gYrZvuF LYtMXo4Z3014ES/h6cJDIzEkQImxQffo633Bqmfv2rUyobOFMoAnhpuizYuNZPnpDYHf jhaAAP4m/b6LXfRFpAeuZOhwdC2ofSNnqXzApBnN1sMzDJNpkyr+xRerAjCj6SA6I4d6 fg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 378pserryb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <uta@ietf.org>; Sat, 13 Mar 2021 23:31:58 +0000
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.43/8.16.0.43) with SMTP id 12DNLAJt008168 for <uta@ietf.org>; Sat, 13 Mar 2021 18:31:57 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint1.akamai.com with ESMTP id 378sm3hdhs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <uta@ietf.org>; Sat, 13 Mar 2021 18:31:56 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 13 Mar 2021 18:31:56 -0500
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1497.012; Sat, 13 Mar 2021 18:31:56 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: "uta@ietf.org" <uta@ietf.org>
Thread-Topic: Requesting adoption of draft-rsalz-use-san
Thread-Index: AQHXGGENbj9kE7EJh0SwSC243aNBEA==
Date: Sat, 13 Mar 2021 23:31:55 +0000
Message-ID: <A9DE058E-D0BB-4F1B-8EED-093BBCF6E446@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21030701
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_A9DE058ED0BB4F1B8EED093BBCF6E446akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-13_11:2021-03-12, 2021-03-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 spamscore=0 suspectscore=0 phishscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103130182
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-13_11:2021-03-12, 2021-03-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 clxscore=1011 suspectscore=0 phishscore=0 mlxlogscore=986 malwarescore=0 spamscore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 adultscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103130183
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 184.51.33.18) smtp.mailfrom=rsalz@akamai.com smtp.helo=prod-mail-ppoint1
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/5n5ZtmJyP9VzXOI77wLe7SqYDlQ>
Subject: [Uta] Requesting adoption of draft-rsalz-use-san
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Mar 2021 23:32:04 -0000
I presented this at SECDISPATCH, which said “get thee to UTA” The draft is short, five pages, and updates RFC 6125 as described below. 6125 was AD sponsored. The draft below addresses some feedback given during the SECDISPATCH session. Name: draft-rsalz-use-san Revision: 01 Title: Update to Verifying TLS Server Identities with X.509 Certificates Document date: 2021-03-13 Group: Individual Submission Pages: 5 URL: https://www.ietf.org/archive/id/draft-rsalz-use-san-01.txt Status: https:/datatracker.ietf.org/doc/draft-rsalz-use-san/ Html: https://www.ietf.org/archive/id/draft-rsalz-use-san-01.html Htmlized: https://tools.ietf.org/html/draft-rsalz-use-san-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-rsalz-use-san-01 Abstract: In the decade since [RFC6125] was published, the subjectAlternativeName extension (SAN), as defined in [RFC5280] has become ubiquitous. This document updates [RFC6125] to specify that the fall-back techniques of using the commonName attribute to identify the service must not be used. This document also places some limitations on the use of wildcards in SAN fields. The original context of [RFC6125], using X.509 certificates for server identity with Transport Layer Security (TLS), is not changed.
- [Uta] Requesting adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Requesting adoption of draft-rsalz-use-… Dmitry Belyavsky
- Re: [Uta] Requesting adoption of draft-rsalz-use-… John Mattsson