Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
"Rob Wilton (rwilton)" <rwilton@cisco.com> Wed, 20 July 2022 16:40 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78B86C14F725; Wed, 20 Jul 2022 09:40:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.909
X-Spam-Level:
X-Spam-Status: No, score=-11.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=kCSJ2akK; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=oUwKxSvd
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KtMfR-odh2PT; Wed, 20 Jul 2022 09:40:01 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4767EC14F721; Wed, 20 Jul 2022 09:40:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4652; q=dns/txt; s=iport; t=1658335201; x=1659544801; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6Vsi7L4mDjSaqu/CxJYpxW8cmpkOY5WrqtIG6N7DGjo=; b=kCSJ2akKqLRWvmiFHhSdahW4dEc9sO6Omn0x7YXJY+sQf8m3JbT01KqQ K44hVkTxXVMvQU2Z+PcRZ2esEDgbQgGjbsCwI/WwASE2hNMkJUdSGfDw/ E4KXDdbaKrInwjrOx2DjFV3eZGoYCa/VkULytJE6NQutumI8QQhXBgdwJ o=;
X-IPAS-Result: A0AYAACwLthimIoNJK1aHQEBAQEJARIBBQUBQIE7CAELAYFRUn8CWTpFhE6DTAOEUV+FC4MCA5tMgSyBJQNUCwEBAQ0BATcLBAEBgVKDNAIWhFUCJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAQkUBwYMBQ4QJ4VoDYZCAQEBAQMSEREMAQE3AQsEAgEIEQQBAQECAiYCAgIwFQgIAgQBDQUIGoJbAYJlAzADAQ+eSQGBPwKKH3qBMYEBgggBAQYEBIE3ARZAgwIYgjgDBoERLAGDF4RAgxSEIiccgUlEgRVDgmc+gmICgWKDVDeCLpwDHDgDRy8SgR9sAQgEBgcKBS4GAgwYFAQCExJTFgISFBkOURcMDwMSAw8BBwIJEAgSJQgDAgMIAwIDGwsCAxYJDgMdCAoYEhASAgQRGgsIAxY/CQIEDgNACA4DEQQDDxgJEggQBAYDMgwlCwMFDwwBBgMGBQUBAxsDFAMFJAcDHw8jDQ0EGwcdAwMFJQMCAhsHAgIDAgYVBgICTjkIBAgEKyMPBQIHLwUELwIeBAUGEQgCFgIGBAUCBAQWAhAIAggnFwcTMxkBBVkQCSEcDhoKBgUGFQMhbwVFDygyATY8LB8bCoEVKisWAwQEAwIGGgMDIgIQLjEDFQYpExQtCSp9CQIDInADAwQsLwUEGQEbnUkGYmAKBCgbEIEYQlILBpJbg02pe4ExCoNRiyKVEhWDdpMmkUuWeSCNE5lvAgQCBAUCDgEBBoFhghVwFYMjURkPjiAHEh6DO4pedTsCBgsBAQMJjwYBAQ
IronPort-PHdr: A9a23:+mIqRBx4Z/HC8/nXCzPZngc9DxPP8534PQ8Qv5wgjb8GMqGu5I/rM 0GX4/JxxETIUoPW57Mh6aLWvqnsVHZG7cOHt3YPI5BJXgUO3MMRmQFoCcWZCEr9efjtaSFyH MlLWFJ/uX+hNk0AE8flbFqUqXq3vlYv
IronPort-Data: A9a23:YEJq8Kw1qmjTJ9O61t16t+fZxirEfRIJ4+MujC+fZmUNrF6WrkVUy msbCGiBM/iKYTOged0gbY/n9hxSvJ/dmNBnHAY6pVhgHilAwSbn6Xt1DatR0we6dJCroJdPt p1GAjX4BJloCCea/H9BC5C5xZVG/fngqoHUVaiVYEideSc+EH170U05w7Zg6mJVqYHR7z2l6 IuaT/L3YDdJ6xYsWo7Dw/vewP/HlK2aVAIw5jTSV9gS1LPtvyV94KYkGE2EByCQrr+4sQKNb 72rILmRpgs19vq2Yz+vuu6TnkYiGtY+MeUS45Zbc/DKv/RMmsA9+pwHbqs9eVVxsgeyh+lu5 fB39rHucxh8a8UgmMxFO/VZOyh6OasD87jdLD3i98eS1EbBNXDrxp2CDmlvYtZeobgxWDoIr KdIQNwORkjra+ae2q26TvVrgOwoLdLgO8UUvXQIITTxXad8H8CaHfqRjTNe9AhopNt0HdiBX vg+SShLTQTcfSNtI25CXfrSm8/x1iWgLFW0smm9oac27Wr71xF33aSrK9e9UsGWTO1Uk1qW4 GXc8AzRHw0TcdefwDuf6Vqti/PB2yThV+o6GKex+OIvgVCPyCkOFBRTT1Ww/qTj10S/QPpeJ lAavC00osAa9UGwQfH8UgG25nmesXY0QMZIHvE38imW1rLZ/wuDQGkBJgOtc/QvsMswADctz FLMwpXiBCdkt/ueTnf1GqqoQS2aAxRPfE4Sdwk9fzAd2sbOhbtwo0z1UYM2eEKqteHdFTb1y jGMiSExgbQPkMIGv5lXG3ia3VpAQbCUEGYIChXrsnGNtVggPdH7D2C8wR2Ks6gffd/xokyp5 iBspiSI0AwZ4XhhfgSkROEAGtlFDN7abWWF2jaD83TdnglBFlaqeYRWpTp5Pkosb4APeCTiZ wnYvgY5CH5v0JmCMPAfj2GZUplCIU3c+TLNDau8gj1mOcQZSeN/1HsyDXN8Jki0+KTWrYkxO I2AbeGnBmsABKJswVKeHrlAgeV2m3xlnjqOHfgXKihLN5LDNRZ5rp9YbzOzghwRsMtoXS2Mq Y8EbpvWo/mheLSmM3i/HXEvwaAidChnWs+eRz1/fe+YKQ0uA3A6F/LU2tscl39NwcxoehPz1 ijlACdwkQOn7VWecFniQi0zOdvHAMckxVpmbHNEFQjzgRALP93whJrzgrNqJ9HLAsQ5k64tJ xTEEu3daslypsPvoGpHM8Gh89Y8KHxGR2umZkKYXdT2RLY4LyShxzMuVlGHGPUmZsZvifYDn g==
IronPort-HdrOrdr: A9a23:tjBQH6CXgpXZA3/lHegYsceALOsnbusQ8zAXPh9KJyC9I/b2qy nxppgmPEfP+UossHFJo6HlBEDyewKiyXcT2/hcAV7CZniqhILMFuBfBOTZskXd8kHFh4xgPO JbAtVD4b7LfBdHZKTBkXKF+r8bqbHtms3J9ITjJjVWPHtXgspbnmBE43OgYzRLrX59dPwE/f Snl696jgvlXU5SQtWwB3EDUeSGjcbMjojabRkPAANiwBWSjBuzgYSKXSSw71M7aXdi0L0i+W /Kn0jS/aO4qcy2zRfayiv684lWot380dFObfb8y/T9aw+cyjpAVr4RGYFqjwpF5d1HL2xa1O Ukli1QfPibLUmhOV1d7yGdnTUImwxelUMKgWXo8EcL5/aJHQ7Tz6F69Nlkmtyz0Tt5gDg06t M640uJ85VQFh/OhyL7+pzBUAxrjFO9pT44nfcUlGE3a/pXVFZ9l/1owKpuKuZIIAvqrIQ8VO V+BsDV4/hbNVuccnDCp2FqhNihRG46EBuKSlUL/pX96UkdoFlpi08DgMAPlHYJ85wwD5FC+u TfK6xt0LVDVNUfY65xDPoIBcG3FmvOSxTRN3/6GyWtKIgXf3bW75Ln6rQ84++nPJQO0ZspgZ zEFEhVsGYjEniefvFmHKc7hiwlbF/NLwgFkPsulKSRkoeMMYbWDQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.92,286,1650931200"; d="scan'208";a="892681673"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 20 Jul 2022 16:40:00 +0000
Received: from mail.cisco.com (xfe-rtp-002.cisco.com [64.101.210.232]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 26KGdxbT025366 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Wed, 20 Jul 2022 16:40:00 GMT
Received: from xfe-rcd-003.cisco.com (173.37.227.251) by xfe-rtp-002.cisco.com (64.101.210.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Wed, 20 Jul 2022 12:39:58 -0400
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-003.cisco.com (173.37.227.251) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Wed, 20 Jul 2022 11:39:58 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i2WIzGhTnU+wQRIKcAVIzBjgNlyIw0fbUGWsXKiG2CAcYF6vbHK74q04DZcHhAYlXwSSFXBCZQZbV3fMwAv9HNCziM/4Q7YROxHBfcd7XnjOAqFo3O9ye82+I1oTYk6m0wIgFbk6H6AEpAdAzMou6PxzvJlTBdEc18dpt7ZwzSviEvr5TMd+IxbwWmq1LeIMTJaQiyQqTHIH8nq4Pr8lfirWEk1a819roct6WTWk8QwAjJu3C+UcXGYq6JP97ZwUNtoXaiHxCv1sykijx7gcAKR4UBuTWWC0ihh1ozlKSb57duLLpQ106XbhD8p0svI0Ke7/arh/WmHnuhVEU687vA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6Vsi7L4mDjSaqu/CxJYpxW8cmpkOY5WrqtIG6N7DGjo=; b=MQmlw4chewHSCKLk5F1hjAI7o7anGNcoOL/uw2Og9UyD2b0b+4Ln11JST7XUf3wEyBBz4BHcRwdJO3ahhLT9Ob+izz74GKpwtJloPlPDQ567CCjEpZvBolLNikx67cVIMtWikZ3u28ENd1rfbOZNZxHgrBGBkzwHFtIut/DuSlQSEAMr+h40tpnbsGsb1Im20Hh4IQusG0+O9PQQlc47UrmA2wCPHqnHakXrehVJ8QQc0TG00cmpcP5VdD5F0cD6MVOu75qIIrN5DWxTjXi8p8ay/nxlbUD6KUEL9txLPP50Y/qLFndfblfxArtMxfKfTPGpeWj9XRnGzS+AcZKcpA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6Vsi7L4mDjSaqu/CxJYpxW8cmpkOY5WrqtIG6N7DGjo=; b=oUwKxSvdXJzfRRrJFQiHHieJzTJvGOBkq+2NbynGRtXctgjP4R9jOsjzZ3Bx/FSQSrEJmfOHlqIl1fkxMY1Z23zXJhzm7yEam3AyI6+Ph6UwSyIJmTuQIRltKo/8XDq6TAfKmdHwbweswT0AADT6r7ouHtdfvcTV12mRZP+ZQic=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by BYAPR11MB2679.namprd11.prod.outlook.com (2603:10b6:a02:c7::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.14; Wed, 20 Jul 2022 16:39:56 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::e0e7:b17a:c19c:20e4]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::e0e7:b17a:c19c:20e4%4]) with mapi id 15.20.5458.018; Wed, 20 Jul 2022 16:39:56 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, The IESG <iesg@ietf.org>
CC: "draft-ietf-uta-rfc7525bis@ietf.org" <draft-ietf-uta-rfc7525bis@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "leifj@sunet.se" <leifj@sunet.se>
Thread-Topic: Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
Thread-Index: AQHYl2Vbtb6/MYgEPkeJX2Vy4Jo9ca1999cAgAZ4hgCAAPfT4IAAWHAAgAAJZACAABRjAIAACQdAgAAHhQCAAAWeAIABiyLQ
Date: Wed, 20 Jul 2022 16:39:56 +0000
Message-ID: <BY5PR11MB4196CC41A9757B22F7E33BEFB58E9@BY5PR11MB4196.namprd11.prod.outlook.com>
References: <165779144446.10023.16857085823147739769@ietfa.amsl.com> <799e5773-9fa4-b06a-38d1-138c43c5cfd9@stpeter.im> <73b662b2-5aba-0b32-12cd-80ffa5cd1fd5@stpeter.im> <MN2PR11MB42073D7A0863D0C3B0100479B58F9@MN2PR11MB4207.namprd11.prod.outlook.com> <7209f5c7-c94b-90e8-c389-db541dce0513@stpeter.im> <BY5PR11MB419644778D6884C0B22F56CDB58F9@BY5PR11MB4196.namprd11.prod.outlook.com> <6c2da094-3f7b-bbbc-df4d-c21a8c2ad168@stpeter.im> <BY5PR11MB419659962F8E4630D709E00AB58F9@BY5PR11MB4196.namprd11.prod.outlook.com> <6bda19c2-edf7-80ac-c0a1-964e892ee464@stpeter.im> <f4ee190b-5cf1-a1f2-ea1e-8e56a442b7a7@stpeter.im>
In-Reply-To: <f4ee190b-5cf1-a1f2-ea1e-8e56a442b7a7@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9531b660-10a1-4f9c-06e4-08da6a6e7acd
x-ms-traffictypediagnostic: BYAPR11MB2679:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gDsJfIovIR9WKTUZuziWkL2PVAxHgCzjVszSaMGQyUEEkUSwngMBSupzeGlWVLRe2o8F07BUQoOVGeB58p8n5zlmJaLvx2kmDfZTei1iNLhhAX5y0X8hNCeeOnsNtrhjVdcL7P6kuIZIcyEqWZZt7jgANSHZa+wwLfnKLliPMS8C1URfabaYdiWVCgz8gu0U+7H7UYgtLAIMrwJ8yBaAywSFgiZnJL/pNeKQB+KtEiP79ALcjBYWsgaY8UhiJ2/3bNBQSAoQdrntgTqPBxobo15kbuD7+WRwUiTAnNt4lVsXyFIkMAnF+VvBqnLOkLkOWKzdjJh9hQpwEeCASlNgFvhCWTlgPyZ5FWOjOoeoyL/DMzvgvUvchDbYwkgCF2jPXNy3ImBDB1PJNK4APFsrjuS+D2niCmXwscMIldl2/K4WwMUm/0QJhSlmw4ntuc6s02slJbYYrw8r3hBzlpU1iX+P8WvbDuvn7XUNwgZf6qpIr9wHTYZYvxetE/Fa71STgMeMNmXpAvoKH3LEZwqqFZDwPDk/giHjeO4vv/DBVenMRLPFaj4ZX+bmJ32omJoqhSRJk8SzPMpsdAdGPNFySlmhKN94Rr7tXL1jvPvOXHYuNK14pdNdV4ft022Y1lRQi4xdOZT89u0j+q+V1kTb6rB1ZSKU1u3iTdxrJffx+sEztiojRTSg+07L+VJsLB9yU+22r3hQmZRRAWG7EICOOuaApU8ddu+OC3k242CV5KqZ6ILQpV9eoT8nWX07TheXokRP9noLxlvp8fvhnOX6PKU91jUi1rfrhc+arjMiR0stk/3gdEI5BWFkMXoD99pq2qQaTMaOA8B7N9NeGXGAKA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(346002)(376002)(366004)(396003)(39860400002)(83380400001)(66556008)(9686003)(38100700002)(38070700005)(5660300002)(8936002)(122000001)(86362001)(55016003)(186003)(2906002)(6506007)(66476007)(478600001)(64756008)(53546011)(7696005)(66446008)(52536014)(966005)(71200400001)(41300700001)(66946007)(4326008)(54906003)(316002)(76116006)(110136005)(8676002)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: gonOpp45XOsvzBZgWuTKMl3J9F2IycWHLlfaKudzBaQuhpDRpYSoyEH9OsVxg3khSe+L58uyt2Q04JbVqDriNbBgyJIA82ChXG3RV6epb+vVFjf+iwHXYDbL0JZqZkJCORbJ+LJjTscgbA5BJXdWkEKd2pGse/B5LHKvUfJGdyYd7j4tqf1kqOXJ6kZbW4qilA55uNNPt4vbkDifiuaf0TeaGPqZyWNoSSM0L1RZwv+z7pPwGWjm4m+7taukJ96DInpOVd9GMEUV7u9XB4n+rC25Lo1c2RVXYNhf7fOTxM757X8Kv2gpoie3bAC5ruNOeVTPsp7m+XDVKwTUs/luSI0LjJ50eRIZJ4h1m8bNxFUoCWvUnSEZ5kEVg6ZJVVV5M/NIYOXjyYC+aEkr/CPDfQDSPsJWYe4lJSf6J0/Eo/59P93PZKhsfS4LKobvNQo3g8OVtJBsC48yAgaeRxOtUOlfErkbY3sqtSWkelLY57Ir3im2GCpfhjoSOgt5X/sQElHAdELtU5zNDu7pX2AZRSMOGYjAyWkWXP2NWiDImZa3y2SXM95hKmnpFM+yirDu2oVZmGI24FbPKKPJVXZxv+Hp2vWqCsJXWVgylolzdb1BIi3Qbe7uywefHgAROimld7b8mVkLtsISiMRh0TsPcb+gxf+PfLndx5wqJP7/CUbTgLrtPfmCbkwp/olEHuPHaJl6O14aJZHpZV7/WypGU+8APmCDGGecfvWUfaeI6b6LaQpc2NkEebSHW3gNX8TOSekYcwI1Mnr/yVBemE+OeCXcY5KbQOIZxYRVtji772osyPyd+UPLUS6TIoxp5T5ES23ikSufYDGMK/Rb8eyEUP/suyui6Ic11Jutk4oVlQPKK947zwO/WeYEAsfFyzmAFIulAPse4r5Ktu86XqHNzE9dfNM+4x2eGOZZlfS1R1d2I6tQdFa2X87zotcKlHAVgS0pa+BtkDIx8Zl0H4R46W3lN0fEvNTLZ6y2fovXMySAaNpnbVvue2hikoDHyJsHicC7w8kvqNCu5lCAyJflU6HysX6qti/X3/czN0xfLxWUnpio2FimrHApLKQsxvzcyFDxs9ru/Mppz02VEo533M7/Q3eyLjtufyT1BFYAkF+IdWT4dKSqPfP5EUXfk3FKr+52SNkmsBBT4daKxYkBON08XJUJmrdis+qsfD/aGWqxbXK9iyVRyuzVvo8gB6nCqg0diJ2EMjzz5ERvs4spZydyhEPZOlHYpR7ZoRjWSbVARJPtGlqo7E7nRDJkXPKFrutASvQlPo+98ZOSMvlFwkKqSjyhSKZYrirSSdIqX7h/D814MAJbIhwqL4mbG/YkTbtzrKBwmdZs6PwvMJxNkzQp2pGfEWzfY+kc0p+4uf+vEVBs1+iWt5Gk1frlFlpvae+Qy9WOQs1IzfaVW07/ykRRFAGvAMccOnV1NoS9quobszN2XnPBV7CULiJ+5ZFLceuwGIUBS1K6txBVcjrNMgYhX6sTq4LA7gfpHxy0acbmnqJR7oz0+tjvqDRmQ2BC2Z5Uo5VF/rtllILf0j+4ihTRj9BJqMS2eFogqTdCjW5sl7ojxH5kJhgMSRMiLzcysqaYe5xG9M3ddVRkuGZVISQAqTz02OQO/ngL62ul0uRRyR7XMJ6DUz455oEQ5Oa6
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9531b660-10a1-4f9c-06e4-08da6a6e7acd
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2022 16:39:56.5390 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lheZZ067PmRLainqR0W0Ps9OCHA8CLUT7RFUDAOMP7I4nz8CX/aNoH6oQ4mP8wfbu2K+i69+RBOlnrGfwwmYbw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2679
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.232, xfe-rtp-002.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/A_fWLK-UthiPT_4i1fqJM8v3bjk>
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2022 16:40:05 -0000
Hi Peter, Thanks. Yes, I think that your proposed text would be a helpful clarification. Regards, Rob > -----Original Message----- > From: Peter Saint-Andre <stpeter@stpeter.im> > Sent: 19 July 2022 18:05 > To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org> > Cc: draft-ietf-uta-rfc7525bis@ietf.org; uta-chairs@ietf.org; uta@ietf.org; > leifj@sunet.se > Subject: Re: Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with > DISCUSS and COMMENT) > > On 7/19/22 10:44 AM, Peter Saint-Andre wrote: > > One more small note below... > > > > On 7/19/22 10:30 AM, Rob Wilton (rwilton) wrote: > > > > <snip/> > > > >> You may want to consider whether it is worth making it clearer, either > >> in the titles or the first intro paragraph, in section of 3.1.1/3.1.2 > >> that the protocol version requirements are specifically about > >> implementations, and deployments are allowed/encouraged to restrict > >> deployments to later TLS versions where reasonable/appropriate. > >> Otherwise, I suspect that readers may well have both implementations > >> and deployments in their head when they read this section. > > > > Good point. I'll look at the entire document again from this perspective > > and see where we might add some clarifying text. > > I found a good place for some amplifying text, at the end of the > following paragraph in the introduction. > > OLD > > These are minimum recommendations for the use of TLS in the vast > majority of implementation and deployment scenarios, with the > exception of unauthenticated TLS (see Section 5). Other > specifications that reference this document can have stricter > requirements related to one or more aspects of the protocol, based on > their particular circumstances (e.g., for use with a particular > application protocol); when that is the case, implementers are > advised to adhere to those stricter requirements. Furthermore, this > document provides a floor, not a ceiling, so stronger options are > always allowed (e.g., depending on differing evaluations of the > importance of cryptographic strength vs. computational load). > > NEW > > These are minimum recommendations for the use of TLS in the vast > majority of implementation and deployment scenarios, with the > exception of unauthenticated TLS (see Section 5). Other > specifications that reference this document can have stricter > requirements related to one or more aspects of the protocol, based on > their particular circumstances (e.g., for use with a particular > application protocol); when that is the case, implementers are > advised to adhere to those stricter requirements. Furthermore, this > document provides a floor, not a ceiling: where feasible, > administrators of services are encouraged to go beyond the minimum > support available in implementations to provide the strongest > security possible. For example, based on knowledge about the deployed > base for an existing application protocol and a cost-benefit analysis > regarding cryptographic strength vs. computational load, a given > service provider might decide to disable TLS 1.2 entirely and offer > only TLS 1.3. > > See https://github.com/yaronf/I-D/pull/469/files > > Peter
- [Uta] Robert Wilton's Discuss on draft-ietf-uta-r… Robert Wilton via Datatracker
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Martin Thomson
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Martin Thomson
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Sayre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Sayre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)