IETF Logo Mail Archive

Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06

Peter Saint-Andre <stpeter@stpeter.im> Thu, 30 June 2022 17:18 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACB76C14CF02 for <uta@ietfa.amsl.com>; Thu, 30 Jun 2022 10:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.982
X-Spam-Level:
X-Spam-Status: No, score=-3.982 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=P9ID3W1n; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Z2n98vko
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bh6AVv5fYgDf for <uta@ietfa.amsl.com>; Thu, 30 Jun 2022 10:18:31 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E4B7C13A236 for <uta@ietf.org>; Thu, 30 Jun 2022 10:17:31 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 7571A3200934; Thu, 30 Jun 2022 13:17:27 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 30 Jun 2022 13:17:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1656609446; x= 1656695846; bh=xGyScMZpCuCGWXNL9zSywMSWcnpd1TEcmEDtcTrmUd4=; b=P 9ID3W1ncbgj8yeF68hJ98HpqgvgImz2Tt2mBTwbCk4D7DClDeQpErz+xiv8hSku2 +7osYDTawpxoZy90FKtos/6MzldW20j/uylG1Ic6oCF/4rGjj+CXRO72qgjLm70v zh9b5nVx3KwkIc0x2KiS+FNaENN5UsAcC/nSHerwJOl6+fxQ95iigCwycDg2hw7P ZXXvfwvaL/AIboXtK8YXjyEBPnRHyfqKopdeN+bPyEEmPHQ67cTAzhKcA2N9+u03 0YJy+Xt7ducwvMEjdoMyOsvk0tXTuezt+enJZa0VgSabDNsw4M5bGztzaqrGMHPI LeGFaEKTZzdC3bdvVM4BA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1656609446; x=1656695846; bh=x GyScMZpCuCGWXNL9zSywMSWcnpd1TEcmEDtcTrmUd4=; b=Z2n98vkoX+AmBP2Ng hbJIyQiGlTBkN/b3sUfF20niH5KP1aECe51U+IA4G0E4/GI/VTReZvTxc2iJRYAI dl7/vzuXa4uK43e7bpy0m3F1FLVGXe/iKzFTSSGwKsN7WyLBNyPDHKcAjUAXGtag /5wikCFzYlhs+JCuYWyAWIMLhVL7L6inLqm+13x2ff1oypSijXqtL5YXdPj+0EJn G2fmCazOVQTx5DQeaq9zffKFMH8aOcKoPp7u7fnhHZJ5AObdkSDE0DGt8+XVpj+X 2nc3uFBjX79fzhDHIBzvhZod6kjA9ZpS7Qy1eZWJTlNHkJxURleTZ2XkESCL+cXk S2VMw==
X-ME-Sender: <xms:ptq9Yuz7mO9GOkWtjJk18F9dkTKACJZj0refrXFXeY3aEMU-3PIsUA> <xme:ptq9YqRn_6Mgb3WYKsgct7Mlll8GRGYISM-CsKaeIfLDBb91-pqLKURcBHfjSAlTL FPZH6ZlA0bUAJdyJQ>
X-ME-Received: <xmr:ptq9YgXRbAUt75lBo3aUHNILpPk9p2vdwTgZIURIEtUp2tuv2zX7ysuFYiyj>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudehuddguddtlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqe enucggtffrrghtthgvrhhnpeehtefhvdejvdfhgeetgefhfeeuudefkeetvdfhkeelleeu heefleekkeekieffudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvghrrdhimh
X-ME-Proxy: <xmx:ptq9Ykjpnl7xn7bT4M0kOx9zUzFWHCUZGUy-4jV2rxWPPxJ6JUU9CA> <xmx:ptq9YgDI48leCPCrcuw5bjthYYHKbObAZRv39-yYjPoczPOQItLPTQ> <xmx:ptq9YlLEknxn66YzuGk_QQlbfbuKo1lmXLuRNQ639FlfVXtuyJBE5Q> <xmx:ptq9YjPVXyS34Bk-0gtPHSrTosiK53LwwQ4wpY0tYetTQ7zlodrCig>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 30 Jun 2022 13:17:25 -0400 (EDT)
Message-ID: <b9f52107-4970-453d-a3ec-bf57e313af4d@stpeter.im>
Date: Thu, 30 Jun 2022 11:17:25 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: "Salz, Rich" <rsalz@akamai.com>, Martin Thomson <mt@lowentropy.net>, "uta@ietf.org" <uta@ietf.org>
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <152a5c9d-3142-419e-81dd-aa19bc2c8a02@beta.fastmail.com> <A8121C94-7881-4BA1-8A3D-C70291020FA6@akamai.com> <53fb3bb0-6414-3e1b-5ef5-2204522528f8@stpeter.im> <ED51AE33-23D2-4D40-91CD-155877E0ABAC@akamai.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <ED51AE33-23D2-4D40-91CD-155877E0ABAC@akamai.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/AzhDBbVNXabMmWYksvtdDh_zZ_Y>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 17:18:35 -0000

On 6/30/22 8:18 AM, Salz, Rich wrote:
>>        A reference identity of type IP-ID matches if the address is
>         identical to an iPAddress value of the subjectAltName extension of
>         the certificate.
> 
> My concern about this is what I stated before. This document, and its predecessor, clearly state that they are about domain names. In particular, fully-qualified ones.
> 
> Adding IP address is likely to have rippling effects throughout the document. For example, much of the Applicability section would need to be revised, the simple summary of the rules and the detailed processing sections need an "escape hatch", and so on. 

Yes, I was thinking about this after I last posted and it would indeed 
require some revisions throughout the document. Perhaps those changes 
would not be huge, but they might be widespread. And I always worry 
about making widespread changes late in the process.

> I believe this document could just point to the HTTP RFC as advise for protocols that support IP addresses, as I have also said.

That might work.

> We have not yet seen that there is WG consensus to accommodate Martin's point. Can the chairs handle that?  If there is consensus, then the wording needs to be discussed and the WGLC should be re-started.

+1

Peter

v2.23.0 | Report a Bug | By Email