IETF Logo Mail Archive

Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06

tom petch <daedulus@btconnect.com> Thu, 07 July 2022 09:40 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 324F4C15C13C; Thu, 7 Jul 2022 02:40:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.785
X-Spam-Level:
X-Spam-Status: No, score=-3.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bf00b4dwL1bI; Thu, 7 Jul 2022 02:40:13 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2117.outbound.protection.outlook.com [40.107.20.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E3E8C15C138; Thu, 7 Jul 2022 02:40:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LBbdQHXyJpL1GC8T0M28WkWJiMoKZelO/GM+13QOh6mfop77aOXk7634hYIHaPk70I96HoNbSm/vaSNdxEHoPyx6SUAg2Bd8jZGFksiipjYar+oE7aAopgOxlQ66SaCpk2ExkJpS9pWxseZZU9AxRIVV/EzgjUfGQ8Ue4Ec+uccVQraMAEkzaADrTbsmvJM/c1BuHxwMvwi7NMp83rWiqo26B4eGVV2FaqMa73hiX0i+ij9/I150FES4kzQwk6ZUD0aa7XNYPlnk5qmiRqJe6jBTOXGeAEvSKgIKtviXJYNQNVGmrOKLGH+53wyou0kYIk5Qg5RyxNP/m8u3J/d7EQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=quABJNUVZMRZ1ihO6b0e5M4F1UP4uNzKrePbRtdc+b0=; b=JXV6HImjzSvnxC8OeZoAIoJkoJoTP7fGT53xkGVg1XNlWJL7onR5xMj7TmvsVM5lBIjCB5tyh/qAn1ToReR1sOxhn0fWCbrokgsmGZmbCDvYRavOuD20utAaOJVxg+XFWCfQDHC5jbnHeRY/YYjivPVs9DCFkmAFwaaUnY2i+XoszSqr9VyajYQ2zKCh7C4oOiuBh/fxGpqIi/xvVBiKaNNkZoZzKT0X9nzD3gSiYrMysXiD4CM8XSI7d3rmFP1Em2pcxX8/nApf6rIiKB5f+xfLr04nvrlBamg/g1eUTkp4a9UhdKigwMOwdouYP0gDblA9+9Cls7FutnyKCpIE6w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=quABJNUVZMRZ1ihO6b0e5M4F1UP4uNzKrePbRtdc+b0=; b=TU6wmJbb7Ynv+1GfG5L5ll7emSQLRrh3Au9yRmyRcXrErosjtHlLHN6S9sVNcrpIpaJsffxHVirgFwXZVjY/VVLhlFZzY0gPZnkd7RmmMHTylEnEBU4GAfyoE6RLeUaE0K2fWwFtdWzYffY+NT8az40ADVw9KDe+s5ewCVEcQXc=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR07MB4895.eurprd07.prod.outlook.com (2603:10a6:803:91::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.16; Thu, 7 Jul 2022 09:40:10 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::b1eb:c51e:6586:a5d7]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::b1eb:c51e:6586:a5d7%8]) with mapi id 15.20.5417.016; Thu, 7 Jul 2022 09:40:09 +0000
To: Valery Smyslov <valery@smyslov.net>, 'Peter Saint-Andre' <stpeter@stpeter.im>, 'Martin Thomson' <mt@lowentropy.net>, uta@ietf.org
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <152a5c9d-3142-419e-81dd-aa19bc2c8a02@beta.fastmail.com> <A8121C94-7881-4BA1-8A3D-C70291020FA6@akamai.com> <53fb3bb0-6414-3e1b-5ef5-2204522528f8@stpeter.im> <ED51AE33-23D2-4D40-91CD-155877E0ABAC@akamai.com> <03e601d88d54$65876150$309623f0$@gmail.com> <617eb543-e898-4716-8bda-77000e6d55b7@beta.fastmail.com> <05ce01d89103$6718fd50$354af7f0$@smyslov.net> <6afa428d-271d-43be-3652-9c9729ce110c@stpeter.im> <064701d89142$c0751fc0$415f5f40$@smyslov.net>
Cc: uta-chairs@ietf.org
From: tom petch <daedulus@btconnect.com>
Message-ID: <62C6A9F5.4030608@btconnect.com>
Date: Thu, 07 Jul 2022 10:40:05 +0100
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <064701d89142$c0751fc0$415f5f40$@smyslov.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO4P123CA0027.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:151::14) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: b24b0f17-f76f-4d17-28e5-08da5ffcaeb2
X-MS-TrafficTypeDiagnostic: VI1PR07MB4895:EE_
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: G5k+fEmhnINMztDt239di/vBaWpZ+ApBqlTxqJ87svwxoU88LeqO9o6/PGe6hkG4Ny62POWLbbxY6RNEHysmhpdWRjoworM0ueVDxb1EWBx1vuuUwxaP281MVTICF+Prxxd7G+4Q3qLMl31yuNnJK6WM38DQLpG0vHsKy+ZIS9sWmQdCKHLc2Dirs+5v+7ZfYhQwwHsbDVd+EbE7I5jpXsmBhkrvsHvXw/6LjIfRAlQzUfQ4VyQkgVRnt5QCYgwYE7Sla4VC/RF7KfqxzmbqPIGezwo/y2GRKGeQLlHfSjhQqIQ+aZKE1IJoUGYpE35rD3sR4PWYW2cw9ce4BtiFAmxjgq6OXEY6ylMKkBeeRX4Pj0LK4nySY7sWyMVA5jYiK7f1xcW8t4qFBULPCyhivZbnJQL39TI+r6Vp9nxHoJWDsmTxJkKIM2lWV7upwIxrqF8XciTmhEVTEIvDDaolTYzylEPliz9QouxPmSBxelfm4uWe5c2zo8il/rU5WqKFFi7GjlOPgAzyKU9sJkxQoRtoN6FAH8hbWm7qQqErPGtyotaTpY6+N8pitHrc20S2TXaU36CgBdK5xIO22WLxy6XwzshsbXumZP95BM54AS+ZEQjw+qUHCK4bp6MMg86jR3yXGrcP7jC3eGQAlBI0h4parSGlks9w0k+oXA768uVdrM0vq8fxUwU0X9qqRKQPT3ABO0V8nXOg2vUsNi4rd/AXQM40bcvYO+rCG0ivnboWFL0EmQc2tWJCB7RRPy8eS6K83U0YG8168XSpffjAvEH6CXnTAdbgfX1x9mZDFKySwp2bvyNF7MtRZoOIt9+FEy2O5U+vOLNgTbqLFxnvo78cirnCQPD80CLc2eUGEgAHomPVS1f/M9IYECXSKXBJ
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(396003)(39860400002)(366004)(346002)(136003)(376002)(8676002)(478600001)(26005)(83380400001)(6512007)(53546011)(4326008)(82960400001)(66476007)(52116002)(33656002)(5660300002)(8936002)(87266011)(86362001)(66946007)(6506007)(66556008)(6486002)(966005)(2616005)(38350700002)(66574015)(110136005)(41300700001)(316002)(6666004)(36756003)(186003)(2906002)(38100700002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Drpx49wTyEFQuzNpZQwjgUeIPM2r6anIN+xLZDDgyEjXyYeTvxrPboN8m3iBEFbNHX84jqcpGieo4X069EsGOsxcNFU+/zt5RONOvp76emKX+EJyz4LvrRGAP3fYae9n3xxt0GmIAAWImtKrI92XWAUGeJly9FQ+AuBBHYfN9T8pjnPsDZj/glfWBKOlrnmqO7dzg7hVitsSHFncjSomdJGf4R2rM35Kb5raNw/uREhPBQSJfT+1vuekg0bz31qogjSuTsXGnDO4ElPGeM0mH7sG7sC7E2hx5+iVtB/rl7251XeSRhaH/Df129/adLFu/Pb8PJPQf9PwgVpEPbnTgzmXKYkO1YA9SbhAiAurSRDfJ0VN0jBbtCUFn0sRxpTyS4Bjsg9aSxWPIfbwZeMkaH/hifs7UV65D/VZDu5XZx34QLqGPpzpnxwiDxk0Y4Bs/PvclW9lHGhBiI94AxSwCe/+ZLtK3/7v7ZAsUPEM9Am1WToqq7hn0lLgvFDxesTfjwEFfmjrf40m/OSYFCh0Dc/ZCIPlhxSxGpaM3wxlquTGV62mvTw5DrQSYYPfhrJ4ev3PDErTIK3ZgF2DhW6TTO6apFrWOyGJeHBXHQ7ts6G2qpal5Eu2TxwgQES5wd78OeuWTug2vJxxzgEiXwMC4StwMtF+6JiiYh7XIhDqjCDI0FVS69p9Z/ogFbWu39n4NH5ObQnCxKldKjAXbEAFXct9EnOuHkk7UZiNg7hK6eXDUcQdDj9RZHPDW9FXp3CbNTXA+e8yIsP9HBe+aZorGZqkaKnafDV3+F+vpnz1T/ji/8Z4LhMHkrf/zGx+SohsvNHCfD44RU/EqGGWMhoV3JY+yEkZrsUFsUWmkUQN+PyA75rcPsFSPw1NO800b8ic+2z0WSSLZqhjshgzV4zjEJnyJrw2kIgGFqbG02eSuHlq4Je3sgd5LHjdZ+mSOGbQKJAFce6Oi4FUkyZKntrKNY8EwsautRyjPREgzm+DY+NO0ZzbfB1W9X63++zxZ3UNhfYojWdpQPUwsyeWB+EGe4ym/KF23UD2XgWxpLg386/fKedixgQr3D4YHQ6BpMVI2KL4DS3skDUvC4HiHZ8oTIlsL5Uqy+dkC0v6E2JVO02GHIs4DTI0INLUubIzgjdUIDuiToCJj+By5vAUf/TkwYX1/TY52qDhsOWNxCtaSadUycJBZSOnMEHHExnxy48Cc59Ilo2gfSdmra/HzMphvSg+xkweqObieSXck9U/CWgmVHGgKIBaRqikHbFr+HICgRJCjzZvNdQ363KK4+r+bDupCuDDn0nrxD1R/LHpath9fctJTembGF0XxdhAy4onyMqsAqOVehOI42Ca1N7sHX7vD2FKj7TeABYzdVpZDew0LChqWizW5RpWrA56tDFjEKigDPI3ygStiFAKSapR8EdgEd7M5uUxAzGUlxjcm42nSzWe80iRrWUIagHQfdf3zkKTSxaOfrZvf6kV5S+2ecH9c/y6B0zghEYujPoUVMeaMfrnA4cIJTNx5E7lmeWcrgpRGQJcTdftoSEEGygAbCL61RMIDVUwuvC83YQv72AyRZfZhvnQTqpMaj+E3ZeMGJfblkDGR5WjNEoBK6QgTw==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b24b0f17-f76f-4d17-28e5-08da5ffcaeb2
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2022 09:40:09.7560 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: NEdjjNApPxCMZR3oAgKDfn6c+zpZ7c5mJCqKb5ZuIUbRh1/qHAZseEIM2BSIn3d8iMnFtj0x4/p9OwB9JkfAWQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4895
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/KHeuFqkprkO8eF4uIWE1tuE02ks>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2022 09:40:16 -0000

On 06/07/2022 15:14, Valery Smyslov wrote:
> Hi Peter,
>
>> On 7/6/22 12:41 AM, Valery Smyslov wrote:
>>> Hi Martin,
>>>
>>>>> The chairs think that the rough consensus is to limit the scope of the
>>>>> draft to domain names
>>>>> (with the pointer to the HTTP RFC as advise for protocols that support
>>>>> IP addresses).
>>>>
>>>> Is this the consensus of the chairs, or was there some discussion that I missed?
>>>
>>> We discussed this with Leif going back to the history of RFC 6125.
>>> The text explicitly limiting the scope of the document to domain names
>>> first appeared in draft-saintandre-tls-server-id-check-05 back in 2010
>>> and was kept in RFC 6125. At the time the 6125bis draft was adopted
>>> there was no intention to widen the scope of RFC 6125.
>>>
>>>> I agree that there is no consensus to include changes, but I don't see any input other than from Rich
>> (and
>>>> I guess now yourself).
>>>
>>> Peter also participated in the discussion and from our point of view he supported Rich's position.
>>> We also waited a bit for others to chime in.
>>
>> I'm actually not opposed to adding support for IP addresses - my only
>> concern was performing major surgery on the document, so I wanted to
>> think about what changes we would need to make. At the time that Jeff
>> and I worked on RFC 6125, we were not aware of widespread use of IP
>> addresses in PKIX certificates. If the deployment situation has changed
>> (as indicated by RFC 9110), then I am open to adding IP-IDs to 6125bis.
>
> OK, sorry for misinterpreting your response.
>
>>> Just to reiterate the chairs' position. We think that describing the handling of non-domain based names
>>> (like IP-ID) is a good idea, but at the same time we think that it would require quite a lot
>>> of changes to the current document,
>>
>> Martin sketched that out here:
>>
>> https://github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/54/files
>>
>> I don't think it's *too* bad.
>>
>>> that would slow down its progress.
>>
>> What's the hurry? It's been 10+ years since we published RFC 6125, I
>> don't think a few more weeks will make a big difference.
>
> Then, we'd like to hear from WG members:
> whether the scope of rfc6125bis draft should be broaden
> to include non-domain names, like IP addresses
> (at the cost of delaying its publication) or this issue
> should be addressed in a separate document.

Separate document for IP addresses.  RFC6125 was based on a 
comprehensive survey of what IETF protocols were doing in this space and 
I have not seen much change there.  Security moves relentlessly on and 
so an up-to-date guide is worthwhile.

IP addresses do get used but probably not on the large Internet web 
servers, rather in Enterprise.  (I wondered if the Internet of Things 
will go down that route).

Whatever, a different use case, a different environment, a different RFC 
IMHO.

Tom Petch

> Regards,
> Valery.
>
>> Peter
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
> .
>

v2.23.0 | Report a Bug | By Email