Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 18 July 2022 14:34 UTC
Return-Path: <rwilton@cisco.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BE43C14CF04; Mon, 18 Jul 2022 07:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.909
X-Spam-Level:
X-Spam-Status: No, score=-11.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=SPjp3taw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ZN5KsizH
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxH_81oFjMwo; Mon, 18 Jul 2022 07:34:53 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95ACAC14CF02; Mon, 18 Jul 2022 07:34:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4086; q=dns/txt; s=iport; t=1658154893; x=1659364493; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Vkp/rbAtc5pJKkX+oDQn1Dbjj5y4XZu5V9dWrvEWcEA=; b=SPjp3tawuWz1yyvGKFgGI54xe51e5OC29EcIqqN/KD+cMpNFHhziNZG/ 5ma3BCUyTrKrkUu2SSD1BRmbDww/S8xUbN4mkGxdqbsEznBomsBJWTqI0 u3hob2hjiikT1WS/oJ2mko8JpdBGSBQHkpjsueBVyrx59GU8Yh1PvVbT1 8=;
X-IPAS-Result: A0BNAAD+btVimIsNJK1aHQEBAQEJARIBBQUBQIE7CAELAYFRUn9bOkWBSYMFg0wDhFFfhQuDAgOFZpVlgSyBJQNUCwEBAQ0BAUIEAQETgT+DNAIWhHgCJTQJDgECBAEBAQEDAgMBAQEBAQEDAQEFAQEBAgEHBBQBAQEBAQEBAQkUBwYMBQ4QJ4U7CCUNhkIBAQEBAgESEREMAQE3AQsEAgEIDgMEAQEBAgImAgICMBUICAIEAQ0FCBqCW4JmAw0jAwGecQGBPwKKH3qBMYEBgggBAQYEBIUQGII4CYERLAGDF4Q8gxOEICccgUlEgRVDgmc+hCwJEYNUN4Ium20cOANHLxKBH2wBCAYGBwoFLgYCDBgUBAITEk0GFgISDAoGEw5BEBcMDwMSAw8BBwIJEAgSJQgDAgMIAwIDGwsCAxYJDgMdCAoYEhASAgQRGgsIAxY/CQIEDgNCCA4DEQQDDxgJEggQBAYDMgwlCwMFDw0BBgMGAgUFAQMgAxQDBSQHAyEPJg0NBBsHHQMDBSUDAgIbBwICAwIGFQYCAhhUOQgECAQrIw8FAgcvBQQvAh4EBQYRCAIWAgYEBQIEBBYCEAgCCCcXBxMzGQEFWRAJIRYGDhoKBgUGFQMhRyYFRQ8oMgE2PCwfGwqBFSoJIhYDBAQDAgYaAwMiAhAuMQMVBikTFBoTCSt9CQIDInQDAwQkBQQZARudPCqBJgQNB2F2TQc7BREFliGrKwqDUaA0FahnlnkgpwECBAIEBQIOAQEGgWGCFXAVgyNRGQ+DLopyGR6DO4pedTsCBgEKAQEDCYxAgkYBAQ
IronPort-PHdr: A9a23:Z4WY8xANW+elMSVdbLr/UyQVaBdPi9zP1kY95pkmjudIdaKut9TnM VfE7PpgxFnOQc3A6v1ChuaX1sKoWWEJ7Zub9nxXdptKWkwJjMwMlFkmB8iIQUTwMP/taXk8G 8JPHF9o9n22Kw5bAsH7MlbTuXa1qzUVH0aXCA==
IronPort-Data: A9a23:OYopR6ghZvoLOYrLwR7rdVUsX161mxAKZh0ujC45NGQN5FlHY01je htvWWvVO/mLambxetFwOt7nox4P75bWz9E2SVY//io0F3ljpJueD7x1DKtf0wB+jyHnZBg6h ynLQoCYdKjYdleF+lH1dOKJQUBUjclkfJKkYAL/En03FFUMpBsJ00o5wbZm294w2LBVPivU0 T/Mi5yHULOa82Yc3lI8s8pvfzs24ZweEBtB1rAPTagjUG32zhH5P7pDTU2FFEYUd6EPdgKMq 0kv+5nilo/R109F5tpICd8XeGVSKlLZFVDmZna7x8FOjzAazhHe3JrXO9I1Ykdb2xHTm+ku7 +wUv6KfWQoYIaTTzbF1vxlwS0mSPIVP/LvBZHO4q8HWkQvNcmDnxLNlC0Re0Y8wo7ksRzoQs 6VDbmlWP3hvhMruqF6/YvNzh8A/K8/DN4IEsXYmxjbcZRojacGaGfiVuIcDjV/cgOhiNNf8f M8ZUgNJTzbnYkx/OmwVLqIXybLAan7XKm0E9w39SbAMy2zezQJz+KPwNtfJPMeHLe1Igk+wp 2/a8SL+GB5yHMGDwH+O8nutnPTnnC7nVsQVDrLQ3vJwiVOPg20eFBNTSEey5OO3gRHjAY9VK lc8+ycyo+417kPDZtjwRBKQoXOYsFgbQdU4O/Ym8AyRx7D8+BqBC3QJVHhAbbQOsdMeQTs12 1mVhdTxFHppvaH9dJ6G3r6QqTX3Mi8PICpcIyQFVgACpdLkpenfky4jUP5KG6653vmvHQiv5 AnTphYRl7gikscUgvDTEU/8vxqgoZ3ATwgQ7wrRX3644g4RWGJDT9HygbQ8xaseRLt1XmVtr 1BfwJHHs75m4YWl0X3THrpcRdlF8t7faFXhbUhT847NHthH01eneY1WiN2VDBg0ap9fEdMFj bO6hO+8zJZXOH3vZqhtbsfvTc8r1qPnU9/iU5g4j+aigLAvLGdrHwk3OCZ8OlwBdmB3ycnT3 r/AKq6R4Y4yU/gP8dZPb751PUUX7i4/33jPYpvw0g6q17GTDFbMF+pVaAvUMLtktv/byOkwz zq5H5bXo/m4eLChChQ7DaZPRbz3BSFhXMuv+5A/mhCre1M9RQnN9MM9MZt4K9A6wMy5Z8/D/ 2q2XQdD2UHjiHjcQThmmVg9AI4Dqa1X9CphVQR1ZA7A8yF6Pe6HsfdOH7NqLOJP3LEykpZcE aJfE+3eWasnd9gy02lHBXULhNY8JE3DaMPnF3fNXQXTiLY5GVWSpIG1IFu+nMTMZwLu3fYDT 3Sb/luzafI+q85KVa46tNrHI4uNgEUg
IronPort-HdrOrdr: A9a23:qwb3uKs7DYeNA6dHVR30IEbV7skCwoMji2hC6mlwRA09TyXGra 6TdaUguiMc1gx8ZJh5o6H9BEGBKUmskaKdkrNhQotKOzOW9FdATbsSoLcKpgeAJ8SQzJ8k6U 4NSdkdNDS0NykGsS+Y2nj2Lz9D+qj9zEnAv463pB0BLXAIV0gj1XYCNu/xKDwQeOAyP+tBKH Pq3Lsgm9PPQwVzUu2LQl0+G8TTrdzCk5zrJTQcAQQ81QWIhTS0rJbnDhmxxH4lIn1y6IZn1V KAvx3y562lvf3+4ATbzXXv45Nfn8ak4sdfBfaLltMeJlzX+0eVjcVaKv2/VQIO0aOSAWUR4Z zxStAbToBOAkbqDyKISN3Wqk7dOXgVmjnfIBSj8AXeSITCNUMH4ox69Ntkmt+z0Tt6gDm6u5 g7h15x/qAnfS/ojWDz4cPFWAptkVfxqX0+kfQLh3gaSocGbqRNxLZvtH+9Pa1wah4S0rpXWd VGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFojvA3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki94KLf8fEw/qWnaZYIxJw9lN DIV05Zr3c7fwb0BciHzPRwg2fwqaWGLEDQI+1llupEU+fHNcnW2AW4OSUTr/c=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.92,281,1650931200"; d="scan'208";a="912575039"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Jul 2022 14:34:52 +0000
Received: from mail.cisco.com (xfe-aln-001.cisco.com [173.37.135.121]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id 26IEYqsJ006335 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Mon, 18 Jul 2022 14:34:52 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-aln-001.cisco.com (173.37.135.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Mon, 18 Jul 2022 09:34:51 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Mon, 18 Jul 2022 09:34:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iQo52//RlFnsqywRJOPsvTA9ulG5SuaM37XTf2u1Sw/xV/SbIsNvZqq6TEU84TuOYoNso6/x+A2Mmh+HUBvVxzjd5s9R5W2/e1Qo28f1QfUY/0OTftkyI4T0mQg2IZqeRRCSTlvpMLYUypvGJ8DXDDKu7VtcjHKaLpft5JbkTu60/bD8xkgy2ceLVpwC/q/RSowA0bwl7aVPN51BnNFmqqAr3TpmEubdpa9UXgNHfwaQal2jFHROjWuRfFnWtUQlM1Iol52MeJ3KwWoDIEl6MMpUdEKmXo75B291IWq7TFg/EjDSldUu5ySEdwYQkazHL6IjD/B4U4Lb+WdUvz3T0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Vkp/rbAtc5pJKkX+oDQn1Dbjj5y4XZu5V9dWrvEWcEA=; b=N8Er9pKdvUrw09uLGzblk9PF8D8j0816EGLaV/K+ILKtfAtLc9v586gNiiP2M2STj99BIK+gdXYY/v+1dZFJqauy2P3V0m8V1eObrf8jO51B0EndEELf2bUwdM+24HA7n7r8U+5aXZbHdQHmswwR7qtC15xOVktFO1blyCyi2Vs0tNqUbWUeHHHapb7n/tQiL7D4NDpkcRoB7yP/mv+AHuRqr02Y8YR4ME10wIVYH3G2bSseh6rzRaLVE7ZqHVyf5ZxnylMT3jAGej0SGZP6Uvjg5BPGNnMF51qMNAthBaXyfgv40DoXH7Bf1AD1zkC5BA3/MSsFIp/2kZLQYUJsPw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vkp/rbAtc5pJKkX+oDQn1Dbjj5y4XZu5V9dWrvEWcEA=; b=ZN5KsizHRwVtPUxZakA6PeFha3PvcOo9vnsxuyIXn7xIMfvHBzUYuCd1r4fKU+NcqIXHA0JsivtAwPm7To4tWZ78g/K+6AOw/geR+BkHgXlfi12e+5eXQordU4HLaNnreArhUkdKsIyT/jnI8kl4q3tSSNcftq4F+qUoVm3yKtQ=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by SJ1PR11MB6203.namprd11.prod.outlook.com (2603:10b6:a03:45a::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.23; Mon, 18 Jul 2022 14:34:49 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::e0e7:b17a:c19c:20e4]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::e0e7:b17a:c19c:20e4%4]) with mapi id 15.20.5438.023; Mon, 18 Jul 2022 14:34:49 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Martin Thomson <mt@lowentropy.net>, Peter Saint-Andre <stpeter@stpeter.im>, The IESG <iesg@ietf.org>
CC: "draft-ietf-uta-rfc7525bis@ietf.org" <draft-ietf-uta-rfc7525bis@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "leifj@sunet.se" <leifj@sunet.se>
Thread-Topic: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
Thread-Index: AQHYl2Vbtb6/MYgEPkeJX2Vy4Jo9ca1999cAgAEle3CAAL81AIAAChKAgAQU16A=
Date: Mon, 18 Jul 2022 14:34:49 +0000
Message-ID: <BY5PR11MB41965634F7B81CEC361DA771B58C9@BY5PR11MB4196.namprd11.prod.outlook.com>
References: <165779144446.10023.16857085823147739769@ietfa.amsl.com> <799e5773-9fa4-b06a-38d1-138c43c5cfd9@stpeter.im> <BY5PR11MB4196858D743ADDF0058AEEF6B58B9@BY5PR11MB4196.namprd11.prod.outlook.com> <aef823f3-f3ab-4b17-811e-45bbcadce342@stpeter.im> <e91c06c6-037e-4ffd-ad17-37879df24e1b@www.fastmail.com>
In-Reply-To: <e91c06c6-037e-4ffd-ad17-37879df24e1b@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 11a907d2-bd37-42eb-e875-08da68caab75
x-ms-traffictypediagnostic: SJ1PR11MB6203:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H8mUP3HQbLXw7O6fNXXETTw1o6ULMQvoEe68bViitYyJZmifzpykGlDXRM6BUs0xahE0bs74zsuEm1UQVkW3jDsnbUx9nqY7qZApou9iyJuI7xZycGAKh4FPhT6InPyu3OhmOG3sd9yloPSo65robR58HbsD9Aa9i0Vds2D7FLkx1ZtbQmt2QmraoH1Hy8q/W/Ey5VsBJ6KgxoQAkYdWv04OS/nv0ezNeo53ezin1WdVXztd9Fq7OouQRHBS5Zusieb6CV2w4rIIgltvziFeCwoCtQHSQ7xgA4KJBwdOdMigkHC9V5Wn/s8y17if+G69zM/j/ZZK5vcv7Y2BtFp5QnNj0Kiua3pDzdNn5pxldaH2HjfEhswC7g5cs9RaGmmebio3NBjK7BzcNDbh/9uo2/8oS6CvUFoD6CB+yJvx9qNtJTg3X8yl2w4d1oul/QXWAuMYcOKYrY/aSFwOTgZZ2164FUu9OoyYu0+xNoYq8IQUX7Lci9+wMtIbAZzu8mmbmt3yu5GYpV+H6veD3duNIQbXEYO9ZT7ASGYZK0wZ20dBKSR5St7c16YMXe4cJ9zcZGEfp/72iT/3+LJa9uYZKo9dNGNM1z6lag2LSiorTW94tMTmZxP9lur707O4ktM/EeFHjIz7VsuxuMSSxr7iM+nKMUXhVifJV4O/AdAhqbQT3ySiR29aZaWTVer0+PTiVUhK01PaHr5Hbw2q9LYl8XNmhi81tMcNg2b9lFKU3b5eS5YrhTtM3NIIdo2Ye74Ji/904bovewolzL9xS1/X5XPzoUE8LB/wa15EsPFfs6/7a7lNhUzSJ0Kh3aiD/+8H
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(136003)(39860400002)(396003)(376002)(366004)(346002)(86362001)(9686003)(5660300002)(41300700001)(7696005)(71200400001)(6506007)(478600001)(52536014)(8936002)(53546011)(2906002)(122000001)(33656002)(4326008)(38070700005)(83380400001)(186003)(55016003)(66556008)(66446008)(64756008)(54906003)(66476007)(316002)(66946007)(8676002)(38100700002)(110136005)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kaddHnf+6EfOmEEQhXWwNWAKOPYEqzCo6RRzdBb8ar16TzSYcuJ24i55ePKWYy+wvKXcjeAYRZLyXjR06kX3ll+DWrEkJX8n1NukL6eDozr/wEcWdCMW/ZUwykfXbmmGY8KPsNEqFTS8ecOBpsngzLh+SzWknP2SqjdgVDRjMpg9JNPszRCCXooOsz1hcPTq5KyUGDqcQ97T6qfbmt1zVdCuilXP9j4mBHyC6bdVqwumfE/UCrUansXaxnWV+hHH4MNR7ZPde6B2I6YKxAkLc0rCUcCVR4gi1non0b6hzDzT+Rd38MK4C8wIXvOi+BqJ6+hB567Bi8nC4xnWIIzyEgCgqKioqVoc63AvixOIuqjbjqzSzuFa6ze4PRmL2pwRCEDcP0NbmgWFiA673AsVgLBdOIO1ApK4whlcbLqc1uvknzJLIfCwWwfEPQq78yKNttRiokiL4TUU7qQDQmPF6Ff7woZEL4jS9GSsIMRq4HN/WJkBi234v95HaNPkYdL+ltTR5pLdMzBQPfZZjhnhlpo80ePb00ov4+j/QfRXzziSxXps5JWd+UnBGgzjsTaUWn/51bQo7HiJWEqUH2Q9bpHwfphFDn8XmvKv0b5S34mBEq48NrouEGKs5hb0cUeeTe3oUpe8dmsZTnzWRuHHRXpnu1oFaa3Ix1Vaqk1MZ+M+A5S3RmlY68MR5oDBfvI+JZ0B1XNdH1PygHapq80aEQpaRYiOwcPNdA17mkwik64GaJJcMYoS/f2YqAZrvIz9YBalgp6MgF4kZWIpLESofraYEvre4X1G0LdN8Ghzxv4+Cdf5ptOhXJLzJTtMH1ae/TULxEDFunvC1tywbLl0kE4aKjjMAXExP5nHIiyDdDv2ia0O1b6Tt9u4cUpSVHy7cA18QS3i90PX2nFVvJSwTEnOEqMkw3djNW/x11hGv64eD/RvbH/Ja5cJgmjHaterdgJQ4fYnfy2HHGFt+fc6nkSbuTpZ/wxgQ0KLCV9mE2k5yYmy4e8W+zegEX21z3crBIGQL+eVifFNbFv4ktUMyPmgOUG9ynf5hoxmX/TgDzdVmFPkl2U+Tncp/+4MCGaaVvJrljLzDXa+T+mRfBVI/bl9KOxQ6SiKj+QgAWIrhdfb9AhfTUflY7zWs9Dgk5cXOk9wq4ldoTEeCwwpuZ+/VfbBEWeXDF7467P+Ep20pzoFMREYC/I0g+9K7fWHlvhBK8WAyGpLP4sxG+29oDByXk1TMYaaxpw87I3mgG5lP2d7XmAzn18uDIFcezR8h6TiOzEX3rhcKExBwqMi4dfOj51Xyt5c+S7F+vPw0Orc0Qb30b2LZpKZh9xfuuUr8ozkGoH2tsVsTbrQw6GSFKbCBol0huPNULhMao0hwXKL0eGBWsH/ajd4yGJbPwpnyBKQ+S0IJ9h+uB0/dwraoWQ6NRiuvo9FZWFMYHDYmyFVQrCsWM1Ij/nK+n8DOZEBfRveBMGsunSx/FaZO5v35NfHqrm/c9C+kyyTFwH61Ejmzioir/mM101zr9s3O5cZn7fwBia9tvJLgCiX0gcb7q94DCbWzvtzOst1nOMXu/tdxA/Fz9q0L83SnqsHOuBlBeVkawoifKaJi0Y/QDD9LX+qlqbxZ/Tc2osMSRwtWEudl84rKR//+GucTefDhuou+W1/
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 11a907d2-bd37-42eb-e875-08da68caab75
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2022 14:34:49.5347 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lxkJf328Nvb2m/dSUoOM9H35w6ES2NPrMaCpcBxfaZZVMdXr2InTAJu0KzgPwuwW7bzJCR7tlJkBXPm9N9o7IA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR11MB6203
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.121, xfe-aln-001.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/Tc07hdOsHgj0VpwQZGi4suxntng>
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 14:34:59 -0000
Hi Martin, > -----Original Message----- > From: Martin Thomson <mt@lowentropy.net> > Sent: 15 July 2022 21:37 > To: Peter Saint-Andre <stpeter@stpeter.im>; Rob Wilton (rwilton) > <rwilton@cisco.com>; The IESG <iesg@ietf.org> > Cc: draft-ietf-uta-rfc7525bis@ietf.org; uta-chairs@ietf.org; uta@ietf.org; > leifj@sunet.se > Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: > (with DISCUSS and COMMENT) > > On Sat, Jul 16, 2022, at 06:01, Peter Saint-Andre wrote: > >> Shouldn’t this be "Implementations MUST support TLS 1.2 {{!RFC5246}} or > a later version"? Otherwise, protocols like QUIC would presumably not be > compliant with this BCP if they only support TLS 1.3? Or alternatively, this > could probably be stated as "Implementations MAY support TLS 1.2 > {{!RFC5246}}". > > > > The implementations we've always had in mind for this document are > > TLS/DTLS implementations, not implementations of protocols that re-use > > TLS/DTLS in whole or in part (e.g. QUIC re-uses the handshake protocol > > but not the record layer). However, that's not crystal clear in the > > document because we only recently started mentioning QUIC. I'll talk > > with my co-authors about this when we next have a chance to meet > > regarding all the recent feedback. > > I think that you are right to be cautious here. What you want to have happen > is interoperability. If you say 1.2 or later, then there is a risk of some > implementations doing 1.2 only and some doing 1.3 only, then you lose the > ability to communicate. The introduction states: This document attempts to minimize new guidance to TLS 1.2 implementations, and the overall approach is to encourage systems to move to TLS 1.3. and These are minimum recommendations for the use of TLS in the vast majority of implementation and deployment scenarios, with the exception of unauthenticated TLS (see Section 5). And section 3.1.1 states: Rationale: secure deployment of TLS 1.3 is significantly easier and less error prone than secure deployment of TLS 1.2. I completely get wanting the interop, but the MUST implement TLS 1.2 still feels too strong given that AIUI, one of the reasons for TLS 1.3 was to help mitigate some of the security issues that turned up in TLS 1.2. It feels reasonable to me for a server deployment to decide that they will only support TLS 1.3 because it is easier to deploy securely, placing the requirement on the client to also support TLS 1.3 for successful interop. Equally, I can also foresee continued deployments, where they still decide to support old versions of TLS before 1.2 to ensure that they can still interoperate with legacy clients that have not upgraded. Regards, Rob > > I think that you might benefit from putting QUIC out of scope, except to note > that some of the advice is applicable to QUIC insofar as it uses the TLS (1.3) > handshake.
- [Uta] Robert Wilton's Discuss on draft-ietf-uta-r… Robert Wilton via Datatracker
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Martin Thomson
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Martin Thomson
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Sayre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Thomas Fossati
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Peter Saint-Andre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Sayre
- Re: [Uta] Robert Wilton's Discuss on draft-ietf-u… Rob Wilton (rwilton)