Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
Peter Saint-Andre <stpeter@stpeter.im> Mon, 27 June 2022 22:33 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB50C13CDB0 for <uta@ietfa.amsl.com>; Mon, 27 Jun 2022 15:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.006
X-Spam-Level:
X-Spam-Status: No, score=-9.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=bL8Uxdvz; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=DPZWfrX8
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMSWTSMITY_N for <uta@ietfa.amsl.com>; Mon, 27 Jun 2022 15:33:06 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D54EC13CD97 for <uta@ietf.org>; Mon, 27 Jun 2022 15:33:06 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 645F45C01A5; Mon, 27 Jun 2022 18:33:05 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Mon, 27 Jun 2022 18:33:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1656369185; x= 1656455585; bh=xkxMQKBvr5ycUq3xjpNuzPJBwDPqPI938YxbseHiBE0=; b=b L8UxdvziUIN4Dzkpzw+Cytt8sq3xl0O38w6sK7QT2CLNqGfNXkDRL7zquUB1RYEM t3rhttxMnN0DNRlVQW12I+ADDpk6Mh4FsLKKMG75tNmSRgSTVQZNGD4X/u6YksXw Vz46j+gtjk0OghYRGTCoqQ31nYexDxNlqOcmxC8sqkjiL3haUpieoDYCq+XNVxx0 Lsk8aT3ZxOeNUi3DR0R+BkkDWcAWHRTuEFcfR4P+bSZ9LmbxyvUxVHI2DzXJZ7n6 CONYVAEUuQekl1s/S7ri/mi6mdW61KvEhHUop4fLUcEBZOXUMYv/BRb/nY4/DW0T 0HYfjSJZGy9uuKcnmkyIQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1656369185; x=1656455585; bh=x kxMQKBvr5ycUq3xjpNuzPJBwDPqPI938YxbseHiBE0=; b=DPZWfrX8NGKsW2OSP 57WYs0EfCWMBkXnB/hbKUijGGr7Ds6tsKsVXZ9bKCaIasu8SWIjHNVIIazIFz9WO A/aSfy91MbcDGVgms4b8RTlnUEgqjgoLx7qw0iptYJcnrOeDf5fTSvAG2Tq2Gu5U R2ROFEiX80RL8w2ByJHc5hmHj5SRqhH1aKl2OwWjYZKoNhksuvf64PZKcuumdG46 zKPZi0fj8EBpMJUJJEcUWb62VzKSISdPmUDY05T39q3kUECjn48mUHwt0cqANWzR 2rGQzyRzNnmPr/CRvUClt1iam1GqyI6aey9hsAlsUXYrjg1/rDavaQknBu29ARZr B6JgQ==
X-ME-Sender: <xms:ITC6YtzSW3r1M7oUQiQJ8yVUhFBqXpnbMW3HWeKsQdsp8K5bEOn3kA> <xme:ITC6YtSLUAv8xfs9o2qxBlGeDj1I8uIEUcX1k5SdFSOFKLVmFMLK49iAngm-4L7ET d-DdzBYXJuENSqJpg>
X-ME-Received: <xmr:ITC6YnVZvOXGzz1e7q2JCuSkbAQFLC5bq9LyNhmZRsO6dfWaSLORBAIhzmFO>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegiedguddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtje ertddtfeejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgv thgvrhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpeehtefhvdejvdfhge etgefhfeeuudefkeetvdfhkeelleeuheefleekkeekieffudenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvg hrrdhimh
X-ME-Proxy: <xmx:ITC6YvigUDxbP0EHpZHO84XZ-E32qS1x1YmZi-6GZynu8E6l-gyW8A> <xmx:ITC6YvAd18-_IPO5pz-ks3dHsiH_2caBva2uzOKl4BWckwmCs8nhbA> <xmx:ITC6YoL7o_0MWPXFqgM2D_x15OXEUiDmaE5DN5GxO9GedI_24I5Zrw> <xmx:ITC6Yk7TjUHGrIJRKv3xXSVjNmMcSrpxEm3P7lOnExNkyofIQln69w>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 27 Jun 2022 18:33:04 -0400 (EDT)
Message-ID: <d1b5f7f8-6f4f-9860-b284-89544ad036d9@stpeter.im>
Date: Mon, 27 Jun 2022 16:33:03 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: uta@ietf.org, Viktor Dukhovni <ietf-dane@dukhovni.org>
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <032e01d8878f$c2e8f630$48bae290$@smyslov.net> <A7E6035E-7BCF-4BB3-BB87-D261ED98532D@gmail.com> <YrdXuGgMKMM+gKJn@straasha.imrryr.org> <DF17FC56-87DB-4002-B84F-A81B3AE99F83@gmail.com> <Yrdzc0bkQGMRXVGM@straasha.imrryr.org> <fb09d07d-57c3-aba3-f367-dc25a348a4cd@stpeter.im> <Yrou2Rx71cRq+5jT@straasha.imrryr.org>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <Yrou2Rx71cRq+5jT@straasha.imrryr.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/Zulabd3UpccmkNrdxcduv4Lu924>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2022 22:33:10 -0000
On 6/27/22 4:27 PM, Viktor Dukhovni wrote: > On Mon, Jun 27, 2022 at 02:37:22PM -0600, Peter Saint-Andre wrote: > >>> It does for the majority of the certificate usages, but in practice >>> today DANE is primarily used with SMTP, and predominantly with >>> DANE-EE(3) TLSA records, in which case identity questions are settleda >>> at the DNS layer, and the presented identifiers in the certificate are >>> irrelevant. >> >> Even in this case, doesn't the certificate include a service identifier? > > Actually, no. A handful of DANE SMTP server operators configure > certificates that have empty Subject and Issuer DNs and no Subject > Alternative names. The certificate is (kind-of) self-signed and > essentially holds just the public key and its self-signature. Excellent. Thanks for the clarification. Thus in the case of DANE-EE certs it truly is the case that, as you said in a previous message, the equivalent of the presented identifier is derived purely from DNS. Peter > > For example: > > subject= > issuer= > notBefore=Jul 27 14:59:59 2014 GMT > notAfter=Nov 27 14:59:59 3013 GMT > -----BEGIN CERTIFICATE----- > MIIE1TCCAr2gAwIBAgIJAMMmKxPKsTZyMA0GCSqGSIb3DQEBCwUAMAAwIBcNMTQw > NzI3MTQ1OTU5WhgPMzAxMzExMjcxNDU5NTlaMAAwggIiMA0GCSqGSIb3DQEBAQUA > A4ICDwAwggIKAoICAQC200I1aOkqnrr48PS/MLULQM0QSyCUqvzo07G4Fcwkun+V > tYWS6dWXcNP9s8mRutWFXcZtmIvDs3l0p0HG9N8UU7uQIXJxuuJWAwoLqdvVktOQ > WE7rpItRgNtfVibPmyaoLkLfVBSGTh+tspxXVBZ6OSWjs5CX63CSBCcQtv2ecE+y > AuL6bZDrmgxkPDGGTJiZRwB1ttC7gAITx0OXJOwePrEc1se33vzou8bYIHQWCSct > FxelpEHQ9mDeooT65I3dHph+GXWkh1IYRdltOT4ssmQaEzcmP3KMff4u1ibXzDeq > Bkov6rwPAF/VMHnoESFkA7mR5dpHa31D5l4g6B0dHj24V2IBmBNbzKifa9I04G+G > uKydifHpJ7n4Vc6iijMrrDplwPsSuPdaR6bqg4CID8rU1dxiXAjZz+bK/jIAnuPA > U5kho8lPZgf8YeIgGAF/Yd3hcrX9w5cjKlG/QlhkDStOzIWgXgFSK3tG8GMZm6Ne > LHAjNqOpOrNgLq14aJbOpEzqE3cCl8RVgvP9O/P0ZU7dO/7S3dDaKeg+3anjxhbb > 6/iQctxUNxcVyUMf3p1bAl4DqT54dRVNvIS/oH5KaH0rxsW12gmL80VugiuLvuld > t7Pw6A0EjOO4yiMd3BAJCS4evyNMZ75kwZD9YlcX1DPmHUxw11j2F17SS9UfmwID > AQABo1AwTjAdBgNVHQ4EFgQUmMab1SBcHagxOb14ETf/va1bvVkwHwYDVR0jBBgw > FoAUmMab1SBcHagxOb14ETf/va1bvVkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B > AQsFAAOCAgEAjUcd319j7Nt7o6OmUNB29RqG2iG/eE1Mq++vob7ppSkgawWjiIUO > Vxec5oz1h8cHo3vtffQDB1putL+c220zJK5NDjkGVJ5xaPZdWOkZ/+/i5Xypudoh > 3RQZ2MFrq679L4YUuY+/d3W4B8wKYooAmMT7Duzv9xGICgUO75vAmOA5R8CDr1r2 > qj2PLF2xlbSToYa/HbFFkeV/b2OrWc8DTsA3/s6fLc1koYFiAHkyTbBDLlhux3n3 > tnS+yWXGL9DpuFZg1EZI2G3asoFZqfSUjMSf9qsWb/EE5+kquwQfTcXC4AuwYNgc > MVnaxjJsd4vb53eITRVFyeq4lVrT1l8Z7c1dhA0wdXCso5ptg/68YPq7K0jXEutK > 40C/AVapDdT8SYhwawokNujC3epsZ89e0gp6MbiSk3z1jJGO6dk57B/ymAw91TMz > U72xY7YY4yDGUCrxCVBdiGl2kTihwUdxCRJ1baAXcq3meEAY0wQEcDq/dEUMSHp7 > /gr9/8uu94VQ+uIjc4dU6oB+yV/agD+vBDpY2EskdVigxZQKuI5iFX4+2kGoooAb > xkMDriyM/MeD3zjfuBLSrMEQtGZ1d8ilb0kWxCcEwv5SpO9ihiUA584C501syGCD > H0y62RuD2sxdv4k3BKeFYt5NLE7QE8TNgVFKsAdTlW9Cni4yEnscwcM= > -----END CERTIFICATE----- >
- [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Viktor Dukhovni
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Yaron Sheffer
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Alexey Melnikov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Martin Thomson
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Valery Smyslov
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Salz, Rich
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 tom petch
- Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06 Peter Saint-Andre