[Uta] Comments on draft-tschofenig-uta-tls13-profile-03
John Mattsson <john.mattsson@ericsson.com> Thu, 12 March 2020 09:23 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DEE03A044D for <uta@ietfa.amsl.com>; Thu, 12 Mar 2020 02:23:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UDphqYEywJtv for <uta@ietfa.amsl.com>; Thu, 12 Mar 2020 02:23:31 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BA4B3A0746 for <uta@ietf.org>; Thu, 12 Mar 2020 02:23:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hc9swrDjjwAzc6EL1lYfReMLEmcpc5VCcOCd/o93UwafefgcimzbhaYu2+EUbfkO51XTdariMCUVbzdMichGyGfbgv6qCvpby7lpMNpAKSCn+n5BiZxIr/p5upMx3fMQVhw2AQTSZo/I71VKop03d0J9IG8vWG/7QeKbsS/+74tl4jKoH35kqd6VRtfRo+ZVX2C9cforrR+iz4QO/HEKibRPpVx77Sbk+Br/JY+qfguKLZZ9rk7UkvCkQkdWzt1HM+33PWXPKF8Ji8XUB0WDNrWTHRNfmrBpgvVpkAMcKer4wwRcZ9bXAWQKZHGKDOKFJ8FPp0tv3E2Y53vvmCsPrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=YTW6TqKyY6dkOtrOZA59q4UeIJX+/KmcrC5w9rkRjTA=; b=IcCN3Ccu+z451lOLnTCmGMOSwDQzKtXEeAwyLo/DVr1VF/Uinr2zcztGkiOAGQuEYr1YehoKP56hC8nGEbsXxDNFf650rWdP42Gt+/KGVsdZnv2JJotAdDvoZCjrgvxGgtK957olpZNFiu3bTPV1P7pk97IDpRTFL1ka3FRxYp9dq83QveQF6eyjMtPqAp7QTEjBh4NyoRcJl4R1Y8Cmb5/PyZMsmqFCwJ+4DLH6W4xQ78Lwxq0bw6iHrJBkkZX7TyWkLH/ZPm2mqr9b0gBZNXI9V9PGhr1yeQGxaWDMa1qU+PRHHGiMkZNsi35NJ970uq+MQx37qPH4Jj7lrdM4iQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=YTW6TqKyY6dkOtrOZA59q4UeIJX+/KmcrC5w9rkRjTA=; b=XpCiFS5A3e+6dTdLJ93etLotrLEX354xPXLlTOe30ywp3+PuDYbo3spFtJ/hBCaShGz/i8vMHuhIyS7YhBJxe9z3EPZmkYoMrLPSUUJlVj+XecIh5UK4LraUR3rJ4rf5kng5leQMehbRrhuMGyicZ5E7U+0DW+zw+EjW7rDJAxA=
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com (52.134.114.155) by AM6PR07MB4486.eurprd07.prod.outlook.com (20.177.38.77) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2835.6; Thu, 12 Mar 2020 09:23:28 +0000
Received: from AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71]) by AM6PR07MB4134.eurprd07.prod.outlook.com ([fe80::501f:822f:f9b5:eb71%7]) with mapi id 15.20.2814.007; Thu, 12 Mar 2020 09:23:28 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "uta@ietf.org" <uta@ietf.org>
Thread-Topic: Comments on draft-tschofenig-uta-tls13-profile-03
Thread-Index: AQHV+E/jCOsBrdqn9kW5M0hYqIZXxQ==
Date: Thu, 12 Mar 2020 09:23:28 +0000
Message-ID: <A01715F2-207B-471D-956E-5CF3E11FA16A@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.35.20030802
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ad6c49df-250e-4dba-079e-08d7c6670679
x-ms-traffictypediagnostic: AM6PR07MB4486:
x-microsoft-antispam-prvs: <AM6PR07MB448694404C631EA66384AEC389FD0@AM6PR07MB4486.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0340850FCD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(366004)(376002)(396003)(136003)(199004)(66946007)(66556008)(36756003)(64756008)(44832011)(66476007)(6916009)(316002)(66446008)(2906002)(33656002)(5660300002)(76116006)(81156014)(186003)(86362001)(6506007)(6486002)(81166006)(2616005)(8936002)(8676002)(6512007)(26005)(91956017)(478600001)(966005)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB4486; H:AM6PR07MB4134.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: h1igSAa9urMa06Ie4yBkdZ8lT4kc5s8PXurNq9v0inWSviOoixGT7mOEtm2efvTEaINtIPr6kkwoBwXwpdoepfs4LKoWmB6wWFURiw28gMbLL/ZdEr1Fxtf3ZQwzXmEV6+4t5ftdMVTsfwGWXLSeyPFsGuxfxIkfWeXUUbO3bZDYhkIPUvaayx45GOsoZqFpa5peKFjEPQd15ON0FTTx+pRJ6PaVsPlJgk89KQ3f8v8LlRW3gQ3pu4jdnaqV8V/0FAAP/AydZqS93ltQVBVYVT8vT10sNHyFKuXW0iMNYG/DgEq4HZ2qdKYtXU6HQ50MLeelKjHydLmhEDC0BrtSIO6SmYWuiZa5pjIsCQec9c789hEV4VYHWyb+nU9JFy9zcFPGR5d3+JHcJiKsnjNmCRZsienAAsVweSGY/Kx388S19EWFPcxhqJER4F+VmexLTAiS5dDCh19OrBeLSMRZntghhcNwwWB3ncq7JCKFzq4vxCScKoX+BISAC515EC1NxmS4vKJemXtB5ITQ4Ohw1w==
x-ms-exchange-antispam-messagedata: 7ed8tX2fMyc3rb/05Gl8/ztUNtuv4JHB8TrQgBm1QLo7Tb1d+RfJHyotWbwcCsO5U5DMSzumuWsW27Dx4X7DbDAY2tAS+4wXcyMEyYJj/tilQvetO+5EsKUkokDN0v79oXKwca18pYq+1DCkCn1h/Q==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <D17B7237A931B1428CD871D222D953A1@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ad6c49df-250e-4dba-079e-08d7c6670679
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2020 09:23:28.8051 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: W8nVs3J0OkoDB8rRYs4Bske3ko7I+w5/DyRD618FsWBVxe0ZFP1h8gZYQkhUNbZ0VsUYGMmqZXYcJpXwrJGJ83Q12myUW188HImVU8w1skE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB4486
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/lC_5kTsvW-qBa65dvLcjp0hDvHY>
Subject: [Uta] Comments on draft-tschofenig-uta-tls13-profile-03
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2020 09:23:41 -0000
Hi, I think this is important work. RFC 7925 is a very useful document. While working on https://tools.ietf.org/html/draft-raza-ace-cbor-certificates-04 https://tools.ietf.org/html/draft-mattsson-tls-cbor-cert-compress-00 I'll deep dived into the certificate profiles specified in Section 4.4 of RFC 7925. As far as I can see draft-tschofenig-uta-tls13-profile does not mandate any X.509 profile at all. I assume it should? I suggest that draft-tschofenig-uta-tls13-profile-03 mandates the certificate profile in RFC 7925. I also have some comments on how the profile could be improved. - An ASN.1 schema for the X.509 would be extremely beneficial. See e.g. the uncomplete ASN.1 schema in Appendix B of draft-raza-ace-cbor-certificates-04 - Is the encoding of EUI-64 as a X.509 text string specified somewhere? In that case a reference would be good. Otherwise the encoding should be specified. - Is pathLenConstraint mandatory to support? In that case, are there any minimum length that is mandatory to support? - For BasicConstraints, the profile states that the only two valid options are "Present and true", and "Absent and therefore false". For the bool critical for all expansions, both "Present and false" and "Absent and therefore false" seems to be valid. Is this intentioanal? Cheers, John
- [Uta] Comments on draft-tschofenig-uta-tls13-prof… John Mattsson