IETF Logo Mail Archive

Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06

"Salz, Rich" <rsalz@akamai.com> Thu, 30 June 2022 14:18 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7539BC15AE38 for <uta@ietfa.amsl.com>; Thu, 30 Jun 2022 07:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.849
X-Spam-Level:
X-Spam-Status: No, score=-2.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZYtB8j34qsp for <uta@ietfa.amsl.com>; Thu, 30 Jun 2022 07:18:48 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0497C157B35 for <uta@ietf.org>; Thu, 30 Jun 2022 07:18:48 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.17.1.5/8.17.1.5) with ESMTP id 25UDZ6Gs028414; Thu, 30 Jun 2022 15:18:46 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=AZO7bkwlORsZyPa1TBU8Dbi3wro5pFhH44Rqj6ACDMs=; b=DwUSPrbKzufcDC1wu6yp0u9y6fktpnloo7qa82yuSTJiOw73c/D8Rzpn/N8A7br8AAkc aw6MMbhHQfn1yVKY7YnBz8LnYkOVtiKXYmtgkHkW8wAcPtz/ZKTkTsKRjjehJuvHcLIe 1GDbORXSwaRDIuNiBJhMIT4E3fDfYziiSSLCua0KQDz3rhxFA2dwS34lJ2rh3ZJwOrcS uX9zdY2eqFfvWbt/1lYRwFAbGcdUIlfUu1lKP1Pq8OOSxpW4ybNUeKnXsSgQfpHZKvEg UR3Z5FjR1zmdEzAyd/qDYpfcgfZkNJyBfjIRhW6J6BcW4IhO0uhD8rzCHB4s8tHmrqC6 4Q==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0050096.ppops.net-00190b01. (PPS) with ESMTPS id 3gynjcdxdj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Jun 2022 15:18:46 +0100
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.17.1.5/8.17.1.5) with ESMTP id 25UAnbHV029656; Thu, 30 Jun 2022 10:18:45 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.203]) by prod-mail-ppoint7.akamai.com (PPS) with ESMTPS id 3h1adn0sy5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Jun 2022 10:18:45 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb6.msg.corp.akamai.com (172.27.50.205) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.26; Thu, 30 Jun 2022 07:18:45 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.0986.026; Thu, 30 Jun 2022 07:18:45 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, Martin Thomson <mt@lowentropy.net>, "uta@ietf.org" <uta@ietf.org>
Thread-Topic: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
Thread-Index: AQHYi1OONsfNlikUQICzeXBktMWF+61mkH0AgADFkwCAAN4rgA==
Date: Thu, 30 Jun 2022 14:18:45 +0000
Message-ID: <ED51AE33-23D2-4D40-91CD-155877E0ABAC@akamai.com>
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <152a5c9d-3142-419e-81dd-aa19bc2c8a02@beta.fastmail.com> <A8121C94-7881-4BA1-8A3D-C70291020FA6@akamai.com> <53fb3bb0-6414-3e1b-5ef5-2204522528f8@stpeter.im>
In-Reply-To: <53fb3bb0-6414-3e1b-5ef5-2204522528f8@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.61.22050700
x-originating-ip: [172.27.118.139]
Content-Type: text/plain; charset="utf-8"
Content-ID: <0089B2B11B2CFE46BDC5BFA0DFA1597C@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-06-30_09,2022-06-28_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 mlxscore=0 mlxlogscore=814 bulkscore=0 malwarescore=0 spamscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206300057
X-Proofpoint-ORIG-GUID: YoAAG-uz7k_XU8Ln07oNzeyp_eGwaXvU
X-Proofpoint-GUID: YoAAG-uz7k_XU8Ln07oNzeyp_eGwaXvU
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-06-30_09,2022-06-28_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=767 spamscore=0 phishscore=0 mlxscore=0 lowpriorityscore=0 clxscore=1015 bulkscore=0 suspectscore=0 malwarescore=0 impostorscore=0 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2204290000 definitions=main-2206300057
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/o9fcp4Anox4S5RKpJJ50uC6IrjE>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 14:18:52 -0000

>       A reference identity of type IP-ID matches if the address is
       identical to an iPAddress value of the subjectAltName extension of
       the certificate.

My concern about this is what I stated before. This document, and its predecessor, clearly state that they are about domain names. In particular, fully-qualified ones.

Adding IP address is likely to have rippling effects throughout the document. For example, much of the Applicability section would need to be revised, the simple summary of the rules and the detailed processing sections need an "escape hatch", and so on. I believe this document could just point to the HTTP RFC as advise for protocols that support IP addresses, as I have also said.

We have not yet seen that there is WG consensus to accommodate Martin's point. Can the chairs handle that?  If there is consensus, then the wording needs to be discussed and the WGLC should be re-started.

v2.23.0 | Report a Bug | By Email