IETF Logo Mail Archive

Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06

Peter Saint-Andre <stpeter@stpeter.im> Tue, 28 June 2022 20:35 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7B17C157B5F for <uta@ietfa.amsl.com>; Tue, 28 Jun 2022 13:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.983
X-Spam-Level:
X-Spam-Status: No, score=-3.983 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=uLNEr8/2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Fa4booQD
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a5qpz7fK1Nrx for <uta@ietfa.amsl.com>; Tue, 28 Jun 2022 13:35:27 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBE83C157B5D for <uta@ietf.org>; Tue, 28 Jun 2022 13:35:26 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 0C1895C01D3; Tue, 28 Jun 2022 16:35:26 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 28 Jun 2022 16:35:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1656448526; x= 1656534926; bh=AJAy3w/URZbAN7qA7f5I/7pkHyGbD3ysbxPcYiq5ukg=; b=u LNEr8/21vrdaPh5NvZWIwh5LJqX272hTrJ8/9WXysvHjMb9IKFooZwYe+4h4LqvU ga6y+0PLjbgacmCLI6uBsPgT/y4V4hVQmCImw8faf7PU+2js1260OQ7OGEZB2ZV2 r9lT/LMKtu8Z+Pm26NoYWqLYvNcqJbmz8iwlH/kO0foVuAFs8T7ReXpgBCoXYm/c TeYHE9cgDVIdTlW/BpxLTUs8PHJFDWh9K/ImdQWoio2huUocQv0xQbwBUDBM7RAl psh4KifnG1gnyteTLUbJhOCX6citNSv1G3wsEODBQjiFOD9zeIqQX2JSiotkm8X/ BBx9+hi8Jpzw8Ln5rtqnQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1656448526; x=1656534926; bh=A JAy3w/URZbAN7qA7f5I/7pkHyGbD3ysbxPcYiq5ukg=; b=Fa4booQDcckSWu5WE OmtzprH1OCO+08JoIaM6oaInhRqqHq7hE3AZHvlyCEVLA0PaGZV9wdGdt8aFnu43 59dVH8q4vYPp3YV6SJaTUjBt2xSkRzenqitjwkSkzJoD7JR3pR8Gy+04VQMx8wJZ ohWrhwPrJ33utkEFME95XxC1FkoDPsEhW47P2NMEZvoZGDjZWn89vo1aOEy3LTVC WDki+iJ8rMQMv26SJb4UNxCZk96XkN5hpYMZakqKGeJqMjTw6fF+9Tf2qBDJn7A/ n4v1OMrK707nWbOlH57f57cwCf6nD0IQ+7WA+iJEJ58eltnJi1pA7J/SYJQEpWnv Y19Mw==
X-ME-Sender: <xms:DWa7Yli7nIS8LmDo3dfCO4L5ewJ9YbgVdE8Lcl4wD8tWjclSuns-Lw> <xme:DWa7YqDwIpQvhN04JFQ0eLaVpZGCKoML-aPK4joMpbKh67becZodXcXMKp-2cWktt TrknuvDQDe4zlZdjg>
X-ME-Received: <xmr:DWa7YlGM8AHn72zIsQhHOzV81MwfTHMApVoVm6tbHFfPEqN66sj2-YQQyL2g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegjedgudehvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqe enucggtffrrghtthgvrhhnpeehtefhvdejvdfhgeetgefhfeeuudefkeetvdfhkeelleeu heefleekkeekieffudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih hlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvghrrdhimh
X-ME-Proxy: <xmx:DWa7YqTwC895fh73QCSjF_R1_6ClPdT-DOXWoQZ1PXtbOD29LdtaNQ> <xmx:DWa7YiySvC2XTCOicmFRabLzPcSiqcXpeJR--Z06DqrUkCFk3s-CQA> <xmx:DWa7Yg5hFE7CQaNelK1gKkMHUv9ql4WZo-weGve54daKnFxAdlVfwg> <xmx:Dma7Yt84PzUB3ivEUdN2Tw_NeRlL0BCgvOak5MHeVH2eeGih_4WTaw>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 28 Jun 2022 16:35:25 -0400 (EDT)
Message-ID: <f447cf61-e588-f035-9b53-46dd4f3061e4@stpeter.im>
Date: Tue, 28 Jun 2022 14:35:24 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: "Salz, Rich" <rsalz@akamai.com>, "uta@ietf.org" <uta@ietf.org>, Viktor Dukhovni <ietf-dane@dukhovni.org>
References: <002e01d87e9c$78a002e0$69e008a0$@smyslov.net> <032e01d8878f$c2e8f630$48bae290$@smyslov.net> <A7E6035E-7BCF-4BB3-BB87-D261ED98532D@gmail.com> <YrdXuGgMKMM+gKJn@straasha.imrryr.org> <DF17FC56-87DB-4002-B84F-A81B3AE99F83@gmail.com> <Yrdzc0bkQGMRXVGM@straasha.imrryr.org> <fb09d07d-57c3-aba3-f367-dc25a348a4cd@stpeter.im> <Yrou2Rx71cRq+5jT@straasha.imrryr.org> <d1b5f7f8-6f4f-9860-b284-89544ad036d9@stpeter.im> <4e89b9f3-dc73-ca8d-8517-a569b676136c@stpeter.im> <B4F3A313-EF5B-4FFE-90C2-E939BF699068@akamai.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <B4F3A313-EF5B-4FFE-90C2-E939BF699068@akamai.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/xza_CBZS5rQJJK7uKXk0SkA6QmA>
Subject: Re: [Uta] WGLC for draft-ietf-uta-rfc6125bis-06
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 20:35:32 -0000

On 6/28/22 11:12 AM, Salz, Rich wrote:
>>     With regard to PKIX certificates, the primary usage is in the
>      context of the public key infrastructure described in {{5280}}.
>      In addition, technologies such as DNS-Based Authentication
>      of Named Entities (DANE) {{RFC6698}} sometimes use certificates based
>      on PKIX (more precisely, certificates structured via {{X.509}} or
>      specific encodings thereof such as {{X.690}}), at least in certain
>      modes.  Alternatively, a TLS peer could issue delegated credentials
>      that are based on a CA-issued certificate, as in {{TLS-SUBCERTS}}.
>      In both of these cases, a TLS client could learn of a service identity
>      through its inclusion in the relevant certificate.  The rules specified
>      here are intended to apply whenever service identities are included in
>      X.509 certificates or credentials that are derived from such certificates.
> 
> s/are intended to// :)

Agreed.

> s/are derived from/are derived from, or used to derive/ (subverts is the latter)

I think this is better: "The rules specified here apply whenever service 
identities are included in X.509 certificates, either directly or 
indirectly through credentials derived from such a certificate."

Peter

v2.23.0 | Report a Bug | By Email