IETF Logo Mail Archive

Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Tue, 19 July 2022 08:41 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA329C14CF0E; Tue, 19 Jul 2022 01:41:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.603
X-Spam-Level:
X-Spam-Status: No, score=-9.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=LFGtHOJ/; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=sv9DNbME
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KY-pJ7h0v6BN; Tue, 19 Jul 2022 01:40:59 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CC32C159529; Tue, 19 Jul 2022 01:40:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13375; q=dns/txt; s=iport; t=1658220059; x=1659429659; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=Q1d+fxu8IoeaE8sr3uCGQz5F/HykIrduSw7jol1Em2o=; b=LFGtHOJ/ETM/s9qiJ82IvQQ1QWIZHeIZeramPcdFuGFgdHOWJw8OPBsh dfvjAsKOgT8czcfnzHoFEi6oox3xWjVcN9ts/HX1F6IuG+7OA+4WyVk2Z pv4jbryVWb/6tXJ5RBLFYAgpAmmyGv8Nqf9PqjdaOPaKGSLyNZxY50TpX k=;
X-IPAS-Result: A0AYAAA/bdZimIMNJK1aHQEBAQEJARIBBQUBQIE7CAELAYEgMSoofwJZOkWIGgOEUV+FC4MCA5Y0hRiBLBSBEQNUCwEBAQ0BAUIEAQGFBgKFDgIlNAkOAQIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBCRQHBgwFDhAnhWgNhkIBAQEBAgESGxMBAS4JAQQLAgEIEQQBAQEnBzIUCQgCBAENBQgaglsBgg5XAw0jAwGfFgGBPwKKH3iBM4EBgggBAQYEBIUQGII4CYE9AYMXhDqDFYMleyccgUlEJm9Dgmc+hA8BEgEjNINXgi6NEoQiimwHNwNHLxKBH2wBCAYGBwoFLgYCDBgUBAITEk0GFgISDAoGEw5BEBcMDwMSAw8BBwIJEAgSJQgDAgMIAwIDGwsCAxYJDgMdCAoYEhASAgQRGgsIAxY/CQIEDgNCCA4DEQQDDxgJEggQBAYDMgwlCwMFDw0BBgMGAgUFAQMgAxQDBSQHAyEPJg0NBBsHHQMDBSUDAgIbBwICAwIGFQYCAhhUOQgECAQrIw8FAgcvBQQvAh4EBQYRCAIWAgYEBQIEBBYCEAgCCCcXBxMzGQEFWRAJIRYGDhoKBgUGFQMhRyYFRQ8oMzY8LB8bCoEVKgkiFgMEBAMCBhoDAyICEC4xAxUGKRMUGhMJK30JAgMidAMDBCwcBQQZAZ1yNTEVIysLOwiBE1cRkwMLjXiODZMQCoNRmRaHHhWDdkmLe5gtlnkgoXCFEAIEAgQFAg4BAQaBYYElcHAVgyNRGQ+OIAsCDAkVbwECgkmKXnU7AgYLAQEDCY8GAQE
IronPort-PHdr: A9a23:n9NomxRvaVPC4BRtfIb/8XKkodpso7vLVj580XJvo75Nc6H2+ZPkM QSf4Ph2l1bGUM3d7O4MkOvZta3sGAliqZaMuXwPatpAAhkCj8hFkwkpGsXQD0r9IbbjZDA7G 8IXUlhj8jm7PEFZFdy4aUfVpyi57CUZHVP0Mg8mTtk=
IronPort-Data: A9a23:f50JtKMhVRUUQlDvrR1Ll8FynXyQoLVcMsEvi/4bfWQNrUor0DdWx jcdCD+BOP6Ka2ShLYolOoyzphwE7ZeAyYI1HHM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h ykmQoCcaphyFBcwnz/1WlTbhSEUOZqgG/ytUoYoBggrHVU+EHh42Eo68wIEqtcAbeaRUlvlV eza+6UzCHf9s9KjGjtJg04rgEoHUMXa4Fv0jHRnDRx4lAO2e00uMX4qDfrZw00U7WVjNrXSq +7rlNlV945ClvsnIovNfr3TKiXmTlNOVOSDoiI+ZkSsvvRNjnwUza0xEcMOUnlWmmrYvIp30 Itq65PlHG/FPoWU8AgcexBcFyc7Nqpc9fqeZ3O+qseUiUbBdhMAwd03UxpwZtNeo70xWDoXn RAbAGhlghSrnf23xK68TMFnh98oK4/gO4Z3VnRInWGCV6x4GciYK0nMzeIC7ic2uPtnJOjHQ JZGNWRyQQnmbiQabz/7D7pnzLv32RETaQZwrF+Uq6gf+HXVwRA3y7WFGMfJc/SLSNlb2EGCq Qru4njwRxoaPd2F0hKE/26iwOjVkkvTVJgbGqH99/N2jhiO2mVWEhMdCgbh/PO4kWa/Vs5Rb UsO9UIGrKUp+2SqQ8XzGRqirxaspQIEVsZdCcUh9BmA1qfOpQecblXoVRZIbNgg8cQxXzFvj xmCnsjiAnpkt7j9pW+hGqm8/RWtMiIwFH05Wy4VElomud/7/qZtgUeaJjp8K5KdgtrwEDD25 jmFqikimrke5fLnMY3moTgrZBrx+PD0oh4JChb/BTn8t1wnDGKxT8n5twaEvK8owJOxFAHpg ZQSpySJAAni57mkkCiARo3h95n2uq7ca1UwbbOTdqTNGhyk/3qlOItX+jw7fQFiM90PfnniZ 0q7VeJtCH17YSvCgUxfOt/Z5yEWIU7ITo6Nuhf8NYYmX3SJXFXblByCnGbJt4wXrGAikLskJ bCQetu2AHARBMxPlWTrF75DgOdwnX5unQs/oKwXKTz6jtJyg1bIFt843KemMojVEYvd+lyOq oYDXyd040wGCLGWjtbrHX47dABWcidT6WHeoM1MfenLORt9BGwkEJfsLUAJJeRYc1Buvr6Qp BmVAxYAoHKm3CGvAVjaOxhLNeK0Nb4i/C1TFXJ3Zz6AhSN8CbtDGY9CLfPbi5F9qrw6pRO1J tFYE/i97gNnEG2Wo21MNsCh8+SPtn2D3GqzAsZsWxBnF7YIeuAD0oWMktfHnMXWMheKiA==
IronPort-HdrOrdr: A9a23:byZ2w68aWwJtns6CjURuk+Fmdb1zdoMgy1knxilNoENuHPBwxv rAoB1E73PJYW4qKQ0dcdDpAtjlfZquz+8L3WBxB8buYOCCggqVxe5ZnPPfKlHbak/DH6tmpN pdmstFeZHN5DpB/L3HCWCDer5KqrTmgcOVbKXlvg1QpGpRGsZdBnJCe3+m+zpNNW977PQCZf +hz/sCgwDlVWUcb8y9CHVAdfPEvcf3mJXvZgNDLwI76SGV5AnYp4LSIly95FMzQjlPybAt/S zuiAri/JiutPm911v1y3LT1ZJLg9Hso+EzSvBky/JlawkEuDzYJ7iJaIfy/gzdZ9vfrWrCpe O84yvI+f4Dr085MFvF5icFkDOQrgrGo0WSuGNwx0GT5/AQgFkBepJ8bUUzSGqB16NohqAN7I tbm22erJZZFhXGgWD04MXJTQhjkg6urWMlivN7tQ0WbWIyUs4mkWUkxjIdLL4QWCbhrIw3Gu hnC8/RoP5QbFOBdnjc+m1i2salUHg/FgqPBhFqgL3e7xFG2HRii0cIzs0WmXkNsJo7Vplf/u zBdqBljqtHQMMaZb90QO0BXcy0AGrQRg+kChPYHX33UKUcf37doZ/+57s4oOmsZZwT1ZM33I /MVVtJ3FRCDH4Gyff+qKGj3iq9MllVBw6duf22z6IJz4HBeA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.92,283,1650931200"; d="scan'208,217";a="883226003"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Jul 2022 08:40:58 +0000
Received: from mail.cisco.com (xfe-rtp-004.cisco.com [64.101.210.234]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 26J8ew9h009204 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 19 Jul 2022 08:40:58 GMT
Received: from xfe-rtp-003.cisco.com (64.101.210.233) by xfe-rtp-004.cisco.com (64.101.210.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Tue, 19 Jul 2022 04:40:57 -0400
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xfe-rtp-003.cisco.com (64.101.210.233) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Tue, 19 Jul 2022 04:40:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NzFRkCueu1/rzGQyK52WSQH8bSxTuN8UfVEp5ikxD0k7Rz9QusUdiqBUzpdZklj9OjMn8gO9cyVQaIVDIeT9pSJU1wSaW5cpceBpIkxyDl1otMPpJP7kghr1GtaAkHKhoPtfwRenrSFPe76JsXyJGglQBM5lkvng6V2tb3zcdGYaol3MORy4223srt8wBlnJLA82iPJ9NBXIRv6G41FObzo3xXITIGUbFM4mteopDoUpACS+qnCZimvdnPvkcgKVImRcyD9XiDFYLItcR1pK2HvxDnJFVw5jH6JSURA7jpf3F2V7sb7ATT3PRT8JFPOhylQq3+I5TmGK7uglIuP12g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cylmnco9Lw7s/K3RbAvXkwGg3HUj/E79TAyQN2qvtfE=; b=ctIelGGKi73vah8AJHu+PyC9fV/eLP08DpvqU+yBwwJFC9eK93qVMah6BiU8+V9pyILgGcCFJSCyfXGSEYPl9MQHppZXey42Rw/+8tuQtCcu+BX8sKJysIZBRMMM9haAUudfLELP7h64/6nWiKVUkGUdtK3P4Z74P1aP6keIglFJPkm+HikdpyQTqQgcLx0OvYPS2/M5hTV3g9TI1vmj8uBgGt2x4poa03Z86RXvCgA/J82iFdng+fVsTyTZMJjkDT0TDxMPkDOmq3tj7eh3wHrngnDYH+WgujNhzLzLVzA/bnxc1K+ST+4ogFHsPczLTkN+yW/tN9mBMBtIafDtqA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cylmnco9Lw7s/K3RbAvXkwGg3HUj/E79TAyQN2qvtfE=; b=sv9DNbME/65Koj7xgJqczwuFnHB9ypV/hQsvu3qSZDvNHI7XCsHQKGbysqKg48bGRTD8fWf3n9rpd38rhnei0iYH4uHBGJG7BGfiSlvwgYnQeTVbnc3590mEwVNrk8N67Xf2FeDMICTNk5Xl1t1pDOigbvuFHWSsZYN+yGFf5oM=
Received: from BY5PR11MB4196.namprd11.prod.outlook.com (2603:10b6:a03:1ce::13) by DM6PR11MB2794.namprd11.prod.outlook.com (2603:10b6:5:c5::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.20; Tue, 19 Jul 2022 08:40:50 +0000
Received: from BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::e0e7:b17a:c19c:20e4]) by BY5PR11MB4196.namprd11.prod.outlook.com ([fe80::e0e7:b17a:c19c:20e4%4]) with mapi id 15.20.5438.023; Tue, 19 Jul 2022 08:40:50 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>, Peter Saint-Andre <stpeter@stpeter.im>, The IESG <iesg@ietf.org>
CC: "draft-ietf-uta-rfc7525bis@ietf.org" <draft-ietf-uta-rfc7525bis@ietf.org>, "uta-chairs@ietf.org" <uta-chairs@ietf.org>, "uta@ietf.org" <uta@ietf.org>, "leifj@sunet.se" <leifj@sunet.se>
Thread-Topic: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
Thread-Index: AQHYl2Vbtb6/MYgEPkeJX2Vy4Jo9ca1999cAgAZ03QCAAPpNgA==
Date: Tue, 19 Jul 2022 08:40:50 +0000
Message-ID: <BY5PR11MB4196675939D85F9BFD07A6E8B58F9@BY5PR11MB4196.namprd11.prod.outlook.com>
References: <165779144446.10023.16857085823147739769@ietfa.amsl.com> <799e5773-9fa4-b06a-38d1-138c43c5cfd9@stpeter.im> <DB9PR08MB652475AC276788905C30E2379C8C9@DB9PR08MB6524.eurprd08.prod.outlook.com>
In-Reply-To: <DB9PR08MB652475AC276788905C30E2379C8C9@DB9PR08MB6524.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6203b067-9b01-4291-a678-08da69626240
x-ms-traffictypediagnostic: DM6PR11MB2794:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2dyOez+hzCJepfBfYLHKUzblYutkKU5UcpbvR5rqegIpv/dAw1oivcYBTY96P2uLqP5KcQaC15ejWbT2SzPG0BXtePJR1ZWhqlFfLZI7F/kd9PHkrpox34mDsqAbUsLzqV0mxbCo/RnvECVoUKyW0bvWCwBVJyCNjfRCB380S9LAxXz1HYTaLmAITHi28twjITO9G7xC+0MX7RCbsO2mYjQj1dWmiy6oOtmhIL8I30vV3E67Jx8gzyGU68Wkjkng9NLknsUdrIar3diggc4fVhR5cQ+fk4MtqG4OR8FNvkwMdVmq9a2ByME9B0YyHVr/iKDEzthjb5X5TYITfmfjd/WYsry4Nbs81k5c0DyZNsgE5SMcFTUNW9cLIkv5Xb3Pap2uy5vfJkJROLf3NoauwrmWIVs9hAvVQ4xkOIIKzZMGBKfv2N1i9pLXwwq3HIEOtYXUwRHc38okZ8VX3evY/AGViMlwc/V4aKPF3RTfzehsn1uQf0zHRyCWQK6iR2sMxkUOCTHlSd2Lf5k6jmIHc5ypgCST7tRXi+mQz2WQGIMAPDS4esekvBz3+4ND2YKzLerJ2cJqBZkIiVhHhvLj7nt3piBaLWtdsbKxR9i6rWN6kWIGuIXGT7r1SnQwHrVq4Vt8M9yJIcMQp4V/RYGBXSDUmFyYHywoKyzGOieQI2j0oCjRaT65vAGiXnDxZ9nPjoSXECPFc6hb7LM4eJEwmnKBnxsGVjaja2s7v7T7l/ozgbCYltmwaxy5zHL5xyPIJc9R96pX7d7LMU9T8xUrWa/Ob9TNGeexbgzd5lamZklqqwF+B+9F7t8Z0RORPE/a
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4196.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(366004)(39860400002)(376002)(396003)(136003)(86362001)(38100700002)(38070700005)(33656002)(9686003)(478600001)(110136005)(7696005)(41300700001)(6506007)(186003)(71200400001)(66446008)(53546011)(316002)(66556008)(76116006)(8936002)(66946007)(66476007)(52536014)(54906003)(4326008)(64756008)(8676002)(5660300002)(122000001)(9326002)(83380400001)(2906002)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: NcV3JGcvPZ/2KmMjywxNkgCKLXJnosjl3GxIKxkG1+vHXXDNwNGMwPaG+pOSSXRMwvcGcGc5VhHf73+c6i8ykaMWv4B1KEskgBJLwLBG7pNYjkDz5upSQUTU82Q7W018PLOEcX46vMRgnzz6t11UTgZpAw1Yh76Vj8FrEILe8BIc1G6XyowoOGdNrlqybKCoTwIECRZnB8pmlx9hZqbad36K7S2luh7VJBg4s5EZvBlveBNqruRO/MZXjVR/YDtWLqyhQxI3UvMDEkX9Jfj0a93FlN1c9CuEHIXqhaIvjq+NsysohuNXwuwwkskmNWy3ugfSeVZJBY84P0KCWwWCxdIpzMxMkiB/MgdiM0LhPthq4aKyPxu8+i324j4O1/nbHiVnYOT1aqV87URAPw3pDO9q8wkf/ZRb+p1xEmISfcL+59cYFeTNk0NXRv1YbhNn5q9Ftxr0v4eO3nIaj9e0QQDYeFGy14T5ZbeYSioNHBeooafRffctGi2x2LOaJf5EaMDehSi8PDbur93kTGxHPAKn8/4jdMABjjoJrrgPg+eQIr6XbzGIFyky/MCOEkPg18KoShV9F6ynbUlCs/jofcKx2b9b+jqwmaaL7nLllg3BFJU936jJ9iAayaP9kp68Kkqav6zXmC+sAuV+YP0ZqlQB/mneynDz08TxJ5t+FBjUk6ypIt7cQE8/v6NOFPlTZqtkRuV2UhroiHRMM3yeVkEJfBSvG8aK3+71xOChUOu8iYJ5T097S/D+k/Tvb/sk8QW1iWgIm4kFfGSehfVplRHZCJC049mqbhFYrAuk2RkH0w5gq9pWMiYcAN2liErOXPPHf/qJZ/Vc+GJ4B0AxHpqFjmx1kVBmNHgrqsk+GX1kFyGh/6XztRcO77jydhKRUGDxoHrDVMg1m6U2nzIngqpwUkJb22dXy5iRx4U96tanFaMBFHXyUHfeberyWbulkyOFqxAZVsGcsvMWUFZWJGyd1Aa4fgfp5HwWVIdO59Bp8pvbb6t/40amycL/ujSZ+/8VGwN1QAMn6Q4yF5SfHmqOOSY27J1BKC0+172TEnRCJD/vwbwOBXnx7e7NtOm4LCklwcUddDpArCgH7t912G+51mB4xgBBhl4VQxOEyW5eAZjxLvpFyC9fdHwY6woHvy8rGjMEIdKA7ATLrc/Nsbw2owYxKbYtmfi1qCPkhe1IBpHo6rkgk2K2DPcY4kl7sqOn0ZVT9oHZEhv6ciwf6a4r1FQdqwrVem40pCm6LoLsFB54h1hNdL1AguSErJS6+VcHOSL8z07af3O8c6iIpS/WvkN1fhEVFd/NOzQRHrzt7OIpdWROK+nqE3+q8i9D/qIyqS2Y43rvc0uUyRTRln3UArGm97OoPO8AtYOubTyIPKGAXubC4KcgbD6A0jCl2CjIw18aaPBg39yt23TE87p+gheknvQaFRb4xti1JekxQCoY568elRY3cuqw3Mi/WBL9Wgv4iRVdp+CYme7ZD926EY0w4b0UngMQ62iJfXQJBAlpieOeuKSVJkKGxNX/qGogAAGa9q0fEtc1Y7K3DVGIB7f+nOK7zpTnu+LVji4L0QwcUd0Q14GKRgTsE1Vz2W6zgRZK3d+OQpViRb0IUqcDznvikS70VJ3RngJ6G0ZChkuOK+KQUHmzhrSbAhli
Content-Type: multipart/alternative; boundary="_000_BY5PR11MB4196675939D85F9BFD07A6E8B58F9BY5PR11MB4196namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4196.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6203b067-9b01-4291-a678-08da69626240
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2022 08:40:50.2305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Od7BG7U3c/zi2WDtNRpxjWtqOH9MvdBFb+XGP2j5M0o/29KXBWOt2WWna3WbhAkitMjnfF1t9jbUgOCYoJBGHQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2794
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.234, xfe-rtp-004.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/zQIawWATclw50X2Ar3J8PvLf5e8>
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 08:41:03 -0000

Hi Thomas,

From: iesg <iesg-bounces@ietf.org> On Behalf Of Thomas Fossati
Sent: 18 July 2022 18:42
To: Peter Saint-Andre <stpeter@stpeter.im>; Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org>
Cc: draft-ietf-uta-rfc7525bis@ietf.org; uta-chairs@ietf.org; uta@ietf.org; leifj@sunet.se
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)

Hi Rob, Peter,

On Thursday, 14 July 2022 at 16:07, Peter Saint-Andre <stpeter@stpeter.im<mailto:stpeter@stpeter.im>> wrote:
> On 7/14/22 3:37 AM, Robert Wilton via Datatracker wrote:
> > (4)
> >     When using RSA, servers MUST authenticate using certificates
> >     with at least a 2048-bit modulus for the public key.  In
> >     addition, the use of the SHA-256 hash algorithm is RECOMMENDED
> >     and SHA-1 or MD5 MUST NOT be used ([RFC9155], and see
> >     [CAB-Baseline] for more details).
> >
> > So, for clarity, this would presumably mean that SHA-256 is also
> > preferred over say SHA-512?  Is that the intention?  Or would it be
> > better if the SHOULD allowed stronger ciphers?
>
> I think we should probably say "SHA-256 or stronger", but again I'd
> like to see what my co-authors think.

My two cents on this point.

Readers are always free to choose stronger algorithms if they want to.
However, in this case I don't see a good reason for doing so: if your
threat model involves an adversary with a quantum computer, 256 is as
good as 384 or 512, but it's more concise.  So, if your cert is
short-lived, going higher than 256 does not provide any real advantage.

If one's cert's notAfter is distant enough that they should start
worrying about the reality of a quantum adversary, then I think the whole
advice in this section would need a massive revamp :-)

Okay.  Thanks for checking.

I'm happy to regard this point as closed.

Regards,
Rob



cheers, t



IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email