From nobody Thu Apr 14 15:40:44 2016 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F4FD12E081; Thu, 14 Apr 2016 15:40:40 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: "IETF Announcement List" Cc: sean@sn3rd.com, ynir.ietf@gmail.com, spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.19.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20160414224040.6828.39709.idtracker@ietfa.amsl.com> Date: Thu, 14 Apr 2016 15:40:40 -0700 Archived-At: Subject: [Spasm] New Non-WG Mailing List: Spasm -- This is a venue for discussion of doing Some Pkix And SMime (spasm) work. X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Reply-To: ietf@ietf.org List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2016 22:40:40 -0000 List address: spasm@ietf.org Archive: https://mailarchive.ietf.org/arch/search/?email_list=spasm To subscribe: https://www.ietf.org/mailman/listinfo/spasm Purpose: A number of extensions to work previously done in PKIX and SMIME have been proposed. The spasm list is a venue for discussion doing Some Pkix And SMime work and may lead to chartering a working group for these items. The intent is that items that can be adopted by the putative working group will be: a) sane b) very likely to be implemented and c) have a reasonable likelihood of being deployed, to the extent we can tell. The putative working group would likely have a quite constrained initial charter (specific to a small number of drafts meeting the above criteria) and would need to re-charter before taking on any new work items. For additional information, please contact the list administrators. From nobody Fri Apr 15 07:16:11 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9631812DE58 for ; Fri, 15 Apr 2016 07:16:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8xHGw84j4vh for ; Fri, 15 Apr 2016 07:16:08 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6060212DFD7 for ; Fri, 15 Apr 2016 07:16:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 27A1DBE50 for ; Fri, 15 Apr 2016 15:16:03 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQQ5exOcZPlo for ; Fri, 15 Apr 2016 15:16:01 +0100 (IST) Received: from [10.87.49.100] (unknown [86.42.21.187]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 86C7FBDD0 for ; Fri, 15 Apr 2016 15:16:00 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1460729761; bh=esAI05m9Mbe6jXMmGFEDOrVOs5uujLZzJ7hk673Q1zk=; h=From:Subject:To:Date:From; b=uVX/vUleWooZGN7VxogXXXHNqHFybsx2/tdqteZYQDzGFNzKt19CWD6d+FYgk9QDS t975bSLJeJ3J7cI8tE2K0qOlFcJK5t8po8fvIOKf3eImhiYcuu7zHsq6ERd4ipC/y2 MfYYZbyL8YuPlzRQFyJSChC/+bQaJxs3lnexWAj4= From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= To: spasm@ietf.org Message-ID: <5710F7A0.8020108@cs.tcd.ie> Date: Fri, 15 Apr 2016 15:16:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000202080706020507030104" Archived-At: Subject: [Spasm] side meeting at IETF95 on possible PKIX/SMIME work (and new spasm list) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Apr 2016 14:16:10 -0000 This is a cryptographically signed message in MIME format. --------------ms000202080706020507030104 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hiya, About 10 of us who were at IETF95 had a side meeting to continue the recent discussion about potential work items that would have been handled in the PKIX and SMIME working groups before those closed. A number of such work items in this space have recently been proposed on the PKIX and SMIME mailing lists. In the discussion we concluded that it might be a good plan to try charter a WG to (initially) handle a small number of these tasks. We also recognised that there is a bit of a history in this space of people proposing work that doesn't end up being implemented and deployed (and I'm as guilty of that as anyone;-) so we wanted to not do that this time around. To that end I said that I'd be happy to help with seeing if we have consensus to charter a working group to tackle a smallish list of specific work items where: - the proposal is sane - we're pretty confident the proposal will be implemented in a real way (not a toy, but doesn't have to be on every phone) - to the extent we can, we think there's a good chance that the proposal will be deployed - each proposal has an I-D already published that is called out in the charter as the starting point for the work If we start that WG and if it turns out to do good work well and in a timely fashion then I'd guess that it could be re-chartered to add additional items that meet the above criteria. We also figured that a new list (spasm [1]) would be a better way to handle this as it crosses two previous lists (which will remain open) with much broader topics. Russ Housley, Stefan Santesson and Wei Chuang have agreed to try to craft charter text for that so they'll send that to the spasm list [1] in a few days once folks have had a chance to sign up. So please hold off discussion of this for a few days and then continue the discussion on the spasm list. Cheers, S. [1] https://www.ietf.org/mailman/listinfo/spasm --------------ms000202080706020507030104 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CvIwggUIMIID8KADAgECAhBPzaE7pzYviUJyhmHTFBdnMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwMjA5MDkyODE1WhcNMTcwMjA5MDkyODE1WjBOMSIwIAYDVQQDDBlzdGVw aGVuLmZhcnJlbGxAY3MudGNkLmllMSgwJgYJKoZIhvcNAQkBFhlzdGVwaGVuLmZhcnJlbGxA Y3MudGNkLmllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuC0rYze/2JinSra C9F2RjGdQZjNALLcW9C3WKTwYII3wBslobmHuPEYE5JaGItmzuKnAW619R1rD/kfoNWC19N3 rBZ6UX9Cmb9D9exCwYIwVuSwjrCQWGxgCtNQTrwKzCCpI790GRiMTvxvO7UmzmBrCaBLiZW5 R0fBjK5Yn6hUhAzGBkNbkIEL28cLJqH0yVz7Kl92OlzrQqTPEts5m6cDnNdY/ADfeAX18c1r dxZqcAxhLotrCqgsVA4ilbQDMMXGTLlB5TP35HeWZuGBU7xu003rLcFLdOkD8xvpJoYZy9Kt 3oABXPS5yqtMK+XCNdqmMn+4mOtLwQSMmPCSiQIDAQABo4IBuTCCAbUwCwYDVR0PBAQDAgSw MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQJ QhvwQ5Fl372Z6xqo6fdn8XejTTAfBgNVHSMEGDAWgBQkgWw5Yb5JD4+3G0YrySi1J0htaDBv BggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5 BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLmNsaWVudDEu Y3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1jbGll bnQxLmNybDAkBgNVHREEHTAbgRlzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllMCMGA1UdEgQc MBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBGBgNVHSAEPzA9MDsGCysGAQQBgbU3AQIE MCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTANBgkqhkiG 9w0BAQsFAAOCAQEArzrSv2C8PlBBmGuiGrzm2Wma46/KHtXmZYS0bsd43pM66Pc/MsqPE0HD C1GzMFfwB6BfkJn8ijNSIhlgj898WzjvnpM/SO8KStjlB8719ig/xKISrOl5mX55XbFlQtX9 U6MrqRgbDIATxhD9IDr+ryvovDzChqgQj7mt2jYr4mdlRjsjod3H1VY6XglRmaaNGZfsCARM aE/TU5SXIiqauwt5KxNGYAY67QkOBs7O1FkSXpTk7+1MmzJMF4nP8QQ5n8vhVNseF+/Wm7ai 9mtnrkLbaznMsy/ULo/C2yuLUWTbZZbf4EKNmVdme6tUDgYkFjAFOblfA7W1fSPiQGagYzCC BeIwggPKoAMCAQICEGunin0K14jWUQr5WeTntOEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g QXV0aG9yaXR5MB4XDTE1MTIxNjAxMDAwNVoXDTMwMTIxNjAxMDAwNVowdTELMAkGA1UEBhMC SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL192vfDon2D9luC/dtbX64eG3XAtRmv mCSsu1d52DXsCR58zJQbCtB2/A5uFqNxWacpXGGtTCRk9dEDBlmixEd8QiLkUfvHpJX/xKnm VkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+Cevdfa89VLnUztRr2cgmCfyO9Otrh7LJDPG+4 D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PI dopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4DIM8UlVS8pkIsoGGJtMuWjLL4tq2hYQuu N0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFgMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzAp MCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwZgYIKwYBBQUHAQEE WjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wMAYIKwYBBQUHMAKG JGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAdBgNVHQ4EFgQUJIFsOWG+ SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwPwYDVR0g BDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv bGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wBi4StDwECW5zhIycjBL008HACblIf26HY 0JdOruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspBOB/y5uzSns1lZwh7sG96bYBZpcGzGxpF NjDmQbcM3yl3WFIRS4WhNrsOY14V7y2IrUGsvetsD+bjyOngCIVeC/GmsmtbuLOzJ606tEc9 uRbhjTu/b0x2Fo+/e7UkQvKzNeo7OMhijixaULyINBfCBJb+e29bLafgu6JqjOUJ9eXXj20p 6q/CW+uVrZiSW57+q5an2P2i7hP85jQJcy5j4HzA0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOv Z3UDsTDTagXpRDIKQLZo02wrlxY6iMFqvlzsemVf1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOu mZhLP+SWJQnjpLpSlUOj95uf1zo9oz9e0NgIJoz/tdfrBzez76xtDsK0KfUDHt1/q59BvDI7 RX6gVr0fQoCyMczNzCTcRXYHY0tq2J0oT+bsb6sH2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO /ZskmSY8wtAk24orAc0vwXgYanqNsBX5Yv4sN4Z9VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsN JQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1UeGp/2deoprGevfnxWB+vHNQiu85o6MxggPM MIIDyAIBATCBiTB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcG A1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0 Q29tIENsYXNzIDEgQ2xpZW50IENBAhBPzaE7pzYviUJyhmHTFBdnMA0GCWCGSAFlAwQCAQUA oIICEzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MTUx NDE2MDBaMC8GCSqGSIb3DQEJBDEiBCDrBo32+pK3lLcvHu0gacwI9R3lYGa+b+HY+6KAgB2W eTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIGaBgkrBgEEAYI3EAQxgYwwgYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMw IQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzCB nAYLKoZIhvcNAQkQAgsxgYyggYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYD VQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzANBgkq hkiG9w0BAQEFAASCAQCobSBh08lAvJHvG7Lh9FSuha1z716mAweI4Xp2BJVBL89F7M8KrwYx ajPv+nz953mF60S8c1LbcNFln4tEXFAZqYkhTth0AbFOhe7XMWvgbX0EvqiPs0ApYlZf17lp eO37u6JkPS8Bc6wdpz4reF039YMdsdMG8vJsCiVUSEU6rayXv1+ZCTBJyexnTG9OjDkIGjH0 Si1qbzVHXTj3x3yERc68NZsh0/lvSoJCX9e5fG/AAqw24aURwyoM6qNq7i8SG5hpPD5hQ1cL ACfnA+J8bp9uoEcCE0q0+ozPODcwaYtp/GNnKu1USfo1wG/coBUAPlXVHhTP9IqbSVGUyQmu AAAAAAAA --------------ms000202080706020507030104-- From nobody Wed Apr 20 06:16:40 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC6D12DE0C for ; Wed, 20 Apr 2016 06:16:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.9 X-Spam-Level: X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HK_NAME_DR=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Ee0XupYZ49o for ; Wed, 20 Apr 2016 06:16:37 -0700 (PDT) Received: from mail.katezarealty.com (cvps8815162906.hostwindsdns.com [104.168.158.213]) by ietfa.amsl.com (Postfix) with ESMTP id B40E212DD94 for ; Wed, 20 Apr 2016 06:16:35 -0700 (PDT) Received: from iMassi.local (unknown [63.88.3.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.katezarealty.com (Postfix) with ESMTPSA id DCC543743B6C for ; Wed, 20 Apr 2016 09:16:34 -0400 (EDT) References: <5707CA2B.4060603@openca.org> To: spasm@ietf.org From: "Dr. Pala" Organization: OpenCA Labs X-Forwarded-Message-Id: <5707CA2B.4060603@openca.org> Message-ID: <57178131.5040500@openca.org> Date: Wed, 20 Apr 2016 09:16:33 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <5707CA2B.4060603@openca.org> Content-Type: multipart/alternative; boundary="------------000104040705070908070107" Archived-At: Subject: [Spasm] Fwd: spasm work item X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 13:16:40 -0000 This is a multi-part message in MIME format. --------------000104040705070908070107 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Hi all, as Stephen requested, after waiting for some time, here's a work item I would like to propose for the WG. It is a simple item that is aimed at providing a new transport protocol for OCSP responses: DNS (automatically cached and distributed). Cheers, Max -------- Forwarded Message -------- Subject: spasm work item Date: Fri, 8 Apr 2016 12:11:39 -0300 From: Dr. Pala Organization: OpenCA Labs To: pkix@ietf.org Hi all, as suggested by Wei - and as discussed with Stephen, I just want to propose a possible short-term work item about publishing OCSP responses in DNS RR. This should be a short work item as we do not change any format for the revocation information. Here's the reference to the I-D: * https://datatracker.ietf.org/doc/draft-pala-odin/ For a longer term work item (if the SPASM WG will succeed in the short-term agenda), I would like to propose revising the OCSP format to allow for more compact per-certificate revocation information to be available to client (sort of Lightweight Revocation Tokens). Cheers, Max --------------000104040705070908070107 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 7bit Hi all,

as Stephen requested, after waiting for some time, here's a work item I would like to propose for the WG. It is a simple item that is aimed at providing a new transport protocol for OCSP responses: DNS (automatically cached and distributed).

Cheers,
Max

-------- Forwarded Message --------
Subject: spasm work item
Date: Fri, 8 Apr 2016 12:11:39 -0300
From: Dr. Pala <director@openca.org>
Organization: OpenCA Labs
To: pkix@ietf.org <pkix@ietf.org>


Hi all,

as suggested by Wei - and as discussed with Stephen, I just want to propose a possible short-term work item about publishing OCSP responses in DNS RR. This should be a short work item as we do not change any format for the revocation information.

Here's the reference to the I-D:
For a longer term work item (if the SPASM WG will succeed in the short-term agenda), I would like to propose revising the OCSP format to allow for more compact per-certificate revocation information to be available to client (sort of Lightweight Revocation Tokens).

Cheers,
Max



--------------000104040705070908070107-- From nobody Wed Apr 20 07:44:59 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE92412D74D for ; Wed, 20 Apr 2016 07:44:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.517 X-Spam-Level: X-Spam-Status: No, score=-15.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ek-aOyjUokUC for ; Wed, 20 Apr 2016 07:44:57 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CB2212D550 for ; Wed, 20 Apr 2016 07:44:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1576; q=dns/txt; s=iport; t=1461163496; x=1462373096; h=to:from:subject:message-id:date:mime-version; bh=0ARyrGSgO7ZFs6H/e24EGIIf4G6LJz7lO2VQKT1c+wM=; b=A09xNz9RC3ta+60v855QyvAXvg09+UhZiGFjSYCVzmFIWqzvlL42ieXB BrH32NQIseEig1afMhOJpn9f6zVcSCExKhpkySlvN+LYr6k6RlkPs4IdD tGxeHtWIdsL8NSZid3VHWl08ELjcyROPYOL8cZc2kJc2giAq2gIUYuBR7 0=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ClBADslBdX/xbLJq1ewHKIHAEBAQEBA?= =?us-ascii?q?WYnhGtVPRYLAgsDAgECAT8ZCAEBiCWdU49dkR8Ij3eCNIJWAQSYD4MogWaJBoF?= =?us-ascii?q?QAYdohVePLWKDajqIdwEBAQ?= X-IronPort-AV: E=Sophos;i="5.24,510,1454976000"; d="asc'?scan'208";a="635271785" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2016 14:44:54 +0000 Received: from [10.61.236.65] ([10.61.236.65]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u3KEirOB021283 for ; Wed, 20 Apr 2016 14:44:54 GMT To: spasm@ietf.org From: Eliot Lear Message-ID: <571795E5.6080008@cisco.com> Date: Wed, 20 Apr 2016 16:44:53 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LL9LDHmStPSj5JqierIHQmiPbqVmMiqo5" Archived-At: Subject: [Spasm] proposed work item X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 14:44:58 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LL9LDHmStPSj5JqierIHQmiPbqVmMiqo5 Content-Type: multipart/mixed; boundary="KdRejXs9JGFasSs3T24aiCoOH93LO0fmk" From: Eliot Lear To: spasm@ietf.org Message-ID: <571795E5.6080008@cisco.com> Subject: proposed work item --KdRejXs9JGFasSs3T24aiCoOH93LO0fmk Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi everyone, At least for the moment, I'd like to propose a work item that was listed in Stephen's original note, I believe, which is draft-lear-ietf-pkix-mud-extension. I say, =E2=80=9Cat least for the mom= ent=E2=80=9D because we may want to consolidate MUD work elsewhere later. I think the ADs will want to talk about that at some point. Eliot --KdRejXs9JGFasSs3T24aiCoOH93LO0fmk-- --LL9LDHmStPSj5JqierIHQmiPbqVmMiqo5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJXF5XlAAoJEIe2a0bZ0noznfMIAL9XomXidSAdI6dLhMgBoqxP 8+5XRwe0j568n9Fm06HtTvS+J9jSoDOMOI8Y6nnWif1/UgjQEu8ua+XKDH4U+HPk jsfGaPU5qu/1N98SRjrBK0XiACDyUZZpmNrF7iBPm40QfNH3O4uzkgJmDNsaXsmj F1ZqsjjlCilGEMyHKoae4sQ4bkH/mNgW6pa3qu09qQLOAwdWdAwtjT7Rk4CvrGO7 Qdj2f1AuCRkpTbhAumXHtj33qac8AfXlnnLd4jg/3hpAU0CZ/WZA99DaPBoQ2Qfe WI0KE1LEujO5IWBv3DuU6Lwbg6EewtWOmB2Y/laBmNkqyg491fgUmNRVW8lQjas= =D0Qn -----END PGP SIGNATURE----- --LL9LDHmStPSj5JqierIHQmiPbqVmMiqo5-- From nobody Wed Apr 20 08:01:06 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51A0412E087 for ; Wed, 20 Apr 2016 08:01:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5Aqaw1cwupR for ; Wed, 20 Apr 2016 08:01:03 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 0F48E12B006 for ; Wed, 20 Apr 2016 08:01:03 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 80B70F2404B; Wed, 20 Apr 2016 11:01:02 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id IeZ0bVgihfde; Wed, 20 Apr 2016 10:45:35 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 03B67F24035; Wed, 20 Apr 2016 11:01:01 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: <571795E5.6080008@cisco.com> Date: Wed, 20 Apr 2016 11:00:59 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <3813FE06-6528-4777-B532-89754072DA61@vigilsec.com> References: <571795E5.6080008@cisco.com> To: Eliot Lear X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] proposed work item X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 15:01:05 -0000 Eliot: I skimmed this draft. How much adoption has there been of IEEE 802.1AR? = Given the criteria that Stephen outlined for this group charter, that = answer to that question will determine whether it makes it into the = first round of the charter. Russ On Apr 20, 2016, at 10:44 AM, Eliot Lear wrote: > Hi everyone, >=20 > At least for the moment, I'd like to propose a work item that was = listed > in Stephen's original note, I believe, which is > draft-lear-ietf-pkix-mud-extension. I say, =93at least for the = moment=94 > because we may want to consolidate MUD work elsewhere later. I think > the ADs will want to talk about that at some point. >=20 > Eliot From nobody Wed Apr 20 08:09:05 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B91E12D659 for ; Wed, 20 Apr 2016 08:08:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.517 X-Spam-Level: X-Spam-Status: No, score=-15.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCLONPjK8N0t for ; Wed, 20 Apr 2016 08:08:45 -0700 (PDT) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD1A812E0E7 for ; Wed, 20 Apr 2016 08:08:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2621; q=dns/txt; s=iport; t=1461164925; x=1462374525; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=hCShuMvcTuv2Hh48VBiaFZsoQBz5MElSHastOTOME/M=; b=TjxWuNA/CipzyHcX5jqwEqFSz+3YIsb7mfZVG8gcgw3loN8Cg/67RMwr k20Rs0NEfYMNGfBpgQCCvWfsOOqqZU8xS5yjanaPnNWC1bFqzpzcbq0P4 8ltusghR3abUx5XyBLDIxMIBDyyy+52P+olY5geHyzJN7r9iKfiRCmR3W s=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CsBABymhdX/xbLJq1ehAt9u2oXC4VsA?= =?us-ascii?q?oIMAQEBAQEBZieEQgEBBAEBASBLCxALGAkhAgIPAhYwBg0GAgEBiCUOrTyQegE?= =?us-ascii?q?BAQEBAQEBAQEBAQEBAQEBAQEPBASKbIc/glYFjVKKPYMogWaJBok5hVePLWKDa?= =?us-ascii?q?jowiEcBAQE?= X-IronPort-AV: E=Sophos;i="5.24,510,1454976000"; d="asc'?scan'208";a="637091178" Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2016 15:08:42 +0000 Received: from [10.61.236.65] ([10.61.236.65]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u3KF8gCm008174; Wed, 20 Apr 2016 15:08:42 GMT To: Russ Housley References: <571795E5.6080008@cisco.com> <3813FE06-6528-4777-B532-89754072DA61@vigilsec.com> From: Eliot Lear Message-ID: <57179B79.90608@cisco.com> Date: Wed, 20 Apr 2016 17:08:41 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <3813FE06-6528-4777-B532-89754072DA61@vigilsec.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="8WC3lpQpWw4IgvKgN4j9BVX2woEHFhheF" Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] proposed work item X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 15:08:54 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --8WC3lpQpWw4IgvKgN4j9BVX2woEHFhheF Content-Type: multipart/mixed; boundary="vSopBMkkwggMnAwwr7NpMlmRk6C7aoH9i" From: Eliot Lear To: Russ Housley Cc: spasm@ietf.org Message-ID: <57179B79.90608@cisco.com> Subject: Re: [Spasm] proposed work item References: <571795E5.6080008@cisco.com> <3813FE06-6528-4777-B532-89754072DA61@vigilsec.com> In-Reply-To: <3813FE06-6528-4777-B532-89754072DA61@vigilsec.com> --vSopBMkkwggMnAwwr7NpMlmRk6C7aoH9i Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable 802.1AR is currently the basis of ANIMA WG work, and it is out there.=20 There was also interest in this work expressed at OPSAWG. The question is simply where to land it. I would prefer to have eyes on the work who know something about RFC 5280 and friends. On 4/20/16 5:00 PM, Russ Housley wrote: > Eliot: > > I skimmed this draft. How much adoption has there been of IEEE 802.1AR= ? Given the criteria that Stephen outlined for this group charter, that = answer to that question will determine whether it makes it into the first= round of the charter. > > Russ > > > On Apr 20, 2016, at 10:44 AM, Eliot Lear wrote: > >> Hi everyone, >> >> At least for the moment, I'd like to propose a work item that was list= ed >> in Stephen's original note, I believe, which is >> draft-lear-ietf-pkix-mud-extension. I say, =E2=80=9Cat least for the = moment=E2=80=9D >> because we may want to consolidate MUD work elsewhere later. I think >> the ADs will want to talk about that at some point. >> >> Eliot > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --vSopBMkkwggMnAwwr7NpMlmRk6C7aoH9i-- --8WC3lpQpWw4IgvKgN4j9BVX2woEHFhheF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJXF5t5AAoJEIe2a0bZ0nozKLgH/RbJZvSma1WQVZ92If6u2ARU 55uzpBEBQFhXI+V96eenLBuCpYgTHaVb3/beyF4fMB9O/mG73ZbIyA4tRgJwZP/a vlYtXiqBX2JGWxpqsCJXvf3gbgXqDItQUSMtX+Z1dMSSny9T1pt5GmKUY31jrR7t f43stEOv4Th4OUsSuOMLhAiPiNHq1mvlTJ9U0q0uiCLEica7sVUCTvfLE5+KRkhW PXP+KNXGzLYqCvS3hhKv/7/aAdbukJ11fTU/n1iE2H1LFvmCvTOynX3vPEaZpERA wOuE9Wze6eOUEHdwIJNgSCxjE7xKDewrmxVeD8LCEmAqoM38Ci16ey8ht91pWgQ= =HqD5 -----END PGP SIGNATURE----- --8WC3lpQpWw4IgvKgN4j9BVX2woEHFhheF-- From nobody Wed Apr 20 10:51:25 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0505712E35C for ; Wed, 20 Apr 2016 10:51:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgeHTlo6bmo7 for ; Wed, 20 Apr 2016 10:51:23 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 9135312DF28 for ; Wed, 20 Apr 2016 10:51:21 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 5AAAC9A4002 for ; Wed, 20 Apr 2016 13:51:21 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id BWEpPNCyOCLl for ; Wed, 20 Apr 2016 13:35:43 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id EF0DD9A4001 for ; Wed, 20 Apr 2016 13:51:10 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> Date: Wed, 20 Apr 2016 13:51:10 -0400 To: spasm@ietf.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) Archived-At: Subject: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 17:51:24 -0000 This does not include the two things proposed by Eliot or Max earlier today. Russ = = = = = = = The PKIX and S/MIME Working Groups have been closed for some time. Some updates are need to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group. The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the updates where there is a known constituency and there is a at least one known approach to the update. The current charter included updates to satisfy the following needs: 1. Specify the way to include an i18n email address as a subject alternative name and an issuer alternative name. 2. Specify the processing for the Extended Key Usage certificate extension when it appears in the certificate of an intermediate certification authority. 3. Specify the way to use authenticated encryption in S/MIME. In addition, the SPASM Working Group may investigate other updates to the documents produced by the PKIX and S/MIME Working Groups, but the SPASM Working Group shall not adopt any of these potential work items without rechartering. From nobody Wed Apr 20 11:28:28 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C406F12DEC8 for ; Wed, 20 Apr 2016 11:28:25 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lbNVuDwf2uox for ; Wed, 20 Apr 2016 11:28:21 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D1BC12DC5B for ; Wed, 20 Apr 2016 11:28:20 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B93B0BE56; Wed, 20 Apr 2016 19:28:18 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evBNxsgTF8Dd; Wed, 20 Apr 2016 19:28:17 +0100 (IST) Received: from [10.87.49.100] (unknown [86.46.28.69]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A7AC1BE54; Wed, 20 Apr 2016 19:28:16 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461176897; bh=dSaWT0DfCTTUd1pozWgRtzsgFETBqnQF/CsChFttJK4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=GELnoDCEmeZwj7DAjW4NsrOkwGObdYmcAlpNdbNWTqbWe88s5lXgxGdVmoZ5cFirA pvcSOgVaVbWBijhahukUPozuxgThEX8LuUe5PCZ3a4WFVNjZAWVf6d7cN0eidUn8Yy 1cItJFdvm8sLyn97MOXkLO2cN57VP+g1z+Htzxvs= To: Russ Housley , spasm@ietf.org References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <5717CA40.2030208@cs.tcd.ie> Date: Wed, 20 Apr 2016 19:28:16 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms060702050009070800060803" Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 18:28:26 -0000 This is a cryptographically signed message in MIME format. --------------ms060702050009070800060803 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thanks Russ, I'd love to see folks' comments on this proposed charter, incl. discussion of whether that list of 3 things are what we think are the most likely to get done, implemented and deployed. Do argue for thing-X to replace one of those below if that's what you want to argue for. Do argue that the above list is correct if you think that. And please note that a factor for me is whether or not it seems that people are or are not willing to help review and comment on others' work and are not just pushing their own (i.e. whether this discussion looks like a WG discussion or not). My own comments are included below. Cheers, S. On 20/04/16 18:51, Russ Housley wrote: > This does not include the two things proposed by Eliot or Max earlier t= oday. >=20 > Russ >=20 > =3D =3D =3D =3D =3D =3D =3D >=20 > The PKIX and S/MIME Working Groups have been closed for some time. Som= e > updates are need to the X.509 certificate documents produced by the PKI= X s/need/needed/ or s/need/being proposed/ > Working Group and the electronic mail security documents produced by th= e > S/MIME Working Group. >=20 > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the= > updates where there is a known constituency and there is a at least one= > known approach to the update. =20 I think it'd be better to name the specific draft(s) that would aim to be the starting points for the WG's work in the charter. > The current charter included updates to s/included/includes/ > satisfy the following needs: >=20 > 1. Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. >=20 > 2. Specify the processing for the Extended Key Usage certificate > extension when it appears in the certificate of an intermediate > certification authority. >=20 > 3. Specify the way to use authenticated encryption in S/MIME. >=20 > In addition, the SPASM Working Group may investigate other updates to > the documents produced by the PKIX and S/MIME Working Groups, but the > SPASM Working Group shall not adopt any of these potential work items > without rechartering. I'd suggest adding to that something like: "No such re-charting is envisaged until one or more of the above work items have been successfully delivered to the RFC editor queue." I'm not much fussed which stage in the process beyond the WG we choose as the success criterion but IESG approval and delivery to the RFC editor queue seems best to me. Main thing is to try encourage those wanting thing N+1 to be added to the charter to help with thing M for M<=3DN. >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >=20 --------------ms060702050009070800060803 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CvIwggUIMIID8KADAgECAhBPzaE7pzYviUJyhmHTFBdnMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwMjA5MDkyODE1WhcNMTcwMjA5MDkyODE1WjBOMSIwIAYDVQQDDBlzdGVw aGVuLmZhcnJlbGxAY3MudGNkLmllMSgwJgYJKoZIhvcNAQkBFhlzdGVwaGVuLmZhcnJlbGxA Y3MudGNkLmllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuC0rYze/2JinSra C9F2RjGdQZjNALLcW9C3WKTwYII3wBslobmHuPEYE5JaGItmzuKnAW619R1rD/kfoNWC19N3 rBZ6UX9Cmb9D9exCwYIwVuSwjrCQWGxgCtNQTrwKzCCpI790GRiMTvxvO7UmzmBrCaBLiZW5 R0fBjK5Yn6hUhAzGBkNbkIEL28cLJqH0yVz7Kl92OlzrQqTPEts5m6cDnNdY/ADfeAX18c1r dxZqcAxhLotrCqgsVA4ilbQDMMXGTLlB5TP35HeWZuGBU7xu003rLcFLdOkD8xvpJoYZy9Kt 3oABXPS5yqtMK+XCNdqmMn+4mOtLwQSMmPCSiQIDAQABo4IBuTCCAbUwCwYDVR0PBAQDAgSw MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQJ QhvwQ5Fl372Z6xqo6fdn8XejTTAfBgNVHSMEGDAWgBQkgWw5Yb5JD4+3G0YrySi1J0htaDBv BggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5 BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLmNsaWVudDEu Y3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1jbGll bnQxLmNybDAkBgNVHREEHTAbgRlzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllMCMGA1UdEgQc MBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBGBgNVHSAEPzA9MDsGCysGAQQBgbU3AQIE MCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTANBgkqhkiG 9w0BAQsFAAOCAQEArzrSv2C8PlBBmGuiGrzm2Wma46/KHtXmZYS0bsd43pM66Pc/MsqPE0HD C1GzMFfwB6BfkJn8ijNSIhlgj898WzjvnpM/SO8KStjlB8719ig/xKISrOl5mX55XbFlQtX9 U6MrqRgbDIATxhD9IDr+ryvovDzChqgQj7mt2jYr4mdlRjsjod3H1VY6XglRmaaNGZfsCARM aE/TU5SXIiqauwt5KxNGYAY67QkOBs7O1FkSXpTk7+1MmzJMF4nP8QQ5n8vhVNseF+/Wm7ai 9mtnrkLbaznMsy/ULo/C2yuLUWTbZZbf4EKNmVdme6tUDgYkFjAFOblfA7W1fSPiQGagYzCC BeIwggPKoAMCAQICEGunin0K14jWUQr5WeTntOEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g QXV0aG9yaXR5MB4XDTE1MTIxNjAxMDAwNVoXDTMwMTIxNjAxMDAwNVowdTELMAkGA1UEBhMC SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL192vfDon2D9luC/dtbX64eG3XAtRmv mCSsu1d52DXsCR58zJQbCtB2/A5uFqNxWacpXGGtTCRk9dEDBlmixEd8QiLkUfvHpJX/xKnm VkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+Cevdfa89VLnUztRr2cgmCfyO9Otrh7LJDPG+4 D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PI dopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4DIM8UlVS8pkIsoGGJtMuWjLL4tq2hYQuu N0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFgMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzAp MCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwZgYIKwYBBQUHAQEE WjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wMAYIKwYBBQUHMAKG JGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAdBgNVHQ4EFgQUJIFsOWG+ SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwPwYDVR0g BDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv bGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wBi4StDwECW5zhIycjBL008HACblIf26HY 0JdOruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspBOB/y5uzSns1lZwh7sG96bYBZpcGzGxpF NjDmQbcM3yl3WFIRS4WhNrsOY14V7y2IrUGsvetsD+bjyOngCIVeC/GmsmtbuLOzJ606tEc9 uRbhjTu/b0x2Fo+/e7UkQvKzNeo7OMhijixaULyINBfCBJb+e29bLafgu6JqjOUJ9eXXj20p 6q/CW+uVrZiSW57+q5an2P2i7hP85jQJcy5j4HzA0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOv Z3UDsTDTagXpRDIKQLZo02wrlxY6iMFqvlzsemVf1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOu mZhLP+SWJQnjpLpSlUOj95uf1zo9oz9e0NgIJoz/tdfrBzez76xtDsK0KfUDHt1/q59BvDI7 RX6gVr0fQoCyMczNzCTcRXYHY0tq2J0oT+bsb6sH2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO /ZskmSY8wtAk24orAc0vwXgYanqNsBX5Yv4sN4Z9VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsN JQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1UeGp/2deoprGevfnxWB+vHNQiu85o6MxggPM MIIDyAIBATCBiTB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcG A1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0 Q29tIENsYXNzIDEgQ2xpZW50IENBAhBPzaE7pzYviUJyhmHTFBdnMA0GCWCGSAFlAwQCAQUA oIICEzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MjAx ODI4MTZaMC8GCSqGSIb3DQEJBDEiBCBLX3C57TlJio3js6ukOm0vWcShGuBb2oze6sg8GWxu LjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIGaBgkrBgEEAYI3EAQxgYwwgYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMw IQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzCB nAYLKoZIhvcNAQkQAgsxgYyggYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYD VQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzANBgkq hkiG9w0BAQEFAASCAQCEaDWDkaOX3+ROB5ksnMufuQYvofB8c+qbwC9l8w5J3IM58C/muOVI HjKwin3QMKVMVuRZi0ls+XzAzeiipS1hPiqFD0G7qYbkmnyqF3JdirK3u3138ZYs91xZb4qf 9UT2DCTuNvh+rqhavqpUaF0vduquzRiBgBHhY7szWfCiDKvjEQWW9seUQGS6peRRBIBDsYhN ry0HeWifgV724mdAf8vXtScg9zSz1Bod9jkNMlabsHd2TJk+KgP7WZAhfqWgoA/H36c3NTCY nweAIgzvIcoeksyuvY+RyxRrV2p/koVDPFRb8IUKUVhaFg/Jy1qbYvtDTviEtf1pxhUdvRSG AAAAAAAA --------------ms060702050009070800060803-- From nobody Wed Apr 20 12:08:37 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2F9E12E3CB for ; Wed, 20 Apr 2016 12:08:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.517 X-Spam-Level: X-Spam-Status: No, score=-15.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eOyriAjmcNya for ; Wed, 20 Apr 2016 12:08:34 -0700 (PDT) Received: from aer-iport-4.cisco.com (aer-iport-4.cisco.com [173.38.203.54]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEFDA12E3A2 for ; Wed, 20 Apr 2016 12:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3142; q=dns/txt; s=iport; t=1461179313; x=1462388913; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=AKm2Ldu3KcfDu/xG5JDoZO0juN4mAasbNv0crvu5mUo=; b=TEjXU4tACo67aKdDhJa+d0eobnkWYzQR6zQmiTk3BLoML67RF+KVy4D6 00Q5X2Azy+3c6ne9xotpvQcip4AvfqVFx+ujAtmfbGqG2Sl6nC0vVZtbl mgQA/pz2sk2AgAgZdGEmizKxY6Sm1SMEe8OwKQHLz3VR9GLyFZOA6D6rl g=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CsBAC30hdX/xbLJq1ehAx9u3AXC4VsA?= =?us-ascii?q?oIZAQEBAQEBZieEQgEBBAEBASBLChELGAkWCwICCQMCAQIBFTAGAQwGAgEBiCY?= =?us-ascii?q?OrUuRDgEBAQEBAQEBAQEBAQEBAQEBARAEBIpshA8QAgEBgxyCVgEEjVOKPIMog?= =?us-ascii?q?WaJBoFmhE2DBoVXhiOJCmKDajowiEcBAQE?= X-IronPort-AV: E=Sophos;i="5.24,510,1454976000"; d="asc'?scan'208";a="637094111" Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2016 19:08:31 +0000 Received: from [10.61.111.132] (dhcp-10-61-111-132.cisco.com [10.61.111.132]) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u3KJ8U7E006727; Wed, 20 Apr 2016 19:08:31 GMT To: Russ Housley , spasm@ietf.org References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> From: Eliot Lear Message-ID: <5717D3AE.5060809@cisco.com> Date: Wed, 20 Apr 2016 21:08:30 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XBUaQEKCDXuu2AHbhhIbhMDc3wL4ilqts" Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:08:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XBUaQEKCDXuu2AHbhhIbhMDc3wL4ilqts Content-Type: multipart/mixed; boundary="9FcEwhuPHXfWjdTLhK9JP2c0kF2CbDdoI" From: Eliot Lear To: Russ Housley , spasm@ietf.org Message-ID: <5717D3AE.5060809@cisco.com> Subject: Re: [Spasm] DRAFT charter text References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> In-Reply-To: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> --9FcEwhuPHXfWjdTLhK9JP2c0kF2CbDdoI Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Russ, Please do add the both in. Good chance your power meter, for instance, has an 802.1AR certificate. There are other systems out there that use them as well. But there are some gates to deployment and some of this work is meant to address those gates. Thanks, Eliot On 4/20/16 7:51 PM, Russ Housley wrote: > This does not include the two things proposed by Eliot or Max earlier t= oday. > > Russ > > =3D =3D =3D =3D =3D =3D =3D > > The PKIX and S/MIME Working Groups have been closed for some time. Som= e > updates are need to the X.509 certificate documents produced by the PKI= X > Working Group and the electronic mail security documents produced by th= e > S/MIME Working Group. > > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the= > updates where there is a known constituency and there is a at least one= > known approach to the update. The current charter included updates to > satisfy the following needs: > > 1. Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. > > 2. Specify the processing for the Extended Key Usage certificate > extension when it appears in the certificate of an intermediate > certification authority. > > 3. Specify the way to use authenticated encryption in S/MIME. > > In addition, the SPASM Working Group may investigate other updates to > the documents produced by the PKIX and S/MIME Working Groups, but the > SPASM Working Group shall not adopt any of these potential work items > without rechartering. > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --9FcEwhuPHXfWjdTLhK9JP2c0kF2CbDdoI-- --XBUaQEKCDXuu2AHbhhIbhMDc3wL4ilqts Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJXF9OuAAoJEIe2a0bZ0noz6+gH/jaY0lR4qeH5Fb8eC4HDtSGV Rd2+DwBEbA3SzYm1ai+V1CI60wyNfxcjBmJLjNz1lm42L0cOlX0NWc7vDGnmy1KG U9i00+Tx3YeI/6MBz0p15eeIk+Y3vfFXMETY8kDR3pRTvVES0q8FTpgzWb8rVCji gAvlaca8ouRo7W3CymbhIB480NzJIp3SczosSPSBIEwAK5k8+d+PvlAbSGfCDmtw cSApi6+CTyFQBWAQeFOdx7H8eYYY843uiAs0QhVn7gof1+wUvkJroKr8bKI/UNmZ gXTSWWI6+h21MhUlGxUNe0Id24O78nTFm544tsxVIOc7aeQ+t9Ao1w8MQUkJ4B0= =KlTd -----END PGP SIGNATURE----- --XBUaQEKCDXuu2AHbhhIbhMDc3wL4ilqts-- From nobody Wed Apr 20 12:20:49 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC86412E344 for ; Wed, 20 Apr 2016 12:20:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kBTlf2WR9Oma for ; Wed, 20 Apr 2016 12:20:35 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 6A58412DCFE for ; Wed, 20 Apr 2016 12:20:34 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id C0598F2402A; Wed, 20 Apr 2016 15:20:33 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id sok-LMwFByC1; Wed, 20 Apr 2016 15:04:54 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 36DA19A4001; Wed, 20 Apr 2016 15:20:22 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: <5717D3AE.5060809@cisco.com> Date: Wed, 20 Apr 2016 15:20:21 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> To: Eliot Lear X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:20:42 -0000 Eliot: Stephen asked the drafting team to limit the number of items to 3. I think you will need to argue that MUD is a bigger need than the second = item. Russ On Apr 20, 2016, at 3:08 PM, Eliot Lear wrote: > Hi Russ, >=20 > Please do add the both in. Good chance your power meter, for = instance, > has an 802.1AR certificate. There are other systems out there that = use > them as well. But there are some gates to deployment and some of this > work is meant to address those gates. >=20 > Thanks, >=20 > Eliot >=20 >=20 > On 4/20/16 7:51 PM, Russ Housley wrote: >> This does not include the two things proposed by Eliot or Max earlier = today. >>=20 >> Russ >>=20 >> =3D =3D =3D =3D =3D =3D =3D >>=20 >> The PKIX and S/MIME Working Groups have been closed for some time. = Some >> updates are need to the X.509 certificate documents produced by the = PKIX >> Working Group and the electronic mail security documents produced by = the >> S/MIME Working Group. >>=20 >> The Some PKIX and S/MIME (SPASM) Working Group is chartered to make = the >> updates where there is a known constituency and there is a at least = one >> known approach to the update. The current charter included updates = to >> satisfy the following needs: >>=20 >> 1. Specify the way to include an i18n email address as a subject >> alternative name and an issuer alternative name. >>=20 >> 2. Specify the processing for the Extended Key Usage certificate >> extension when it appears in the certificate of an intermediate >> certification authority. >>=20 >> 3. Specify the way to use authenticated encryption in S/MIME. >>=20 >> In addition, the SPASM Working Group may investigate other updates to >> the documents produced by the PKIX and S/MIME Working Groups, but the >> SPASM Working Group shall not adopt any of these potential work items >> without rechartering. >>=20 >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 >=20 From nobody Wed Apr 20 12:21:18 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D256D12E152 for ; Wed, 20 Apr 2016 12:21:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUcBVbmAGJE6 for ; Wed, 20 Apr 2016 12:21:14 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6195912E287 for ; Wed, 20 Apr 2016 12:21:14 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 34A9BBE35; Wed, 20 Apr 2016 20:21:13 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2McGykzzeOV; Wed, 20 Apr 2016 20:21:12 +0100 (IST) Received: from [10.87.49.100] (unknown [86.46.28.69]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 91DE2BE25; Wed, 20 Apr 2016 20:21:11 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461180072; bh=XwdiDfbFwh4VOQROWGB/+nr6/3x1uySSeRcB3uvynbA=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=J6Lfyw/V/+Ew3gg7jeQu6Rben8PdlJuqP1zVaUdaKji+p+MRLfwIhUKHj8Z5+aWjM zBDMx7txW6PpfR2OfkVvELORd4qCzHZhLNNOE3snpyAE7Ek65hFGitSkjsvWJrh67l Yuaw52gMrzPhxqsGBzdu9TWnHU9iXH/EWUfGxcAc= To: spasm@ietf.org References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <5717D6A6.7070406@cs.tcd.ie> Date: Wed, 20 Apr 2016 20:21:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <5717D3AE.5060809@cisco.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OdLF05lDC05BpeXXt2EXc1HMUVGNkxXxt" Archived-At: Cc: Russ Housley , Eliot Lear Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:21:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OdLF05lDC05BpeXXt2EXc1HMUVGNkxXxt Content-Type: multipart/mixed; boundary="u3iaqUN4SX4slFeIedOAgMDNUcl72XBuH" From: Stephen Farrell To: spasm@ietf.org Cc: Eliot Lear , Russ Housley Message-ID: <5717D6A6.7070406@cs.tcd.ie> Subject: Re: [Spasm] DRAFT charter text References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> In-Reply-To: <5717D3AE.5060809@cisco.com> --u3iaqUN4SX4slFeIedOAgMDNUcl72XBuH Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 20/04/16 20:08, Eliot Lear wrote: >=20 > Please do add the both in. =20 FWIW, I am far more likely to want to support a charter that is very limited, rather than one that is inclusive, so just adding in work items is not a way to help get a WG chartered. I'd *really* like to see folks arguing about the relative merits and priorities of the proposed work items and not just trying to get their fav things included. If only or mostly the latter kind of discussion ensues, I will lack confidence that we have a tractable WG and folks will end up back trying to find AD sponsorship for work items, which does not scale. (And there are often some slam-dunk things for AD sponsorship that clearly do need to get done and clearly don't justify a WG.) Note that I'm not picking on Eliot here - the same applies to all of the proposed work items (incl. those in Russ' list) and to discussion thereof. And to the overall level of energy visible on this list. I am very willing to help charter a WG that will act like one and do needed work. Cheers, S. --u3iaqUN4SX4slFeIedOAgMDNUcl72XBuH-- --OdLF05lDC05BpeXXt2EXc1HMUVGNkxXxt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXF9anAAoJEC88hzaAX42i+IIIAINjHXq7JnsosnaGa7d+vI1/ 06jp2DEc/X3MAHj60eyk+mJWA9I1XWAC0RUx/3bTHQejtDUgxJvS9H7pWXgBHFtN AF79Uxf/3pgE49A8SbEdBV2VKsbS7OxZAUqYr7fPI3SSRWi2cZIuLIQXjPFHvNd5 owxRAVU6TgSfVyqyDwcQWMlbHMeB+RMcVdU2MLi2XwQfkRzgpI7uRMfbtnVzbN0j bKGY93FtjFNPejMhWIE8B7SFuGl1yyrosEQCBU5jtEubcw/ulBM/POWWxqnZWvGO hTYAfgSDCp8GwSKVaOgEmvpgjTu8EIqmxKlMDXoEV5Z3DOsW0R6L30kKTdfvUP4= =iun0 -----END PGP SIGNATURE----- --OdLF05lDC05BpeXXt2EXc1HMUVGNkxXxt-- From nobody Wed Apr 20 12:24:07 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFB9912E145 for ; Wed, 20 Apr 2016 12:24:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YHwtw9D0C3rF for ; Wed, 20 Apr 2016 12:24:01 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 081A112E317 for ; Wed, 20 Apr 2016 12:24:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C1A3EBE35; Wed, 20 Apr 2016 20:23:59 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s70Wj5m6fqXn; Wed, 20 Apr 2016 20:23:57 +0100 (IST) Received: from [10.87.49.100] (unknown [86.46.28.69]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E6C43BE2F; Wed, 20 Apr 2016 20:23:56 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461180237; bh=V/3kT1Ag3EHxDXMZcP54p7pF626Yfp6vRPcUxY5BBUs=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=KT1o0S9n/FN19NI2KqzqnX+ZjjdmEM85uJ0YpJP0VwCC3nO8ivcHeKxkZtg6w0gGP jByWuzVhl/IrwuliSxOyoUpI5T9qeezgs/OemEe8VCjbBxkBL3ZnSulOo4K6Gp4JrY j/tC+hIrZshi7teyT3OahuLfKWooer/C9hoW6iOY= To: Russ Housley , Eliot Lear References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <5717D74C.7060603@cs.tcd.ie> Date: Wed, 20 Apr 2016 20:23:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090000020402020803070605" Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:24:06 -0000 This is a cryptographically signed message in MIME format. --------------ms090000020402020803070605 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 20/04/16 20:20, Russ Housley wrote: > Eliot: >=20 > Stephen asked the drafting team to limit the number of items to 3 3 is a good number from which to start the discussion. I'm not trying to make that a fixed rule though, but starting with a small list of stuff for which we're confident of success would be a good plan IMO. Cheers, S. >=20 > I think you will need to argue that MUD is a bigger need than the secon= d item. >=20 > Russ >=20 >=20 > On Apr 20, 2016, at 3:08 PM, Eliot Lear wrote: >=20 >> Hi Russ, >> >> Please do add the both in. Good chance your power meter, for instance= , >> has an 802.1AR certificate. There are other systems out there that us= e >> them as well. But there are some gates to deployment and some of this= >> work is meant to address those gates. >> >> Thanks, >> >> Eliot >> >> >> On 4/20/16 7:51 PM, Russ Housley wrote: >>> This does not include the two things proposed by Eliot or Max earlier= today. >>> >>> Russ >>> >>> =3D =3D =3D =3D =3D =3D =3D >>> >>> The PKIX and S/MIME Working Groups have been closed for some time. S= ome >>> updates are need to the X.509 certificate documents produced by the P= KIX >>> Working Group and the electronic mail security documents produced by = the >>> S/MIME Working Group. >>> >>> The Some PKIX and S/MIME (SPASM) Working Group is chartered to make t= he >>> updates where there is a known constituency and there is a at least o= ne >>> known approach to the update. The current charter included updates t= o >>> satisfy the following needs: >>> >>> 1. Specify the way to include an i18n email address as a subject >>> alternative name and an issuer alternative name. >>> >>> 2. Specify the processing for the Extended Key Usage certificate >>> extension when it appears in the certificate of an intermediate >>> certification authority. >>> >>> 3. Specify the way to use authenticated encryption in S/MIME. >>> >>> In addition, the SPASM Working Group may investigate other updates to= >>> the documents produced by the PKIX and S/MIME Working Groups, but the= >>> SPASM Working Group shall not adopt any of these potential work items= >>> without rechartering. >>> >>> _______________________________________________ >>> Spasm mailing list >>> Spasm@ietf.org >>> https://www.ietf.org/mailman/listinfo/spasm >> >> >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >=20 --------------ms090000020402020803070605 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CvIwggUIMIID8KADAgECAhBPzaE7pzYviUJyhmHTFBdnMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwMjA5MDkyODE1WhcNMTcwMjA5MDkyODE1WjBOMSIwIAYDVQQDDBlzdGVw aGVuLmZhcnJlbGxAY3MudGNkLmllMSgwJgYJKoZIhvcNAQkBFhlzdGVwaGVuLmZhcnJlbGxA Y3MudGNkLmllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuC0rYze/2JinSra C9F2RjGdQZjNALLcW9C3WKTwYII3wBslobmHuPEYE5JaGItmzuKnAW619R1rD/kfoNWC19N3 rBZ6UX9Cmb9D9exCwYIwVuSwjrCQWGxgCtNQTrwKzCCpI790GRiMTvxvO7UmzmBrCaBLiZW5 R0fBjK5Yn6hUhAzGBkNbkIEL28cLJqH0yVz7Kl92OlzrQqTPEts5m6cDnNdY/ADfeAX18c1r dxZqcAxhLotrCqgsVA4ilbQDMMXGTLlB5TP35HeWZuGBU7xu003rLcFLdOkD8xvpJoYZy9Kt 3oABXPS5yqtMK+XCNdqmMn+4mOtLwQSMmPCSiQIDAQABo4IBuTCCAbUwCwYDVR0PBAQDAgSw MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQJ QhvwQ5Fl372Z6xqo6fdn8XejTTAfBgNVHSMEGDAWgBQkgWw5Yb5JD4+3G0YrySi1J0htaDBv BggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5 BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLmNsaWVudDEu Y3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1jbGll bnQxLmNybDAkBgNVHREEHTAbgRlzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllMCMGA1UdEgQc MBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBGBgNVHSAEPzA9MDsGCysGAQQBgbU3AQIE MCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTANBgkqhkiG 9w0BAQsFAAOCAQEArzrSv2C8PlBBmGuiGrzm2Wma46/KHtXmZYS0bsd43pM66Pc/MsqPE0HD C1GzMFfwB6BfkJn8ijNSIhlgj898WzjvnpM/SO8KStjlB8719ig/xKISrOl5mX55XbFlQtX9 U6MrqRgbDIATxhD9IDr+ryvovDzChqgQj7mt2jYr4mdlRjsjod3H1VY6XglRmaaNGZfsCARM aE/TU5SXIiqauwt5KxNGYAY67QkOBs7O1FkSXpTk7+1MmzJMF4nP8QQ5n8vhVNseF+/Wm7ai 9mtnrkLbaznMsy/ULo/C2yuLUWTbZZbf4EKNmVdme6tUDgYkFjAFOblfA7W1fSPiQGagYzCC BeIwggPKoAMCAQICEGunin0K14jWUQr5WeTntOEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g QXV0aG9yaXR5MB4XDTE1MTIxNjAxMDAwNVoXDTMwMTIxNjAxMDAwNVowdTELMAkGA1UEBhMC SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL192vfDon2D9luC/dtbX64eG3XAtRmv mCSsu1d52DXsCR58zJQbCtB2/A5uFqNxWacpXGGtTCRk9dEDBlmixEd8QiLkUfvHpJX/xKnm VkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+Cevdfa89VLnUztRr2cgmCfyO9Otrh7LJDPG+4 D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PI dopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4DIM8UlVS8pkIsoGGJtMuWjLL4tq2hYQuu N0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFgMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzAp MCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwZgYIKwYBBQUHAQEE WjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wMAYIKwYBBQUHMAKG JGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAdBgNVHQ4EFgQUJIFsOWG+ SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwPwYDVR0g BDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv bGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wBi4StDwECW5zhIycjBL008HACblIf26HY 0JdOruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspBOB/y5uzSns1lZwh7sG96bYBZpcGzGxpF NjDmQbcM3yl3WFIRS4WhNrsOY14V7y2IrUGsvetsD+bjyOngCIVeC/GmsmtbuLOzJ606tEc9 uRbhjTu/b0x2Fo+/e7UkQvKzNeo7OMhijixaULyINBfCBJb+e29bLafgu6JqjOUJ9eXXj20p 6q/CW+uVrZiSW57+q5an2P2i7hP85jQJcy5j4HzA0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOv Z3UDsTDTagXpRDIKQLZo02wrlxY6iMFqvlzsemVf1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOu mZhLP+SWJQnjpLpSlUOj95uf1zo9oz9e0NgIJoz/tdfrBzez76xtDsK0KfUDHt1/q59BvDI7 RX6gVr0fQoCyMczNzCTcRXYHY0tq2J0oT+bsb6sH2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO /ZskmSY8wtAk24orAc0vwXgYanqNsBX5Yv4sN4Z9VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsN JQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1UeGp/2deoprGevfnxWB+vHNQiu85o6MxggPM MIIDyAIBATCBiTB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcG A1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0 Q29tIENsYXNzIDEgQ2xpZW50IENBAhBPzaE7pzYviUJyhmHTFBdnMA0GCWCGSAFlAwQCAQUA oIICEzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MjAx OTIzNTZaMC8GCSqGSIb3DQEJBDEiBCCyJbTW07afUaSSd+r0fPP7RmDlvll/Y9W73Nf3OvEf KTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIGaBgkrBgEEAYI3EAQxgYwwgYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMw IQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzCB nAYLKoZIhvcNAQkQAgsxgYyggYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYD VQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzANBgkq hkiG9w0BAQEFAASCAQBtgaCdtE1d3rT3EJ8OwGcV1u9zGarZi0mtWZwzfIvUakjaGWkMzG3R dWtbBnKL2DMEkTF4xAol3FL1WT2WqVfh7wcQpe/u7hDZPzwoSL/2o/XPcroelet32zYRFlfM ItpiMnFJUrEGeHbADy770AviG8gioCVP9YT+BwPKD51ApvXizx+lQTeYjJ2sK8NBlkSYOfyE oTUtwqIUZS+RQGwWyVLlWI+eaidAD5Bv4KXWHfbQqS7N7/gjaRAXgPygoMXi5bnk11oXJEFe zvyhk9QHbFio94kiBn+y4JPDGc5+L3HA29WLxp444rT4FhC5nnT5UXHYiiF/xIG3oUV7KBeH AAAAAAAA --------------ms090000020402020803070605-- From nobody Wed Apr 20 12:28:16 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D9B512E2D6 for ; Wed, 20 Apr 2016 12:28:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dkOCnGzlSGmd for ; Wed, 20 Apr 2016 12:28:14 -0700 (PDT) Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7B8C12E041 for ; Wed, 20 Apr 2016 12:28:13 -0700 (PDT) Received: by mail-lb0-x232.google.com with SMTP id u8so15014976lbk.0 for ; Wed, 20 Apr 2016 12:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=6/gXYeGkDCCUCkShHExYaNOWWl6fEImY0AbLIL+jCaQ=; b=s6my9nWbxAZquL1Iij86x+YiA0ZBj0nKmPWWRRoKqeHeAcX3c0YVtx8gaDXL0Oge1g xjH5x0UyXSv8q7Wg2Qo1ak4siH9kmwgbyocDBATuG0a7eh0PPZ08qaik/bZ3mrSnIV11 vMdFmR9PO+xOvT6Rt9DAxZefJAGaPRPLHdYRrB29RBO7WJwbPN5RGsva5xHewQ43xQug 8z5Xj5ucV4HaPrf3GtBJ+JoURykhS4EAawJ57V9cOdV56IurOOqaNAbs1B2DxDfgI/oy NnNzYIC2Wl1+h2PEycq8hERcHPJA6WzHa4OZwDKB45e13F9fwwTNYXIpR0KtgUbj1xuT oIMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=6/gXYeGkDCCUCkShHExYaNOWWl6fEImY0AbLIL+jCaQ=; b=enkRkenK6vYB0dEbwb1813gFM18FamNr9E5rrQsJBTGn6oV/nOeLNhy9ekZNuqg2GS NEjREXCnfqN/ZEN2JMTjlmSBbN23SoSVYkHRqcxqEz9jM9hxq04gDeYBQjG8o4qCUUck tOoWCnIeSZkRXSvcMpM5RB5fdiuYfHf0PqY9iQZvkPdMbRoaFwo2IDN0NXrZAvE0AMDw UlH1z0R5DwkWjjTmywvikDey0mCZ8M8ft09i4104tQJBigWyGFuwDYY1vzL67qPvg9My dn4ePwmojcVc3zT5Qs7/YORQylxqL1nFYy/12GpWzR7g2mFYM81m8sZPwkj8ElOt/6MI xQ8w== X-Gm-Message-State: AOPr4FUFhWaEI2+ILZh6DRoYGLEVNswPK53CxvCcASrzVlTSDn8Jix9e7V554eDtbKV3YrQi9BGb7tztWGZXOg== MIME-Version: 1.0 X-Received: by 10.112.167.3 with SMTP id zk3mr4415111lbb.116.1461180492182; Wed, 20 Apr 2016 12:28:12 -0700 (PDT) Received: by 10.25.17.157 with HTTP; Wed, 20 Apr 2016 12:28:12 -0700 (PDT) In-Reply-To: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> Date: Wed, 20 Apr 2016 22:28:12 +0300 Message-ID: From: Dmitry Belyavsky To: Russ Housley Content-Type: multipart/alternative; boundary=001a11c264a430787b0530ef98cb Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:28:15 -0000 --001a11c264a430787b0530ef98cb Content-Type: text/plain; charset=UTF-8 Dear Russ, On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley wrote: > This does not include the two things proposed by Eliot or Max earlier > today. > > Russ > > = = = = = = = > > The PKIX and S/MIME Working Groups have been closed for some time. Some > updates are need to the X.509 certificate documents produced by the PKIX > Working Group and the electronic mail security documents produced by the > S/MIME Working Group. > > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the > updates where there is a known constituency and there is a at least one > known approach to the update. The current charter included updates to > satisfy the following needs: > > 1. Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. > Is there a way to specify an i18n email address as a subject itself, not as SAN? If not, it is useful to add it to the point 1. The IDN domains are used widely enough in Russia so it's an actual problem. -- SY, Dmitry Belyavsky --001a11c264a430787b0530ef98cb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dear Russ,

On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley &= lt;housley@vigils= ec.com> wrote:
This does no= t include the two things proposed by Eliot or Max earlier today.

Russ

=3D =3D =3D =3D =3D =3D =3D

The PKIX and S/MIME Working Groups have been closed for some time.=C2=A0 So= me
updates are need to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group.

The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the
updates where there is a known constituency and there is a at least one
known approach to the update.=C2=A0 The current charter included updates to=
satisfy the following needs:

1. Specify the way to include an i18n email address as a subject
=C2=A0 =C2=A0alternative name and an issuer alternative name.

Is there a way to specify an i18n email address as a= subject itself, not as SAN?
If not, it is useful to add it to th= e point 1.

The IDN domains are used widely enough = in Russia so it's an actual problem.=C2=A0

--=
SY, Dmitry Belyavsky
--001a11c264a430787b0530ef98cb-- From nobody Wed Apr 20 12:53:00 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B881E12D996 for ; Wed, 20 Apr 2016 12:52:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.996 X-Spam-Level: X-Spam-Status: No, score=-2.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onmC7iT08_-y for ; Wed, 20 Apr 2016 12:52:57 -0700 (PDT) Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 2EFA612E4C4 for ; Wed, 20 Apr 2016 12:52:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1461181976; d=isode.com; s=selector; i=@isode.com; bh=pTU05Btvvp1u2XxXNRXOd+VwcKRFktx1U0ZWPDsDcOg=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=qET5ef3UyygctevMeBCgVxWAamayrUkdQp4ItHV8ah5i8CQRIza+8etxeXzfc5MWAVUfNj qPndp74RMygN3M1j9vfwJcWx7ZDAdUpSm6IzMUjno8oCJlsnbD00ck8ycUfuD1dn9OFlbg SDbHMdAgNXrt3SXG++UNd2dSG+RP++0=; Received: from [10.4.22.166] ((unknown) [185.69.144.242]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Wed, 20 Apr 2016 20:52:55 +0100 X-SMTP-Protocol-Errors: NORDNS PIPELINING From: Alexey Melnikov X-Mailer: iPhone Mail (13E238) In-Reply-To: Date: Wed, 20 Apr 2016 20:57:18 +0100 Message-Id: <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> To: Dmitry Belyavsky MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Apple-Mail-283FCBBA-C661-422F-A6EC-42E1A9C9360B Content-Transfer-Encoding: 7bit Archived-At: Cc: spasm@ietf.org, Russ Housley Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:52:59 -0000 --Apple-Mail-283FCBBA-C661-422F-A6EC-42E1A9C9360B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi Dmitry, > On 20 Apr 2016, at 20:28, Dmitry Belyavsky wrote: >=20 > Dear Russ, >=20 >> On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley wrot= e: >> This does not include the two things proposed by Eliot or Max earlier tod= ay. >>=20 >> Russ >>=20 >> =3D =3D =3D =3D =3D =3D =3D >>=20 >> The PKIX and S/MIME Working Groups have been closed for some time. Some >> updates are need to the X.509 certificate documents produced by the PKIX >> Working Group and the electronic mail security documents produced by the >> S/MIME Working Group. >>=20 >> The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the >> updates where there is a known constituency and there is a at least one >> known approach to the update. The current charter included updates to >> satisfy the following needs: >>=20 >> 1. Specify the way to include an i18n email address as a subject >> alternative name and an issuer alternative name. >=20 > Is there a way to specify an i18n email address as a subject itself, not a= s SAN? > If not, it is useful to add it to the point 1. Are there any situations where extensions to SAN/IAN would not be sufficient= . >=20 > The IDN domains are used widely enough in Russia so it's an actual problem= .=20 Right, this item would deal with IDN domains in email addresses. --Apple-Mail-283FCBBA-C661-422F-A6EC-42E1A9C9360B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit
Hi Dmitry,

On 20 Apr 2016, at 20:28, Dmitry Belyavsky <beldmit@gmail.com> wrote:

Dear Russ,

On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley <housley@vigilsec.com> wrote:
This does not include the two things proposed by Eliot or Max earlier today.

Russ

= = = = = = =

The PKIX and S/MIME Working Groups have been closed for some time.  Some
updates are need to the X.509 certificate documents produced by the PKIX
Working Group and the electronic mail security documents produced by the
S/MIME Working Group.

The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the
updates where there is a known constituency and there is a at least one
known approach to the update.  The current charter included updates to
satisfy the following needs:

1. Specify the way to include an i18n email address as a subject
   alternative name and an issuer alternative name.

Is there a way to specify an i18n email address as a subject itself, not as SAN?
If not, it is useful to add it to the point 1.

Are there any situations where extensions to SAN/IAN would not be sufficient.

The IDN domains are used widely enough in Russia so it's an actual problem. 

Right, this item would deal with IDN domains in email addresses.

--Apple-Mail-283FCBBA-C661-422F-A6EC-42E1A9C9360B-- From nobody Wed Apr 20 12:56:48 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAC6D12E3BE for ; Wed, 20 Apr 2016 12:56:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KTVf0ug1F2dw for ; Wed, 20 Apr 2016 12:56:45 -0700 (PDT) Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0389712E3B6 for ; Wed, 20 Apr 2016 12:56:45 -0700 (PDT) Received: by mail-lf0-x231.google.com with SMTP id g184so47673222lfb.3 for ; Wed, 20 Apr 2016 12:56:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=PTInzK9m96wouDI61zLu3+SDMwTooLiGpfKK1RWgPjk=; b=ldZ5KPb0fv+28vGaIugFsFFbNhprH1PrA6ZxZRO8MbsmP7cfhhH45OgPF4pbRYnPBm bUqSEsLmwYd020TQGeL/g4FnJisd9tIQ3nuUbQdvJpLRJ9QKKWCrqonqPoENH557xcub T6kFZXK9nHEjl9Rt9+WvozMh19zFXhxLzQgUrnUa2mgtNjJotsNubtK9LqjbKihd2HwE HcSkqe4Kcwnuszr06UwPhfdG62B4s31jWzqdORok39zppRANVEnGx7hFI9HusotIIPBa JXlOB5/kmemCreQW+G8m/rM2S5h4AxPyUzjVUZLLuMBoPxYBhd19bkhaQ68xNWVCJ4L+ 3pFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=PTInzK9m96wouDI61zLu3+SDMwTooLiGpfKK1RWgPjk=; b=kRjARfTk/tnrk8XSiwEprsqtWQ/Iyp8iFzEfFymqI1fEoRGqlV19d+49HWPpzWnF16 5Qprgp4RGPGPMl/CO3JOTRUCxLsf6UUC31TsSZfhuZngxL7f3xP0XuebcXy4evEK4GWc eTU6Zrt6SbYraj793hpH0QGwELnYu4OEPZ1sO74oyLwFlirzBm9KcLivI5mBXqLvJaRM JqQPc/JY0r1XUAmXXLg/pHpJLDs9Nxd1cg1c8Y0crTMPYvU+5PMRqo8sNmG8ORBQdJsS aBIqLkdt+kaM7YAfF6av7LmiWaAPFvYnkMKvhG7E/TVCzKeYXuETTD5g7fYJ7c9pkND0 k5ww== X-Gm-Message-State: AOPr4FX8xCyBvEtS6I1uUCpRh3IMZzOcZ2HM7WT2cUwJDZtVLyyT70a4RoZHdVJkI8mkVGkzWQ79fAXZ+y2pZg== MIME-Version: 1.0 X-Received: by 10.25.18.102 with SMTP id h99mr2514241lfi.127.1461182203105; Wed, 20 Apr 2016 12:56:43 -0700 (PDT) Received: by 10.25.17.157 with HTTP; Wed, 20 Apr 2016 12:56:43 -0700 (PDT) In-Reply-To: <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> Date: Wed, 20 Apr 2016 22:56:43 +0300 Message-ID: From: Dmitry Belyavsky To: Alexey Melnikov Content-Type: multipart/alternative; boundary=001a113fb2ec2b1e1a0530effe08 Archived-At: Cc: spasm@ietf.org, Russ Housley Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 19:56:46 -0000 --001a113fb2ec2b1e1a0530effe08 Content-Type: text/plain; charset=UTF-8 Dear Alexey, On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melnikov wrote: > Hi Dmitry, > > On 20 Apr 2016, at 20:28, Dmitry Belyavsky wrote: > > Dear Russ, > > On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley > wrote: > >> This does not include the two things proposed by Eliot or Max earlier >> today. >> >> Russ >> >> = = = = = = = >> >> The PKIX and S/MIME Working Groups have been closed for some time. Some >> updates are need to the X.509 certificate documents produced by the PKIX >> Working Group and the electronic mail security documents produced by the >> S/MIME Working Group. >> >> The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the >> updates where there is a known constituency and there is a at least one >> known approach to the update. The current charter included updates to >> satisfy the following needs: >> >> 1. Specify the way to include an i18n email address as a subject >> alternative name and an issuer alternative name. >> > > Is there a way to specify an i18n email address as a subject itself, not > as SAN? > If not, it is useful to add it to the point 1. > > > Are there any situations where extensions to SAN/IAN would not be > sufficient. > I think yes. For example the situation when the address is IDN domain is primary. > The IDN domains are used widely enough in Russia so it's an actual > problem. > > > Right, this item would deal with IDN domains in email addresses. > > If I understand correctly, there are different encodings for the left part (before '@') and for the domain name (IDNA). -- SY, Dmitry Belyavsky --001a113fb2ec2b1e1a0530effe08 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dear Alexey,=C2=A0

On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melnikov <alexey.melnikov@isode.com> wrote:
Hi Dmitry,

= On 20 Apr 2016, at 20:28, Dmitry Belyavsky <beldmit@gmail.com> wrote:

Dear Russ,

On Wed, Apr 20, 2016 at 8:51 PM, Rus= s Housley <housley@vigilsec.com> wrote:
This does not include the two things proposed by Eliot or = Max earlier today.

Russ

=3D =3D =3D =3D =3D =3D =3D

The PKIX and S/MIME Working Groups have been closed for some time.=C2=A0 So= me
updates are need to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group.

The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the
updates where there is a known constituency and there is a at least one
known approach to the update.=C2=A0 The current charter included updates to=
satisfy the following needs:

1. Specify the way to include an i18n email address as a subject
=C2=A0 =C2=A0alternative name and an issuer alternative name.

Is there a way to specify an i18n email address as a= subject itself, not as SAN?
If not, it is useful to add it to th= e point 1.

= Are there any situations where extensions to SAN/IAN would not be sufficien= t.

I think yes. For example the situa= tion when the address is IDN domain is primary.


The IDN domains are used widely enough in Ru= ssia so it's an actual problem.=C2=A0

Right, this item would deal with IDN domains= in email addresses.

=C2=A0
=
If I understand correctly, there are different encodings for the left= part (before '@') and for the domain name (IDNA).


--
SY, Dmitry Belyavsky
--001a113fb2ec2b1e1a0530effe08-- From nobody Wed Apr 20 13:02:25 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043F312E322 for ; Wed, 20 Apr 2016 13:02:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.899 X-Spam-Level: X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEJqq1LQ9LoZ for ; Wed, 20 Apr 2016 13:02:21 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 3420012E297 for ; Wed, 20 Apr 2016 13:02:21 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id F34B4F2402A; Wed, 20 Apr 2016 16:02:20 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id OKwaTs2hV2Ce; Wed, 20 Apr 2016 15:46:42 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id DC1849A4001; Wed, 20 Apr 2016 16:02:09 -0400 (EDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_3E0F7987-6F66-4A7D-92C9-BF6690C937BE" Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: Date: Wed, 20 Apr 2016 16:02:08 -0400 Message-Id: References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> To: Dmitry Belyavsky X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 20:02:23 -0000 --Apple-Mail=_3E0F7987-6F66-4A7D-92C9-BF6690C937BE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Apr 20, 2016, at 3:28 PM, Dmitry Belyavsky wrote: > Dear Russ, >=20 > On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley = wrote: > This does not include the two things proposed by Eliot or Max earlier = today. >=20 > Russ >=20 > =3D =3D =3D =3D =3D =3D =3D >=20 > The PKIX and S/MIME Working Groups have been closed for some time. = Some > updates are need to the X.509 certificate documents produced by the = PKIX > Working Group and the electronic mail security documents produced by = the > S/MIME Working Group. >=20 > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make = the > updates where there is a known constituency and there is a at least = one > known approach to the update. The current charter included updates to > satisfy the following needs: >=20 > 1. Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. >=20 > Is there a way to specify an i18n email address as a subject itself, = not as SAN? > If not, it is useful to add it to the point 1. >=20 > The IDN domains are used widely enough in Russia so it's an actual = problem.=20 RFC 5280 has two ways to carry an email address. Section 4.1.2.6, about the Subject name, says: Legacy implementations exist where an electronic mail address is embedded in the subject distinguished name as an emailAddress attribute [RFC2985]. The attribute value for emailAddress is of type IA5String to permit inclusion of the character '@', which is not part of the PrintableString character set. emailAddress attribute values are not case-sensitive (e.g., "subscriber@example.com" is the same as "SUBSCRIBER@EXAMPLE.COM"). Conforming implementations generating new certificates with electronic mail addresses MUST use the rfc822Name in the subject alternative name extension (Section 4.2.1.6) to describe such identities. Simultaneous inclusion of the emailAddress attribute in the subject distinguished name to support legacy implementations is deprecated but permitted. Section 4.2.1.6, about the Subject Alternative Name, says: The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate. Defined options include an Internet electronic mail address, =85 SubjectAltName ::=3D GeneralNames GeneralNames ::=3D SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::=3D CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER } OtherName ::=3D SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } The straightforward way to handle an i18n email address is to specify an = OtherName to carry it. We know that the use of emailAddress is still widely used, but since it = is an IA5String, it cannot handle an i18n email address. Russ --Apple-Mail=_3E0F7987-6F66-4A7D-92C9-BF6690C937BE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252
On Apr 20, 2016, at 3:28 PM, Dmitry = Belyavsky <beldmit@gmail.com> = wrote:

Dear Russ,

On Wed, Apr 20, = 2016 at 8:51 PM, Russ Housley <housley@vigilsec.com> = wrote:
This does not include = the two things proposed by Eliot or Max earlier today.

Russ

=3D =3D =3D =3D =3D =3D =3D

The PKIX and S/MIME Working Groups have been closed for some time.  = Some
updates are need to the X.509 certificate documents produced by the = PKIX
Working Group and the electronic mail security documents produced by = the
S/MIME Working Group.

The Some PKIX and S/MIME (SPASM) Working Group is chartered to make = the
updates where there is a known constituency and there is a at least = one
known approach to the update.  The current charter included updates = to
satisfy the following needs:

1. Specify the way to include an i18n email address as a subject
   alternative name and an issuer alternative = name.

Is there a way to specify an = i18n email address as a subject itself, not as SAN?
If not, it = is useful to add it to the point 1.

The IDN = domains are used widely enough in Russia so it's an actual = problem. 

RFC = 5280 has two ways to carry an email = address.

Section 4.1.2.6, about the Subject = name, says:

   Legacy = implementations exist where an electronic mail address = is
   embedded in the subject distinguished name as = an emailAddress
   attribute [RFC2985].  The = attribute value for emailAddress is of type
  =  IA5String to permit inclusion of the character '@', which is not = part
   of the PrintableString character set. =  emailAddress attribute values
   are not = case-sensitive (e.g., "subscriber@example.com" is = the same as
=

   Conforming implementations generating = new certificates with
   electronic mail addresses = MUST use the rfc822Name in the subject
  =  alternative name extension (Section 4.2.1.6) to describe = such
   identities.  Simultaneous inclusion of = the emailAddress attribute in
   the subject = distinguished name to support legacy implementations is
  =  deprecated but = permitted.

Section 4.2.1.6, about the = Subject Alternative Name, says:

 The = subject alternative name extension allows identities to be = bound
   to the subject of the certificate. =  These identities may be included
   in = addition to or in place of the identity in the subject field = of
   the certificate.  Defined options include = an Internet electronic mail
   address, =  =85

   SubjectAltName ::=3D = GeneralNames

   GeneralNames ::=3D = SEQUENCE SIZE (1..MAX) OF GeneralName

  =  GeneralName ::=3D CHOICE {
        = otherName                   =     [0]     OtherName,
    =     rfc822Name             =          [1]     = IA5String,
        dNSName     =                     = [2]     IA5String,
        = x400Address                 =     [3]     ORAddress,
    =     directoryName             =       [4]     Name,
    =     ediPartyName             =        [5]     = EDIPartyName,
        = uniformResourceIdentifier       [6]     = IA5String,
        iPAddress     =                   [7] =     OCTET STRING,
        = registeredID                 =    [8]     OBJECT IDENTIFIER = }

   OtherName ::=3D SEQUENCE = {
        type-id    OBJECT = IDENTIFIER,
        value     =  [0] EXPLICIT ANY DEFINED BY type-id = }

The straightforward way to handle = an i18n email address is to specify an OtherName to carry = it.

We know that the use of emailAddress is = still widely used, but since it is an IA5String, it cannot handle = an i18n email = address.

Russ


=

= --Apple-Mail=_3E0F7987-6F66-4A7D-92C9-BF6690C937BE-- From nobody Wed Apr 20 13:26:14 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAA9D12E6B4 for ; Wed, 20 Apr 2016 13:26:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -15.517 X-Spam-Level: X-Spam-Status: No, score=-15.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VxjsAG0nuPmG for ; Wed, 20 Apr 2016 13:26:06 -0700 (PDT) Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7EB712E634 for ; Wed, 20 Apr 2016 13:26:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3179; q=dns/txt; s=iport; t=1461183966; x=1462393566; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=DzRwAgYZsKUAQOyGsSVD2UeJNcsFLOxEXya5DS4ODd4=; b=L8S7c1bNJ+1Jkf4xh04lU5BZS48TBl/4zPPes1PWyQVBvIlcLovQjZAt kP07hRJ3U8plxDGcipjr/EDuQ+a9w+fhrK05RBlbYWvgzRJMBaCtnrguT KeJQ/cKPyd1tqY3kpmYMWi6BNW9YjyD19F8IEkqC/tuAYpOBSrYcOp70x A=; X-Files: signature.asc : 481 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CpBAC75BdX/xbLJq1evGqED4YOAoIaA?= =?us-ascii?q?QEBAQEBZieEQgEBBCNVARALGAkWCwICCQMCAQIBRQYBDAgBAYgmrXqREAEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQEBAQEPCIpshA8KBwGDHoJWAQSYD4MogWaJBoFmhE2DBoVXj?= =?us-ascii?q?y1ig2o6hzoJF4EdAQEB?= X-IronPort-AV: E=Sophos;i="5.24,510,1454976000"; d="asc'?scan'208";a="635275862" Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2016 20:26:03 +0000 Received: from [10.61.111.132] (dhcp-10-61-111-132.cisco.com [10.61.111.132]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id u3KKQ3Ol018485; Wed, 20 Apr 2016 20:26:03 GMT To: Stephen Farrell , spasm@ietf.org References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> <5717D6A6.7070406@cs.tcd.ie> From: Eliot Lear Message-ID: <5717E5DA.2070300@cisco.com> Date: Wed, 20 Apr 2016 22:26:02 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <5717D6A6.7070406@cs.tcd.ie> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HqgJ8mi4LeeJNT6P8WlSM9e9V5OX2279p" Archived-At: Cc: Russ Housley Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 20:26:10 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HqgJ8mi4LeeJNT6P8WlSM9e9V5OX2279p Content-Type: multipart/mixed; boundary="0AL8odTiouGanLo0wADvTUJNdhS0b0nU1" From: Eliot Lear To: Stephen Farrell , spasm@ietf.org Cc: Russ Housley Message-ID: <5717E5DA.2070300@cisco.com> Subject: Re: [Spasm] DRAFT charter text References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> <5717D6A6.7070406@cs.tcd.ie> In-Reply-To: <5717D6A6.7070406@cs.tcd.ie> --0AL8odTiouGanLo0wADvTUJNdhS0b0nU1 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Why should unrelated efforts be measured against each other? How does one compare the importance of auto-configuration of IoT devices to email addressing? An alternative approach would be that if you're truly looking to scale, create a maintenance group, deal with the demand that has pent up, and manage extensions based those who are willing to do work= =2E But if you are going to go with your approach, I suggest you start with candidates of all, and then pair down rather than choosing arbitrarily. Eliot On 4/20/16 9:21 PM, Stephen Farrell wrote: > > On 20/04/16 20:08, Eliot Lear wrote: >> Please do add the both in. =20 > FWIW, I am far more likely to want to support a charter that > is very limited, rather than one that is inclusive, so just > adding in work items is not a way to help get a WG chartered. > > I'd *really* like to see folks arguing about the relative > merits and priorities of the proposed work items and not just > trying to get their fav things included. If only or mostly the > latter kind of discussion ensues, I will lack confidence that > we have a tractable WG and folks will end up back trying to > find AD sponsorship for work items, which does not scale. > (And there are often some slam-dunk things for AD sponsorship > that clearly do need to get done and clearly don't justify a > WG.) > > Note that I'm not picking on Eliot here - the same applies > to all of the proposed work items (incl. those in Russ' list) > and to discussion thereof. And to the overall level of energy > visible on this list. I am very willing to help charter a WG > that will act like one and do needed work. > > Cheers, > S. > > --0AL8odTiouGanLo0wADvTUJNdhS0b0nU1-- --HqgJ8mi4LeeJNT6P8WlSM9e9V5OX2279p Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQEcBAEBCAAGBQJXF+XaAAoJEIe2a0bZ0nozSs0IAJLp9pzVQqaoIIZHznflqPc6 Yn1B1pn2xOZcAKLxGvy6EiB7sVpJWTDK/5E9uvdkE408EbFKFYDFX8FAmlmkUanO zgVR4TPS+TFDUxpjI9vw9mZMYM0MCa+4Ign1zRlYJpypMsGviX5z8o3T0EFUjSSc jVTmv9pTENSUWgIzmRFZyLGT1+Edq9xhtdmx6x/xfBZh7oUM4fhMEo3cNvOQBq0v Zhb57O9qvhNxQMzmOGCnNZio51Pv9lcBPcAXjaie+VTBoKhUTFK8IpRqlfSJdbbA vqHuwqgAm1kHZb7RyMA3MRozlqM09IlGDq1IuWBZzrJ3+TA+T3T4lJPlol8eXD8= =cOUN -----END PGP SIGNATURE----- --HqgJ8mi4LeeJNT6P8WlSM9e9V5OX2279p-- From nobody Wed Apr 20 13:36:29 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 936CF12E8DD for ; Wed, 20 Apr 2016 13:36:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.899 X-Spam-Level: X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8d0ObZbYDK3X for ; Wed, 20 Apr 2016 13:36:26 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 288AC12E92D for ; Wed, 20 Apr 2016 13:36:22 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 985E9F2402A; Wed, 20 Apr 2016 16:36:21 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id U6bJ41pKprgg; Wed, 20 Apr 2016 16:20:53 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 7788E9A4002; Wed, 20 Apr 2016 16:36:20 -0400 (EDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_83F5C577-59BF-4EAB-BB78-4567A9B6147F" Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: Date: Wed, 20 Apr 2016 16:36:19 -0400 Message-Id: <9911931C-DDE9-4733-9D3F-D486069E93F4@vigilsec.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> To: Dmitry Belyavsky X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org, Alexey Melnikov Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 20:36:28 -0000 --Apple-Mail=_83F5C577-59BF-4EAB-BB78-4567A9B6147F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Dmitry: > Dear Alexey,=20 >=20 > On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melnikov = wrote: > Hi Dmitry, >=20 > On 20 Apr 2016, at 20:28, Dmitry Belyavsky wrote: >=20 >> Dear Russ, >>=20 >> On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley = wrote: >> This does not include the two things proposed by Eliot or Max earlier = today. >>=20 >> Russ >>=20 >> =3D =3D =3D =3D =3D =3D =3D >>=20 >> The PKIX and S/MIME Working Groups have been closed for some time. = Some >> updates are need to the X.509 certificate documents produced by the = PKIX >> Working Group and the electronic mail security documents produced by = the >> S/MIME Working Group. >>=20 >> The Some PKIX and S/MIME (SPASM) Working Group is chartered to make = the >> updates where there is a known constituency and there is a at least = one >> known approach to the update. The current charter included updates = to >> satisfy the following needs: >>=20 >> 1. Specify the way to include an i18n email address as a subject >> alternative name and an issuer alternative name. >>=20 >> Is there a way to specify an i18n email address as a subject itself, = not as SAN? >> If not, it is useful to add it to the point 1. >=20 > Are there any situations where extensions to SAN/IAN would not be = sufficient. >=20 > I think yes. For example the situation when the address is IDN domain = is primary. >=20 >>=20 >> The IDN domains are used widely enough in Russia so it's an actual = problem.=20 >=20 > Right, this item would deal with IDN domains in email addresses. >=20 > =20 > If I understand correctly, there are different encodings for the left = part (before '@') and for the domain name (IDNA). IDNA is already handled by RFC 5280. 7.2. Internationalized Domain Names in GeneralName Internationalized Domain Names (IDNs) may be included in certificates and CRLs in the subjectAltName and issuerAltName extensions, name constraints extension, authority information access extension, subject information access extension, CRL distribution points extension, and issuing distribution point extension. Each of these extensions uses the GeneralName type; one choice in GeneralName is the dNSName field, which is defined as type IA5String. IA5String is limited to the set of ASCII characters. To accommodate internationalized domain names in the current structure, conforming implementations MUST convert internationalized domain names to the ASCII Compatible Encoding (ACE) format as specified in Section 4 of RFC 3490 before storage in the dNSName field. Specifically, conforming implementations MUST perform the conversion operation specified in Section 4 of RFC 3490, with the following clarifications: * in step 1, the domain name SHALL be considered a "stored string". That is, the AllowUnassigned flag SHALL NOT be set; * in step 3, set the flag called "UseSTD3ASCIIRules"; * in step 4, process each label with the "ToASCII" operation; and * in step 5, change all label separators to U+002E (full stop). When comparing DNS names for equality, conforming implementations MUST perform a case-insensitive exact match on the entire DNS name. When evaluating name constraints, conforming implementations MUST perform a case-insensitive exact match on a label-by-label basis. As noted in Section 4.2.1.10, any DNS name that may be constructed by adding labels to the left-hand side of the domain name given as the constraint is considered to fall within the indicated subtree. Implementations should convert IDNs to Unicode before display. Specifically, conforming implementations should perform the conversion operation specified in Section 4 of RFC 3490, with the following clarifications: * in step 1, the domain name SHALL be considered a "stored string". That is, the AllowUnassigned flag SHALL NOT be set; * in step 3, set the flag called "UseSTD3ASCIIRules"; * in step 4, process each label with the "ToUnicode" operation; and * skip step 5. Note: Implementations MUST allow for increased space requirements for IDNs. An IDN ACE label will begin with the four additional characters "xn--" and may require as many as five ASCII characters to specify a single international character.= --Apple-Mail=_83F5C577-59BF-4EAB-BB78-4567A9B6147F Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Dmitry:

Dear Alexey, 

On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melnikov = <alexey.melnikov@isode.com> = wrote:
Hi Dmitry,

On 20 Apr = 2016, at 20:28, Dmitry Belyavsky <beldmit@gmail.com> = wrote:

Dear = Russ,

On Wed, = Apr 20, 2016 at 8:51 PM, Russ Housley <housley@vigilsec.com> = wrote:
This does not include = the two things proposed by Eliot or Max earlier today.

Russ

=3D =3D =3D =3D =3D =3D =3D

The PKIX and S/MIME Working Groups have been closed for some time.  = Some
updates are need to the X.509 certificate documents produced by the = PKIX
Working Group and the electronic mail security documents produced by = the
S/MIME Working Group.

The Some PKIX and S/MIME (SPASM) Working Group is chartered to make = the
updates where there is a known constituency and there is a at least = one
known approach to the update.  The current charter included updates = to
satisfy the following needs:

1. Specify the way to include an i18n email address as a subject
   alternative name and an issuer alternative = name.

Is there a way to specify an = i18n email address as a subject itself, not as SAN?
If not, it = is useful to add it to the point = 1.

Are there = any situations where extensions to SAN/IAN would not be = sufficient.

I think yes. For = example the situation when the address is IDN domain is = primary.


The IDN domains are used = widely enough in Russia so it's an actual = problem. 

R= ight, this item would deal with IDN domains in email = addresses.

 
If = I understand correctly, there are different encodings for the left part = (before '@') and for the domain name = (IDNA).

IDNA is already handled = by RFC 5280.

7.2. =  Internationalized Domain Names in = GeneralName

   Internationalized = Domain Names (IDNs) may be included in certificates
  =  and CRLs in the subjectAltName and issuerAltName extensions, = name
   constraints extension, authority information = access extension,
   subject information access = extension, CRL distribution points
   extension, and = issuing distribution point extension.  Each of = these
   extensions uses the GeneralName type; one = choice in GeneralName is
   the dNSName field, which = is defined as type IA5String.

  =  IA5String is limited to the set of ASCII characters.  To = accommodate
   internationalized domain names in the = current structure, conforming
   implementations = MUST convert internationalized domain names to the
  =  ASCII Compatible Encoding (ACE) format as specified in Section 4 = of
   RFC 3490 before storage in the dNSName field. =  Specifically,
   conforming implementations = MUST perform the conversion operation
   specified = in Section 4 of RFC 3490, with the following
  =  clarifications:

      * =  in step 1, the domain name SHALL be considered a = "stored
         string".  That = is, the AllowUnassigned flag SHALL NOT be = set;

      *  in step 3, = set the flag called "UseSTD3ASCIIRules";

  =     *  in step 4, process each label with the "ToASCII" = operation; and

      *  in = step 5, change all label separators to U+002E (full = stop).

   When comparing DNS names = for equality, conforming implementations
   MUST = perform a case-insensitive exact match on the entire DNS = name.
   When evaluating name constraints, = conforming implementations MUST
   perform a = case-insensitive exact match on a label-by-label basis. =  As
   noted in Section 4.2.1.10, any DNS name = that may be constructed by
   adding labels to the = left-hand side of the domain name given as the
  =  constraint is considered to fall within the indicated = subtree.

   Implementations should = convert IDNs to Unicode before display.
  =  Specifically, conforming implementations should perform = the
   conversion operation specified in Section 4 = of RFC 3490, with the
   following = clarifications:

      *  in = step 1, the domain name SHALL be considered a "stored
  =        string".  That is, the AllowUnassigned = flag SHALL NOT be set;

      * =  in step 3, set the flag called = "UseSTD3ASCIIRules";

      * =  in step 4, process each label with the "ToUnicode" = operation;
        =  and

      *  skip = step 5.

   Note: =  Implementations MUST allow for increased space = requirements
   for IDNs.  An IDN ACE label = will begin with the four additional
   characters = "xn--" and may require as many as five ASCII characters = to
   specify a single international = character.
= --Apple-Mail=_83F5C577-59BF-4EAB-BB78-4567A9B6147F-- From nobody Wed Apr 20 14:54:32 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D13B12D14F for ; Wed, 20 Apr 2016 14:54:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.897 X-Spam-Level: X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrO1QqKQXfKM for ; Wed, 20 Apr 2016 14:54:28 -0700 (PDT) Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6D4212D508 for ; Wed, 20 Apr 2016 14:54:27 -0700 (PDT) Received: from srv4.stroeder.local (srv1.stroeder.com [213.240.180.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.stroeder.local", Issuer "stroeder.com Server CA no. 2009-07" (verified OK)) by srv1.stroeder.com (Postfix) with ESMTPS id 3B29E1CED1 for ; Wed, 20 Apr 2016 21:54:25 +0000 (UTC) Received: from nb2.stroeder.local (nb2.stroeder.local [10.1.1.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by srv4.stroeder.local (Postfix) with ESMTPS id 5288F1D2B6 for ; Wed, 20 Apr 2016 21:54:23 +0000 (UTC) References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> <9911931C-DDE9-4733-9D3F-D486069E93F4@vigilsec.com> To: spasm@ietf.org From: =?UTF-8?Q?Michael_Str=c3=b6der?= Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938 Message-ID: <5717FA8E.2010904@stroeder.com> Date: Wed, 20 Apr 2016 23:54:22 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 SeaMonkey/2.40 MIME-Version: 1.0 In-Reply-To: <9911931C-DDE9-4733-9D3F-D486069E93F4@vigilsec.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms080703050301050308030803" Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 21:54:30 -0000 This is a cryptographically signed message in MIME format. --------------ms080703050301050308030803 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Russ Housley wrote: > Dmitry: >>> The IDN domains are used widely enough in Russia so it's an actual pr= oblem.=20 >> >> Right, this item would deal with IDN domains in email addresses. >> =20 >> If I understand correctly, there are different encodings for the left = part (before '@') and for the domain name (IDNA). >=20 > IDNA is already handled by RFC 5280. Yes, which is ok for the domain part of the e-mail address. For the local part one would ideally like to have UTF-8 encoded e-mail ad= dress for upcoming SMTPUTF8 extension (AFAICS not widely implemented yet). Tha= t's why I've defined 'intlMailAddr' in draft-stroeder-mailboxrelatedobject for LD= AP. Ciao, Michael. --------------ms080703050301050308030803 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DGYwggYqMIIFEqADAgECAgMPVg4wDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYw FAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZp Y2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJt ZWRpYXRlIENsaWVudCBDQTAeFw0xNTA5MTAxNjMwMTdaFw0xNjA5MTAxNDA3NTBaMEQxHTAb BgNVBAMMFG1pY2hhZWxAc3Ryb2VkZXIuY29tMSMwIQYJKoZIhvcNAQkBFhRtaWNoYWVsQHN0 cm9lZGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3ulgRkFW/ozuAX 8HwDmP7ifGF09KbLcAEVVjS013fTAlEzq0TJVcMXx/57LqdWtelCi35YvCzXHURuZl6hpUlR +yOR1sev9xP2NfEJHQKUfs435wN6xFmdg/LI+ydlJ/exc3XxZVnb994vtJOlQh1HgXJvCORp 9d359fQQMY5N71TiQs0rcn8SNUBLZYHom1U2g2oEHN/QFNf2noxfXdPxTWeeeR0EuhH1Yy/0 AE2JZk2VmFW6VZYjEPoXUOfRizEzSM6HjyG347RnFd5Zh5vquxN609Z2iSg1Txuvd/eLSSuu 9sxLfw/5Qq4Xd/vhNVTrvG8d4M9L54orRVdFwmsCAwEAAaOCAtowggLWMAkGA1UdEwQCMAAw CwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU ubJgGvVtleGfzm7tjClKT2uUcB4wHwYDVR0jBBgwFoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIw HwYDVR0RBBgwFoEUbWljaGFlbEBzdHJvZWRlci5jb20wggFMBgNVHSAEggFDMIIBPzCCATsG CysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20v cG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcg dG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4g Y29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNgYDVR0fBC8w LTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYB BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9j bGFzczEvY2xpZW50L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9j ZXJ0cy9zdWIuY2xhc3MxLmNsaWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAv5aQr1I7ZAg4VJJtaPIi61v/v0v9j Hs/Gl695n7shMeZx/H5F6EAwma0MWIWv1H9mtFcGhXiwr55SR1xMffy+C2Q5byyVcVKmrC+E vP1Ke+VnJ6v/l3JV5zPQf38XdCvYQACHFIODnVmD5JI59TWzS5ReudfTf60kQeNoRTZH15el 8hORNOzkoGiV70Kuuw7pCOf0ncjshttJE3NetXa2f4rTsCC5UNrMqhF8Y6NALa3m/zzCK1+i nvukFQPBU3+NFeNcrpp2nroEutsl3ftkcw6jAvQvTGEIw6AO13fgujtge+kxyoF2RuCSsEmT jmyZ7QweLwfmuU70umVTM8HUMIIGNDCCBBygAwIBAgIBHjANBgkqhkiG9w0BAQUFADB9MQsw CQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjEwMTU1WhcNMTcxMDI0MjEwMTU1WjCBjDELMAkG A1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdp dGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJp bWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxwmDzM4t2BqxKaQuE6uWvooyg4ymiEGWVUet1G8SD+rqvyNH4QrvnEIaFHxOhESi p7vMz39ScLpNLbL1QpOlPW/tFIzNHS3qd2XRNYG5Sv9RcGE+T4qbLtsjjJbi6sL7Ls/f/X9f tTyhxvxWkf8KW37iKrueKsxw2HqolH7GM6FX5UfNAwAu4ZifkpmZzU1slBhyWwaQPEPPZRsW oTb7q8hmgv6Nv3Hg9rmA1/VPBIOQ6SKRkHXG0Hhmq1dOFoAFI411+a/9nWm5rcVjGcIWZ2v/ 43Yksq60jExipA4l5uv9/+Hm33mbgmCszdj/Dthf13tgAv2O83hLJ0exTqfrlwIDAQABo4IB rTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFNy7ZKc 4NrLAVx8fpY1TvLUuFGCMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMGYGCCsG AQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMC0G CCsGAQUFBzAChiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQw UjAnoCWgI4YhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRw Oi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcB AgEwZjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjAN BgkqhkiG9w0BAQUFAAOCAgEACoMIfXirLAZcuGOMXq4cuSN3TaFx2H2GvD5VSy/6rV55BYHb WNaPeQn3oBSU8KgQZn/Kck1JxbLpAxVCNtsxeW1R87ifhsYZ0qjdrA9anrW2MAWCtosmAOT4 OxK9QPoSjCMxM3HbkZCDJgnlE8jMopH21BbyAYr7b5EfGRQJNtgWcvqSXwKHnTutR08+Kkn0 KAkXCzeQNLeA5LlYUzFyM7kPAp8pIRMQ+seHunmyG642S2+y/qHEdMuGIwpfz3eDF1PdctL0 4qYK/zu+Qg1Bw0RwgigVZs/0c5HP2/e9DBHh7eSwtzYlk4AUr6yxLlcwSjOfOmKEQ/Q8tzh0 IFiNu9IPuTGAPBn4CPxD0+Ru8T2wg8/s43R/PT3kd1OEqOJUl7q+h+r6fpvU0Fzxd2tC8Ga6 fDEPme+1Nbi+03pVjuZQKbGwKJ66gEn06WqaxVZC+J8hh/jR0k9mST1iAZPNYulcNJ8tKmVt jYsv0L1TSm2+NwON58tO+pIVzu3DWwSEXSf+qkDavQam+QtEOZxLBXI++aMUEapSn+k3Lxm4 8ZCYfAWLb/Xj7F5JQMbZvCexglAbYR0kIHqW5DnsYSdMD/IplJMojx0NBrxJ3fN9dvX2Y6BI XRsF1du4qESm4/3CKuyUV7p9DW3mPlHTGLvYxnyKQy7VFBkoLINszBrOUeIxggPtMIID6QIB ATCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29t IENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMPVg4wDQYJYIZIAWUD BAIBBQCgggIpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE2 MDQyMDIxNTQyMlowLwYJKoZIhvcNAQkEMSIEIP2sAcZFfCBVHVYIa+2A6jjLVt6Q9BIoTwMe WIXWdW3CMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggq hkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI hvcNAwICASgwgaUGCSsGAQQBgjcQBDGBlzCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUg Q2xpZW50IENBAgMPVg4wgacGCyqGSIb3DQEJEAILMYGXoIGUMIGMMQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlm aWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy bWVkaWF0ZSBDbGllbnQgQ0ECAw9WDjANBgkqhkiG9w0BAQEFAASCAQCFA1HP94ryu+SvpDRT /sWf+VgYRNZD6ZbJDv+5MIkqOflEXCsAGNp+ry7TVQhTc6r52wn1Z2pnlKt3jrqHFoli7+Ka sEnRnIoVpP26bqGd3KEqwh0E9pf5y8EEVlYiYEjvi+3185s7J/p2ccUOkU7ejYX76aImzrOk k6LUXg3ytDBij7ZNC5+/sujcBLDXWjAPliSv74XyloM9oYVSIZ+mtUX/WPgkN2/BEfEkWMC9 7ToWpPGavNEIafhrphnn475mTstSLPzZkkOrwOKCz8ye7xz0we4Y5ilq9x4VhhddCPQMnFgj RhajdY4QPURIOyLB4TK3qrwr1/uNQ2oD6x4VAAAAAAAA --------------ms080703050301050308030803-- From nobody Wed Apr 20 15:01:02 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D785A12DA1D for ; Wed, 20 Apr 2016 15:00:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Er4K7AZ77UE for ; Wed, 20 Apr 2016 15:00:56 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 3ADFB12DE80 for ; Wed, 20 Apr 2016 15:00:43 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 9299AF2402A; Wed, 20 Apr 2016 18:00:42 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id DdIYopx66C6Z; Wed, 20 Apr 2016 17:45:03 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 1D7039A4001; Wed, 20 Apr 2016 18:00:31 -0400 (EDT) Content-Type: multipart/signed; boundary="Apple-Mail=_430A8862-A6B9-4038-B862-3D9917DCAE6D"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: <5717FA8E.2010904@stroeder.com> Date: Wed, 20 Apr 2016 18:00:29 -0400 Message-Id: <0D05361D-A04B-4390-B770-9FCD93992C1A@vigilsec.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> <9911931C-DDE9-4733-9D3F-D486069E93F4@vigilsec.com> <5717FA8E.2010904@stroeder.com> To: Michael Stroeder X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 22:00:59 -0000 --Apple-Mail=_430A8862-A6B9-4038-B862-3D9917DCAE6D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 Michael: >> IDNA is already handled by RFC 5280. >=20 > Yes, which is ok for the domain part of the e-mail address. >=20 > For the local part one would ideally like to have UTF-8 encoded e-mail = address > for upcoming SMTPUTF8 extension (AFAICS not widely implemented yet). = That's why > I've defined 'intlMailAddr' in draft-stroeder-mailboxrelatedobject for = LDAP. IDNA is handled for domainName, but we do not yet have a solution for = internationalized email addresses. That is why the proposed charter text includes: Specify the way to include an i18n email address as a subject alternative name and an issuer alternative name. Russ= --Apple-Mail=_430A8862-A6B9-4038-B862-3D9917DCAE6D Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ9zCCBK8w ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW 51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7 BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK 2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7 mzCCBUAwggQooAMCAQICEQCzIsUuKpsHVq2Oiy2wXwvCMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRow GAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50 IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTYwMzMxMDAwMDAwWhcNMTcw MzMxMjM1OTU5WjAlMSMwIQYJKoZIhvcNAQkBFhRob3VzbGV5QHZpZ2lsc2VjLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQwBbNVXhmLbyClWrRBX0GdNQFhVHEpbzM4tr5pdd0q rPp8i+6qqNa4dAbJT6kodJ/LgsBi5EN3li4MJOIlf3rCsK1/VXepRwqUoc1cZfLRGdEj/4zgwrNZ ULvOFiDIvYkAYDWRlYnEXulWr3KriOApHpfzbQvHStU1YsV762AIHVbZUW5tlTC9LfI8r+PIBFzv Y5ujoUnSAgKgeE8gDK9yAxemrQ6wzDpwaf5PxEVnw0gOC2jtDojdzhoQfz57MFrL9pA1QyMbnItV zCYfc5J7EfeCGupcFqwXytbJHSYPfLfM1/3omGgCGD/DZk4z4SUVC19k02iGxAIVDsWJ5oMCAwEA AaOCAfIwggHuMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTrsV85 Y7qY6oVPF5xRd+wqIu3VJTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BT MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNs aWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGA MFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRB dXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5jb21vZG9jYS5jb20wHwYDVR0RBBgwFoEUaG91c2xleUB2aWdpbHNlYy5jb20wDQYJKoZIhvcN AQELBQADggEBACgHw+/VeC7LgLJs19KZ6Ds2cW+jLSPjA3AIqSxiQ+uyDFwe6FujBUqRCXfla0qg MzbhJ+1uSxcaktsS5idpB5Dfp8SVEGLcjtSJwWVlEofjaRrx6pi2mzazQwfKklY/epvsgnCoY8KW FeSGkpbQXu5WrIL18EFqMCHqDiu5/P49PcZnJRv2xHTi5CkIsI7XgOw4FazS3xuJMVQ5TVtIUeMW OqRlNJaeTiBsOVauS3FE/zRejsAYhHp3EV1PZFhV6hdcK/8qKrqRBtZtsEIm2FNWNsk8p/3RmUQl 4n4qN/NvapmXyYqfHZiuxf2g8H/WHF8IlVDzljLy90Uy0X7Qp0gxggPGMIIDwgIBATCBsTCBmzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENs aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAsyLFLiqbB1atjostsF8L wjAJBgUrDgMCGgUAoIIB6TAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjA0MjAyMjAwMzBaMCMGCSqGSIb3DQEJBDEWBBTJNDunKz44waK8xr+A7Gu5vLUKUTCBwgYJ KwYBBAGCNxAEMYG0MIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwg Q0ECEQCzIsUuKpsHVq2Oiy2wXwvCMIHEBgsqhkiG9w0BCRACCzGBtKCBsTCBmzELMAkGA1UEBhMC R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAsyLFLiqbB1atjostsF8LwjANBgkqhkiG 9w0BAQEFAASCAQAu0GhfpMkOl1L3823pnczi3xzepz5sOGt3rXnqOQ8NPgYSF1GXds70EAOMlSOz Jzg+8/GiWdhwmhVfcrBEnDCzoxh1qt3dmOMZDlkoG6fQTqCVgUzy6Y4iW8wj2ArQTh6uNbm8m/Ai zBObz0balx+ZbyvD3MttH4uTpDykYLz4fDIFQzR1MevTDEGUhJpQf67wpeiNHopAMcR62Mt3OYUZ 52PgVMgIspuPttF6FqMn5H0LmwL2h32+0k0mQ78qfRuQpgot5J7p/+TNgfRrvnuHVuOXkxFiVEBZ 2sSZpCSF0wEvdsISiWvBwX4ZvTq2/Z5XLnzX1uKNRGF9tngnbVEmAAAAAAAA --Apple-Mail=_430A8862-A6B9-4038-B862-3D9917DCAE6D-- From nobody Wed Apr 20 15:03:29 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9183212E49F for ; Wed, 20 Apr 2016 15:03:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.897 X-Spam-Level: X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odd6oj73DJou for ; Wed, 20 Apr 2016 15:03:25 -0700 (PDT) Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CB7C12E44E for ; Wed, 20 Apr 2016 15:03:25 -0700 (PDT) Received: from srv4.stroeder.local (srv1.stroeder.com [213.240.180.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.stroeder.local", Issuer "stroeder.com Server CA no. 2009-07" (verified OK)) by srv1.stroeder.com (Postfix) with ESMTPS id 7B84B1CED1 for ; Wed, 20 Apr 2016 22:03:23 +0000 (UTC) Received: from nb2.stroeder.local (nb2.stroeder.local [10.1.1.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by srv4.stroeder.local (Postfix) with ESMTPS id 7F3CF1D2B6 for ; Wed, 20 Apr 2016 22:03:21 +0000 (UTC) References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> <9911931C-DDE9-4733-9D3F-D486069E93F4@vigilsec.com> <5717FA8E.2010904@stroeder.com> <0D05361D-A04B-4390-B770-9FCD93992C1A@vigilsec.com> To: spasm@ietf.org From: =?UTF-8?Q?Michael_Str=c3=b6der?= Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938 Message-ID: <5717FCA8.8080005@stroeder.com> Date: Thu, 21 Apr 2016 00:03:20 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 SeaMonkey/2.40 MIME-Version: 1.0 In-Reply-To: <0D05361D-A04B-4390-B770-9FCD93992C1A@vigilsec.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms000504040008040708000406" Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 22:03:27 -0000 This is a cryptographically signed message in MIME format. --------------ms000504040008040708000406 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Russ Housley wrote: > Michael: >=20 >>> IDNA is already handled by RFC 5280. >> >> Yes, which is ok for the domain part of the e-mail address. >> >> For the local part one would ideally like to have UTF-8 encoded e-mail= address >> for upcoming SMTPUTF8 extension (AFAICS not widely implemented yet). = That's why >> I've defined 'intlMailAddr' in draft-stroeder-mailboxrelatedobject for= LDAP. >=20 > IDNA is handled for domainName, but we do not yet have a solution for i= nternationalized email addresses. >=20 > That is why the proposed charter text includes: >=20 > Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. It seems my language wasn't clear. I meant: +1 to the above. Ciao, Michael. --------------ms000504040008040708000406 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DGYwggYqMIIFEqADAgECAgMPVg4wDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYw FAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZp Y2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJt ZWRpYXRlIENsaWVudCBDQTAeFw0xNTA5MTAxNjMwMTdaFw0xNjA5MTAxNDA3NTBaMEQxHTAb BgNVBAMMFG1pY2hhZWxAc3Ryb2VkZXIuY29tMSMwIQYJKoZIhvcNAQkBFhRtaWNoYWVsQHN0 cm9lZGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3ulgRkFW/ozuAX 8HwDmP7ifGF09KbLcAEVVjS013fTAlEzq0TJVcMXx/57LqdWtelCi35YvCzXHURuZl6hpUlR +yOR1sev9xP2NfEJHQKUfs435wN6xFmdg/LI+ydlJ/exc3XxZVnb994vtJOlQh1HgXJvCORp 9d359fQQMY5N71TiQs0rcn8SNUBLZYHom1U2g2oEHN/QFNf2noxfXdPxTWeeeR0EuhH1Yy/0 AE2JZk2VmFW6VZYjEPoXUOfRizEzSM6HjyG347RnFd5Zh5vquxN609Z2iSg1Txuvd/eLSSuu 9sxLfw/5Qq4Xd/vhNVTrvG8d4M9L54orRVdFwmsCAwEAAaOCAtowggLWMAkGA1UdEwQCMAAw CwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU ubJgGvVtleGfzm7tjClKT2uUcB4wHwYDVR0jBBgwFoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIw HwYDVR0RBBgwFoEUbWljaGFlbEBzdHJvZWRlci5jb20wggFMBgNVHSAEggFDMIIBPzCCATsG CysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20v cG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcg dG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4g Y29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNgYDVR0fBC8w LTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYB BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9j bGFzczEvY2xpZW50L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9j ZXJ0cy9zdWIuY2xhc3MxLmNsaWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAv5aQr1I7ZAg4VJJtaPIi61v/v0v9j Hs/Gl695n7shMeZx/H5F6EAwma0MWIWv1H9mtFcGhXiwr55SR1xMffy+C2Q5byyVcVKmrC+E vP1Ke+VnJ6v/l3JV5zPQf38XdCvYQACHFIODnVmD5JI59TWzS5ReudfTf60kQeNoRTZH15el 8hORNOzkoGiV70Kuuw7pCOf0ncjshttJE3NetXa2f4rTsCC5UNrMqhF8Y6NALa3m/zzCK1+i nvukFQPBU3+NFeNcrpp2nroEutsl3ftkcw6jAvQvTGEIw6AO13fgujtge+kxyoF2RuCSsEmT jmyZ7QweLwfmuU70umVTM8HUMIIGNDCCBBygAwIBAgIBHjANBgkqhkiG9w0BAQUFADB9MQsw CQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjEwMTU1WhcNMTcxMDI0MjEwMTU1WjCBjDELMAkG A1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdp dGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJp bWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxwmDzM4t2BqxKaQuE6uWvooyg4ymiEGWVUet1G8SD+rqvyNH4QrvnEIaFHxOhESi p7vMz39ScLpNLbL1QpOlPW/tFIzNHS3qd2XRNYG5Sv9RcGE+T4qbLtsjjJbi6sL7Ls/f/X9f tTyhxvxWkf8KW37iKrueKsxw2HqolH7GM6FX5UfNAwAu4ZifkpmZzU1slBhyWwaQPEPPZRsW oTb7q8hmgv6Nv3Hg9rmA1/VPBIOQ6SKRkHXG0Hhmq1dOFoAFI411+a/9nWm5rcVjGcIWZ2v/ 43Yksq60jExipA4l5uv9/+Hm33mbgmCszdj/Dthf13tgAv2O83hLJ0exTqfrlwIDAQABo4IB rTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFNy7ZKc 4NrLAVx8fpY1TvLUuFGCMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMGYGCCsG AQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMC0G CCsGAQUFBzAChiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQw UjAnoCWgI4YhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRw Oi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcB AgEwZjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjAN BgkqhkiG9w0BAQUFAAOCAgEACoMIfXirLAZcuGOMXq4cuSN3TaFx2H2GvD5VSy/6rV55BYHb WNaPeQn3oBSU8KgQZn/Kck1JxbLpAxVCNtsxeW1R87ifhsYZ0qjdrA9anrW2MAWCtosmAOT4 OxK9QPoSjCMxM3HbkZCDJgnlE8jMopH21BbyAYr7b5EfGRQJNtgWcvqSXwKHnTutR08+Kkn0 KAkXCzeQNLeA5LlYUzFyM7kPAp8pIRMQ+seHunmyG642S2+y/qHEdMuGIwpfz3eDF1PdctL0 4qYK/zu+Qg1Bw0RwgigVZs/0c5HP2/e9DBHh7eSwtzYlk4AUr6yxLlcwSjOfOmKEQ/Q8tzh0 IFiNu9IPuTGAPBn4CPxD0+Ru8T2wg8/s43R/PT3kd1OEqOJUl7q+h+r6fpvU0Fzxd2tC8Ga6 fDEPme+1Nbi+03pVjuZQKbGwKJ66gEn06WqaxVZC+J8hh/jR0k9mST1iAZPNYulcNJ8tKmVt jYsv0L1TSm2+NwON58tO+pIVzu3DWwSEXSf+qkDavQam+QtEOZxLBXI++aMUEapSn+k3Lxm4 8ZCYfAWLb/Xj7F5JQMbZvCexglAbYR0kIHqW5DnsYSdMD/IplJMojx0NBrxJ3fN9dvX2Y6BI XRsF1du4qESm4/3CKuyUV7p9DW3mPlHTGLvYxnyKQy7VFBkoLINszBrOUeIxggPtMIID6QIB ATCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29t IENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMPVg4wDQYJYIZIAWUD BAIBBQCgggIpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE2 MDQyMDIyMDMyMFowLwYJKoZIhvcNAQkEMSIEILSp5+Yp+yE8EtPIkzHXceuvq7HLZdnSqhCd vZLulyRcMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggq hkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI hvcNAwICASgwgaUGCSsGAQQBgjcQBDGBlzCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUg Q2xpZW50IENBAgMPVg4wgacGCyqGSIb3DQEJEAILMYGXoIGUMIGMMQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlm aWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy bWVkaWF0ZSBDbGllbnQgQ0ECAw9WDjANBgkqhkiG9w0BAQEFAASCAQBddkKr8bSJHLNDuSYd IPomL8CzAveyOuVHEufNd44E00percd1Wr7bKKd8Z4sUMXWljyYDFjddgEB6xwF0e2BVe0aW WiN/5yONxxNv0Ln3P//dZdN9E5xBapyJsm/JquJH6Esc6RLFN7x+GvUDbtN7fgaMQnw4LlmY nMueHwlCGVc8ygsQ58O7j1tG6JzuSZZ9d1tFvXyNslt0DJ/wOskEHhr4gW8C2FsR0Oyk89V9 /6mhK+1Euj5vwSpMLqvtud4otnc1BweJwwPzHyON0n1CMYjnKzc/oyNwPdZynTxpi1CR0EwO zxB54Pw/MwyfNGuXwUsu2J/HxKC0qIxvCSzkAAAAAAAA --------------ms000504040008040708000406-- From nobody Wed Apr 20 16:24:51 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B2012DB00 for ; Wed, 20 Apr 2016 16:24:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WpGYgYicSp4I for ; Wed, 20 Apr 2016 16:24:49 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3054212D609 for ; Wed, 20 Apr 2016 16:24:49 -0700 (PDT) Received: (qmail 79337 invoked from network); 20 Apr 2016 23:24:47 -0000 Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 20 Apr 2016 23:24:47 -0000 Date: 20 Apr 2016 23:24:25 -0000 Message-ID: <20160420232425.18637.qmail@ary.lan> From: "John Levine" To: spasm@ietf.org In-Reply-To: <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Cc: alexey.melnikov@isode.com Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2016 23:24:50 -0000 >Right, this item would deal with IDN domains in email addresses. Since every IDN domain has an ASCII A-label equivalent, why is this a problem? I agree that EAI addresses with UTF-8 local parts need at least a small document update. R's, John From nobody Wed Apr 20 17:37:18 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E4D12EF4E for ; Wed, 20 Apr 2016 17:37:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mDPTyVPqNDoC for ; Wed, 20 Apr 2016 17:37:15 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A06E12EF47 for ; Wed, 20 Apr 2016 17:37:15 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C3697BE56; Thu, 21 Apr 2016 01:37:11 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wZaMpFSt1ly7; Thu, 21 Apr 2016 01:37:09 +0100 (IST) Received: from [10.87.49.100] (unknown [86.46.28.69]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0A9DEBE3F; Thu, 21 Apr 2016 01:37:09 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461199029; bh=WXPOb3lFQfYFxp+FrwepYBuiXNWyQoSfZPusAXVm+FY=; h=Subject:To:References:From:Date:In-Reply-To:From; b=dl/IlaGMPHgY2b3zBQMs1GuXfDpF2tQmKNOqtQ02embQvjDwIj7bwjI79wZBkQMoI W/o5vAM+llOlz8+At7pH+PBd4To+vJxezGxLu8bl+Z4sxSYSxVfUmCPyJNVQ29aVbO AP7w5MXaFzgYgUVllsGHGTgKpb/RNzXV6S+1nNAE= To: Eliot Lear , spasm@ietf.org References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> <5717D6A6.7070406@cs.tcd.ie> <5717E5DA.2070300@cisco.com> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <571820B4.7000806@cs.tcd.ie> Date: Thu, 21 Apr 2016 01:37:08 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <5717E5DA.2070300@cisco.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ghRv8H2Eo3xmaJKWcLIuCvUn5dVlOBMtc" Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 00:37:17 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ghRv8H2Eo3xmaJKWcLIuCvUn5dVlOBMtc Content-Type: multipart/mixed; boundary="KrgfFThOehIG2diSGrCpc0TkPFNmpw4vB" From: Stephen Farrell To: Eliot Lear , spasm@ietf.org Message-ID: <571820B4.7000806@cs.tcd.ie> Subject: Re: [Spasm] DRAFT charter text References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> <5717D6A6.7070406@cs.tcd.ie> <5717E5DA.2070300@cisco.com> In-Reply-To: <5717E5DA.2070300@cisco.com> --KrgfFThOehIG2diSGrCpc0TkPFNmpw4vB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Eliot, On 20/04/16 21:26, Eliot Lear wrote: > Why should unrelated efforts be measured against each other? How does > one compare the importance of auto-configuration of IoT devices to emai= l > addressing? =20 Energy and likelihood of implementation/deployment are factors that are worth considering. The propensity of relevant folks (incl. me historically, for which I apologise, now knowing a bit more maybe;-) in this space to document things that are never really implemented or deployed is real and worth not forgetting. And given the difficulty of getting 5280 updates widely accepted and, more importantly, deployed, and the tiny amount of smime in the world (relative to email), there is a real danger that we waste folks' time here, with the best of intentions. > An alternative approach would be that if you're truly > looking to scale, create a maintenance group, deal with the demand that= > has pent up, and manage extensions based those who are willing to do wo= rk. Arguments for/against a generic SEC area maintenance group would be better discussed on the saag list. (Not sure if that's what you meant though.) If you want to argue for that, please do start a thread on saag. Previous iterations of that discussion have not seemed to reach consensus on creating such a mechanism/WG. That said, MUD doesn't fit that "maintenance" template, but that's ok - it may be that folks' opinions have changed. (FWIW, I'd be opposed to such a generic "maintain security stuff" WG on the basis that it'd likely not have sufficient energy to do good work, and also on the basis that such a beast would attract crap; however the arguments against are not a slam-dunk, so the discussion is worth re-visiting from time to time and it's been a while.) > But if you are going to go with your approach, I suggest you start with= > candidates of all, and then pair down rather than choosing arbitrarily.= That was what I think I was proposing. But paired-down based partly based on whether or not the community are interested in engaging or not seems like a reasonable consideration in the chartering process. So - please do engage and argue for your thing, but in the context of the all the other things about which folks argue here. (IOW, by all means do defend your own proposal as worthwhile, but if that's all that anyone does, then IMO we don't have a viable WG.) Hope that helps, S. >=20 > Eliot >=20 >=20 >=20 > On 4/20/16 9:21 PM, Stephen Farrell wrote: >> >> On 20/04/16 20:08, Eliot Lear wrote: >>> Please do add the both in. =20 >> FWIW, I am far more likely to want to support a charter that >> is very limited, rather than one that is inclusive, so just >> adding in work items is not a way to help get a WG chartered. >> >> I'd *really* like to see folks arguing about the relative >> merits and priorities of the proposed work items and not just >> trying to get their fav things included. If only or mostly the >> latter kind of discussion ensues, I will lack confidence that >> we have a tractable WG and folks will end up back trying to >> find AD sponsorship for work items, which does not scale. >> (And there are often some slam-dunk things for AD sponsorship >> that clearly do need to get done and clearly don't justify a >> WG.) >> >> Note that I'm not picking on Eliot here - the same applies >> to all of the proposed work items (incl. those in Russ' list) >> and to discussion thereof. And to the overall level of energy >> visible on this list. I am very willing to help charter a WG >> that will act like one and do needed work. >> >> Cheers, >> S. >> >> >=20 >=20 --KrgfFThOehIG2diSGrCpc0TkPFNmpw4vB-- --ghRv8H2Eo3xmaJKWcLIuCvUn5dVlOBMtc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXGCC0AAoJEC88hzaAX42ikf4H/iGHiRzXWmfloAoNRrUkK7Vm xz8JHHIfPkdSsw5QMwxPaolnnP3buCFHhfnUOmcBgGUluCleYIz3qGUZboTQoq41 9OGugPPnPj9e6yi4RtohhOIBl6tkGJdg4NBRzCaM7z8/P8kLwHF1g6etpa8G1BeK e+qwU89KPL15VjO9KS5c6yQntRzqcrd0QDYC8+FJFuKt1p+i//kDXW1q0c/6L/rm fAeXHsSONZllt5DidS+TfqcvjnFIAtxgYA0fd7Ida2CoY6Bz4E1y25iQUrwl7Txw JZqjYnB7S0Qkslf4g9VzkPA5fu64aRg1DlGHU7FgUx05jf06Xq44GRBJibLJPoc= =3LPa -----END PGP SIGNATURE----- --ghRv8H2Eo3xmaJKWcLIuCvUn5dVlOBMtc-- From nobody Thu Apr 21 04:29:40 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DC5A12DC9F for ; Thu, 21 Apr 2016 04:29:39 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4dQOiRDQBuq for ; Thu, 21 Apr 2016 04:29:36 -0700 (PDT) Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 922C012DA66 for ; Thu, 21 Apr 2016 04:29:36 -0700 (PDT) Received: from hebrews (unknown [104.129.196.109]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 1455C2C9FE; Thu, 21 Apr 2016 04:29:32 -0700 (PDT) From: "Jim Schaad" To: "'Dmitry Belyavsky'" , "'Alexey Melnikov'" References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> In-Reply-To: Date: Thu, 21 Apr 2016 06:29:27 -0500 Message-ID: <0d8101d19bc1$1443b4f0$3ccb1ed0$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0D82_01D19B97.2C7531E0" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQHocXuev3MaRrxok5SGYHEBakT4kwIyjepuAPDmETgBzf9rW58/EufA Content-Language: en-us Archived-At: Cc: spasm@ietf.org, 'Russ Housley' Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 11:29:39 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0D82_01D19B97.2C7531E0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Dmitry, =20 Why do you feel the need to have this as a subject rather than using an = empty subject and providing a SAN. This is considered to be the correct = way to do this as I remember how RFC 5280 is laid out. =20 Jim =20 =20 From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Dmitry = Belyavsky Sent: Wednesday, April 20, 2016 2:57 PM To: Alexey Melnikov Cc: spasm@ietf.org; Russ Housley Subject: Re: [Spasm] DRAFT charter text =20 Dear Alexey,=20 =20 On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melnikov = > wrote: Hi Dmitry, On 20 Apr 2016, at 20:28, Dmitry Belyavsky > wrote: Dear Russ, =20 On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley > wrote: This does not include the two things proposed by Eliot or Max earlier = today. Russ =3D =3D =3D =3D =3D =3D =3D The PKIX and S/MIME Working Groups have been closed for some time. Some updates are need to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group. The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the updates where there is a known constituency and there is a at least one known approach to the update. The current charter included updates to satisfy the following needs: 1. Specify the way to include an i18n email address as a subject alternative name and an issuer alternative name. =20 Is there a way to specify an i18n email address as a subject itself, not = as SAN? If not, it is useful to add it to the point 1. =20 Are there any situations where extensions to SAN/IAN would not be = sufficient. =20 I think yes. For example the situation when the address is IDN domain is = primary. =20 =20 The IDN domains are used widely enough in Russia so it's an actual = problem.=20 =20 Right, this item would deal with IDN domains in email addresses. =20 =20 If I understand correctly, there are different encodings for the left = part (before '@') and for the domain name (IDNA). =20 --=20 SY, Dmitry Belyavsky ------=_NextPart_000_0D82_01D19B97.2C7531E0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Dmitry,<= /o:p>

 

Why do you = feel the need to have this as a subject rather than using an empty = subject and providing a SAN.=C2=A0 This is considered to be the correct = way to do this as I remember how RFC 5280 is laid = out.

 

Jim

 

 

From:<= /b> = Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Dmitry = Belyavsky
Sent: Wednesday, April 20, 2016 2:57 = PM
To: Alexey Melnikov = <alexey.melnikov@isode.com>
Cc: spasm@ietf.org; Russ = Housley <housley@vigilsec.com>
Subject: Re: [Spasm] = DRAFT charter text

 

Dear = Alexey, 

 

On Wed, = Apr 20, 2016 at 10:57 PM, Alexey Melnikov <alexey.melnikov@isode.com> = wrote:

Hi Dmitry,


On 20 Apr 2016, at = 20:28, Dmitry Belyavsky <beldmit@gmail.com> = wrote:

Dear Russ,

 

On Wed, = Apr 20, 2016 at 8:51 PM, Russ Housley <housley@vigilsec.com> = wrote:

This does = not include the two things proposed by Eliot or Max earlier = today.

Russ

=3D =3D =3D =3D =3D =3D =3D

The PKIX = and S/MIME Working Groups have been closed for some time.  = Some
updates are need to the X.509 certificate documents produced by = the PKIX
Working Group and the electronic mail security documents = produced by the
S/MIME Working Group.

The Some PKIX and S/MIME = (SPASM) Working Group is chartered to make the
updates where there is = a known constituency and there is a at least one
known approach to = the update.  The current charter included updates to
satisfy the = following needs:

1. Specify the way to include an i18n email = address as a subject
   alternative name and an issuer = alternative name.

 

Is there a way to specify an i18n email address as a = subject itself, not as SAN?

If not, it is useful to add it to the point = 1.

 

Are = there any situations where extensions to SAN/IAN would not be = sufficient.

 

I = think yes. For example the situation when the address is IDN domain is = primary.

 

<= p class=3DMsoNormal> 

The IDN domains are used widely enough in Russia so = it's an actual = problem. 

<= div>

 

Right, this item would deal with IDN domains in email = addresses.

 

 

If I understand correctly, there are different = encodings for the left part (before '@') and for the domain name = (IDNA).


 

-- =

SY, Dmitry = Belyavsky

------=_NextPart_000_0D82_01D19B97.2C7531E0-- From nobody Thu Apr 21 04:53:49 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5825012D105 for ; Thu, 21 Apr 2016 04:53:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKAzEgG_IcIq for ; Thu, 21 Apr 2016 04:53:46 -0700 (PDT) Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3168F12D50B for ; Thu, 21 Apr 2016 04:53:46 -0700 (PDT) Received: by mail-lb0-x22b.google.com with SMTP id ys16so25616165lbb.3 for ; Thu, 21 Apr 2016 04:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=WcjQfGyj6hjp0X1eGQYEaZmJJbEUGOcIb9J9BFqhY4o=; b=W+EmRZ5egR8b2NEU8TfrFexRWXI5iQSzNbzg7vLVct8b6mp25/UFejdGITfKiwNCbt VB2ZCPf/ciZuAft1/uhbKAXhfgwaUe9ajeKmzVfo59jwdZ4xqdv64yWPRh+YiabMiYcv hRTGNimxT4/sNMgaBe1mfwDD7e+0N20CH7tPoD6b8ysxQOiNjZYYmn3py0yDtATcXaHO 0DtHjKqBKjO6T9AsrvdrzUuUbKO1jbb/mVqTiA1lqBU0pFCZDcjsAYsv/S4+aMeaFEEh ZIhTF29MKYCg6zxdpBytGz/t/RkgfHZORRndbUrHclg7t0jh/vtN/ZrFZ7HyOA0Feu/D C7dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=WcjQfGyj6hjp0X1eGQYEaZmJJbEUGOcIb9J9BFqhY4o=; b=AiTCN37V/vERvoYNufveqdIqQF171b1h0c9P7mSXs1+o30QL16fiZZtwF1K0BQkluz GfpJdlckHvkkdmMOf0YoOOHmqPqMYzSsICslBax+tbCcYKAfFyOMUoy4SQbDyRgSV/Qu NwxC5/w7PbYuXQqYF8PfwwDtvzS8wrxSzygTxeaXohqjRlfmVyUUFGnoecdo2y9opkpE OiBGh0xmPqtzaqkH61wQ6IszAMETpZy61JiSzfHCRxU0gudBxkboRiNitAhSBOhRkBAf hg70Dk/t43S8VZkR6ZGKYP0+IFvv3ukHQGULpzaGb1pBRc5PhYUic6l6zokFExidxYdl BpjA== X-Gm-Message-State: AOPr4FV7oepzq2OM6HSge8ZoQwJcGx34lNYDtb0FpVb4xevwcLRH1gsnSyiEJGyn2V6Tlr//Sz9vT5y0Ohn+hQ== MIME-Version: 1.0 X-Received: by 10.112.171.33 with SMTP id ar1mr6240633lbc.54.1461239624334; Thu, 21 Apr 2016 04:53:44 -0700 (PDT) Received: by 10.25.17.157 with HTTP; Thu, 21 Apr 2016 04:53:44 -0700 (PDT) In-Reply-To: <0d8101d19bc1$1443b4f0$3ccb1ed0$@augustcellars.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> <0d8101d19bc1$1443b4f0$3ccb1ed0$@augustcellars.com> Date: Thu, 21 Apr 2016 14:53:44 +0300 Message-ID: From: Dmitry Belyavsky To: Jim Schaad Content-Type: multipart/alternative; boundary=001a11c383ecbd83060530fd5c82 Archived-At: Cc: spasm@ietf.org, Alexey Melnikov , Russ Housley Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 11:53:48 -0000 --001a11c383ecbd83060530fd5c82 Content-Type: text/plain; charset=UTF-8 Dear Jim, It seems a bit counter-intuitive to me. But yes, it's a possible solution. On Thu, Apr 21, 2016 at 2:29 PM, Jim Schaad wrote: > Dmitry, > > > > Why do you feel the need to have this as a subject rather than using an > empty subject and providing a SAN. This is considered to be the correct > way to do this as I remember how RFC 5280 is laid out. > > > > Jim > > > > > > *From:* Spasm [mailto:spasm-bounces@ietf.org] *On Behalf Of *Dmitry > Belyavsky > *Sent:* Wednesday, April 20, 2016 2:57 PM > *To:* Alexey Melnikov > *Cc:* spasm@ietf.org; Russ Housley > *Subject:* Re: [Spasm] DRAFT charter text > > > > Dear Alexey, > > > > On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melnikov < > alexey.melnikov@isode.com> wrote: > > Hi Dmitry, > > > On 20 Apr 2016, at 20:28, Dmitry Belyavsky wrote: > > Dear Russ, > > > > On Wed, Apr 20, 2016 at 8:51 PM, Russ Housley > wrote: > > This does not include the two things proposed by Eliot or Max earlier > today. > > Russ > > = = = = = = = > > The PKIX and S/MIME Working Groups have been closed for some time. Some > updates are need to the X.509 certificate documents produced by the PKIX > Working Group and the electronic mail security documents produced by the > S/MIME Working Group. > > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the > updates where there is a known constituency and there is a at least one > known approach to the update. The current charter included updates to > satisfy the following needs: > > 1. Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. > > > > Is there a way to specify an i18n email address as a subject itself, not > as SAN? > > If not, it is useful to add it to the point 1. > > > > Are there any situations where extensions to SAN/IAN would not be > sufficient. > > > > I think yes. For example the situation when the address is IDN domain is > primary. > > > > > > The IDN domains are used widely enough in Russia so it's an actual > problem. > > > > Right, this item would deal with IDN domains in email addresses. > > > > > > If I understand correctly, there are different encodings for the left part > (before '@') and for the domain name (IDNA). > > > > > -- > > SY, Dmitry Belyavsky > -- SY, Dmitry Belyavsky --001a11c383ecbd83060530fd5c82 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Dear Jim,

It seems a bit counter-intuitive t= o me. But yes, it's a possible solution.

On Thu, Apr 21, 2016 at 2:29 PM, Jim Schaa= d <ietf@augustcellars.com> wrote:

Dmitry,

<= span style=3D"font-size:11.0pt;font-family:"Calibri",sans-serif">= =C2=A0

Why do you feel the = need to have this as a subject rather than using an empty subject and provi= ding a SAN.=C2=A0 This is considered to be the correct way to do this as I = remember how RFC 5280 is laid out.

=C2=A0

Jim=

=C2=A0

=C2=A0

<= p class=3D"MsoNormal">From: Spasm [mailto:spasm-bounces@ietf.org] O= n Behalf Of Dmitry Belyavsky
Sent: Wednesday, April 20, 2016 = 2:57 PM
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: spasm@ietf.org; = Russ Housley <= housley@vigilsec.com>
Subject: Re: [Spasm] DRAFT charter t= ext

=C2=A0

Dear Alexey,= =C2=A0

=C2=A0

On Wed, Apr 20, 2016 at 10:57 PM, Alexey Melni= kov <alex= ey.melnikov@isode.com> wrote:

Hi Dmitry,<= u>


On 20 Apr 2016, at 20:28, Dmitry Belyavsky <beldmit@gmail.com> wrote:

Dear Russ,

=C2=A0

On Wed= , Apr 20, 2016 at 8:51 PM, Russ Housley <housley@vigilsec.com> wrote:

This does not include the two things proposed by Eliot or Max earlier = today.

Russ

=3D =3D =3D =3D =3D =3D =3D

The PKIX and S= /MIME Working Groups have been closed for some time.=C2=A0 Some
updates = are need to the X.509 certificate documents produced by the PKIX
Working= Group and the electronic mail security documents produced by the
S/MIME= Working Group.

The Some PKIX and S/MIME (SPASM) Working Group is ch= artered to make the
updates where there is a known constituency and ther= e is a at least one
known approach to the update.=C2=A0 The current char= ter included updates to
satisfy the following needs:

1. Specify t= he way to include an i18n email address as a subject
=C2=A0 =C2=A0altern= ative name and an issuer alternative name.

=C2=A0

Is there a way to specify an i18n email address as a subject itsel= f, not as SAN?

If not, i= t is useful to add it to the point 1.

=C2=A0

=

Are there any situations where extensions to S= AN/IAN would not be sufficient.

=C2=A0

I think yes. For example the situation when the address is IDN domain i= s primary.

=C2=A0=

<= blockquote style=3D"margin-top:5.0pt;margin-bottom:5.0pt">

=C2=A0

The IDN domains are used widely enough in Russia so it's= an actual problem.=C2=A0

=C2=A0

Right, this item would deal with IDN domains in email addr= esses.

=C2=A0

=C2=A0<= /p>

If I understand correctly, there are = different encodings for the left part (before '@') and for the doma= in name (IDNA).


=C2=A0

--

SY, Dmitry Belyavsky




= --
SY, Dmitry Belyavsky
--001a11c383ecbd83060530fd5c82-- From nobody Thu Apr 21 06:48:07 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7833512DE89 for ; Thu, 21 Apr 2016 06:48:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id houWWAliBNU6 for ; Thu, 21 Apr 2016 06:48:05 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 99FD712DA2D for ; Thu, 21 Apr 2016 06:48:04 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id C85C6F2401F; Thu, 21 Apr 2016 09:48:03 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id qyWY17Oc1vkP; Thu, 21 Apr 2016 09:32:33 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 5EEBEF24013; Thu, 21 Apr 2016 09:48:03 -0400 (EDT) Content-Type: multipart/signed; boundary="Apple-Mail=_99FC7D52-EBA2-4544-B843-5E5733096556"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: <571820B4.7000806@cs.tcd.ie> Date: Thu, 21 Apr 2016 09:48:02 -0400 Message-Id: <63244E4D-09AA-4F79-B5BA-CAD6B584154F@vigilsec.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <5717D3AE.5060809@cisco.com> <5717D6A6.7070406@cs.tcd.ie> <5717E5DA.2070300@cisco.com> <571820B4.7000806@cs.tcd.ie> To: Eliot Lear X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 13:48:06 -0000 --Apple-Mail=_99FC7D52-EBA2-4544-B843-5E5733096556 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 > But if you are going to go with your approach, I suggest you start = with > candidates of all, and then pair down rather than choosing = arbitrarily. In Buenos Aires, Stephen asked that a draft charter be created from the = items that had already been compiled on the S/MIME and PKIX mail lists. = Those lists are here: = https://mailarchive.ietf.org/arch/msg/smime/Y2WcugFfqDR8q7fgkGquX-PcdpQ = https://mailarchive.ietf.org/arch/msg/pkix/r46hvskDvSUM5Dg-jvJ85ZdXJls In addition, Stephen said that the CURDLE WG will handle any documents = related to the CFRG algorithms, so no algorithm documents are included = in the draft charter. Now, we are discussing the draft charter=85. Russ --Apple-Mail=_99FC7D52-EBA2-4544-B843-5E5733096556 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ9zCCBK8w ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW 51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7 BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK 2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7 mzCCBUAwggQooAMCAQICEQCzIsUuKpsHVq2Oiy2wXwvCMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRow GAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50 IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTYwMzMxMDAwMDAwWhcNMTcw MzMxMjM1OTU5WjAlMSMwIQYJKoZIhvcNAQkBFhRob3VzbGV5QHZpZ2lsc2VjLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQwBbNVXhmLbyClWrRBX0GdNQFhVHEpbzM4tr5pdd0q rPp8i+6qqNa4dAbJT6kodJ/LgsBi5EN3li4MJOIlf3rCsK1/VXepRwqUoc1cZfLRGdEj/4zgwrNZ ULvOFiDIvYkAYDWRlYnEXulWr3KriOApHpfzbQvHStU1YsV762AIHVbZUW5tlTC9LfI8r+PIBFzv Y5ujoUnSAgKgeE8gDK9yAxemrQ6wzDpwaf5PxEVnw0gOC2jtDojdzhoQfz57MFrL9pA1QyMbnItV zCYfc5J7EfeCGupcFqwXytbJHSYPfLfM1/3omGgCGD/DZk4z4SUVC19k02iGxAIVDsWJ5oMCAwEA AaOCAfIwggHuMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTrsV85 Y7qY6oVPF5xRd+wqIu3VJTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BT MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNs aWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGA MFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRB dXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5jb21vZG9jYS5jb20wHwYDVR0RBBgwFoEUaG91c2xleUB2aWdpbHNlYy5jb20wDQYJKoZIhvcN AQELBQADggEBACgHw+/VeC7LgLJs19KZ6Ds2cW+jLSPjA3AIqSxiQ+uyDFwe6FujBUqRCXfla0qg MzbhJ+1uSxcaktsS5idpB5Dfp8SVEGLcjtSJwWVlEofjaRrx6pi2mzazQwfKklY/epvsgnCoY8KW FeSGkpbQXu5WrIL18EFqMCHqDiu5/P49PcZnJRv2xHTi5CkIsI7XgOw4FazS3xuJMVQ5TVtIUeMW OqRlNJaeTiBsOVauS3FE/zRejsAYhHp3EV1PZFhV6hdcK/8qKrqRBtZtsEIm2FNWNsk8p/3RmUQl 4n4qN/NvapmXyYqfHZiuxf2g8H/WHF8IlVDzljLy90Uy0X7Qp0gxggPGMIIDwgIBATCBsTCBmzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENs aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAsyLFLiqbB1atjostsF8L wjAJBgUrDgMCGgUAoIIB6TAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjA0MjExMzQ4MDJaMCMGCSqGSIb3DQEJBDEWBBRG8VFdswlUSrNngHReiwUsJKSMUzCBwgYJ KwYBBAGCNxAEMYG0MIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwg Q0ECEQCzIsUuKpsHVq2Oiy2wXwvCMIHEBgsqhkiG9w0BCRACCzGBtKCBsTCBmzELMAkGA1UEBhMC R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAsyLFLiqbB1atjostsF8LwjANBgkqhkiG 9w0BAQEFAASCAQDLajxzq0wmaNlmIHTZNkHRuAQmZGhpKHgJ593/XGngyCIHl2sZ8vmmCgZ58ZvB ZObG6zDLDLg4WwzQAkk2CKsVNcWF7U+DAsLgcIVJ8TbhACxb4c0bEbrNNL3l/3WrOhwcQZcMjSR8 tjKeSjN+CGUGLkDfTLZ0QLhsXm6b/wo+ebM5pOZiSxAN78z/pEz16JSmyb5YlBwLdKw32d424c1N puTAGrXleVBH20HaKjmicAVwTcH4Xn+LryW9+GMDjPrF6MqPfxDIULcHfhFV5dkDSehNi4r5Ojer bZCThscFbVSA6DWzrUWl21QpMJutSpV9IRIZHgJ9L391Xiu6vIVCAAAAAAAA --Apple-Mail=_99FC7D52-EBA2-4544-B843-5E5733096556-- From nobody Thu Apr 21 07:12:57 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99DB12D9FC for ; Thu, 21 Apr 2016 07:12:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0HmnC8fZeUS for ; Thu, 21 Apr 2016 07:12:53 -0700 (PDT) Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51CBC12D18E for ; Thu, 21 Apr 2016 07:12:52 -0700 (PDT) Received: (qmail 80780 invoked from network); 21 Apr 2016 14:12:51 -0000 Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 21 Apr 2016 14:12:51 -0000 Date: 21 Apr 2016 14:12:29 -0000 Message-ID: <20160421141229.21655.qmail@ary.lan> From: "John Levine" To: spasm@ietf.org In-Reply-To: <63244E4D-09AA-4F79-B5BA-CAD6B584154F@vigilsec.com> Organization: X-Headerized: yes Mime-Version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit Archived-At: Cc: housley@vigilsec.com Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 14:12:54 -0000 >Now, we are discussing the draft charter If there's room, I'd like to work on S/MIME and PGP key distribution as in draft-bhjl-x509-srv-00. I realize the desire to keep the list of drafts short, but this one is pretty simple, little more than a profile of RFC 4387. R's, John From nobody Thu Apr 21 07:26:17 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2E312EB36 for ; Thu, 21 Apr 2016 07:26:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pid4pacXMv5F for ; Thu, 21 Apr 2016 07:26:15 -0700 (PDT) Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85BEA12EB33 for ; Thu, 21 Apr 2016 07:26:15 -0700 (PDT) Received: by mail-qg0-x230.google.com with SMTP id c6so47171975qga.1 for ; Thu, 21 Apr 2016 07:26:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=JF6/T8urafq/U1qKC6VY5OsgVNSYfFRuMj+EXu6LOy8=; b=Qkq0KkB2i5xhXb339fZREN9esXGMyVnR8VxFe6HNt7EiH97xwBEK2XFTFiVMiJQqAB xNTd+kENUz/QiqUplSt/uDvPsIv85NEwaq+AKP04ac5oqjzUdU+j1whutIIVFpP9b4FM yBoyLy3mb7ZJpTVI03hy1qyuB4IPIkhdL7cbk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=JF6/T8urafq/U1qKC6VY5OsgVNSYfFRuMj+EXu6LOy8=; b=GeGj4TlTepjGeJettJgJOLBbVnD4uzB3ft4j/4QGJ/1uLPOmc5DO68+5hTq6m62dh7 a9ZvjikAtZk2VjBhs/1lpFq4zl+IcVfvra7OHPk8miuwYl+KcKIEcB2eYLoO7hKuDUgK jVJLprHP7oJIYR8l7nCJwRDcYynKTraEobIPHzoqCCCd0v9rLKqcI8M9HvRVJ8RD7420 t2BvSN1hHinN/LJXGilXNQ60JbFgP0KCPXApq3/m5aXyi/nAhuuJGLFdSba0VZMDKIFe v9lWxJKBdVuoyn3h3xRM+yCWxKPDnsSXWT5lVUo2dhJfNzdRkLy3PfbLE3sXbfB6D8dH dJbA== X-Gm-Message-State: AOPr4FVdvwufL1lPXh98Qy7cr9cMooZChdOEszXnm1/0beYlXeewhlAsTkRcMvODl9z1CQ== X-Received: by 10.140.251.195 with SMTP id w186mr18185437qhc.32.1461248774652; Thu, 21 Apr 2016 07:26:14 -0700 (PDT) Received: from [5.5.33.69] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id c129sm511240qha.38.2016.04.21.07.26.13 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 21 Apr 2016 07:26:14 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Sean Turner In-Reply-To: <20160421141229.21655.qmail@ary.lan> Date: Thu, 21 Apr 2016 10:26:07 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20160421141229.21655.qmail@ary.lan> To: spasm@ietf.org X-Mailer: Apple Mail (2.3124) Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 14:26:16 -0000 I understand and support #1 and #3, but what=E2=80=99s #2 about again? spt= From nobody Thu Apr 21 07:43:53 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 085C112E0FD for ; Thu, 21 Apr 2016 07:43:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sxve92TcKr8X for ; Thu, 21 Apr 2016 07:43:50 -0700 (PDT) Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C575112DA5B for ; Thu, 21 Apr 2016 07:43:50 -0700 (PDT) Received: by mail-qk0-x235.google.com with SMTP id q76so15709621qke.2 for ; Thu, 21 Apr 2016 07:43:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=Mgxad21++HkkJnICP61kb8bg3t7RQk330GU/i2IHdQ0=; b=FBk2j3KK1FGgnaOK1eSb6+AdHjK+8Q+ruGRt6B5g3Ku/64ZBM+Jb9gMISrVzUrG9Rh AUntX5RXIgFDxwc8CUvrsWo5TbyEU5PdxCpWpVeZmVrkRcoRrvMYFXBrM/fIUcJAGwTx 4TiF9oeiSE7NFwlxZ6/joAuke5sHQUwbRZ7oM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=Mgxad21++HkkJnICP61kb8bg3t7RQk330GU/i2IHdQ0=; b=XcUjOTyZ85PUDVE0dLdAcTLKDAxrcyLTv6SjIrCGfmy/SeCIdbUw1FbVRUPDLRmCmr ez7Z6MMmsne88HgXbmJC7FQhosuH8f8cz5lDm7svWNkZaYNYTXjTljDCEuCzoLVHkbZ7 X2a6n/I7Bl0F9QFJ+41McXTV5vFXHw0aIexcXJbYBust/YR/FmORNY4gn57MCaJL+3KD 3FzKEyveZJfnP5Wz8W24CNo24vrTLZDXu9Qi01pphSVy9uL1BvzM4B/NcgVHXInTUVDo N1tVyk/q0GaarAhX9BHM4dWgLRfL7T0EvMxa9/6J4noyg9Zb8nKN757opaMM3BmTvcz1 Sa8w== X-Gm-Message-State: AOPr4FXT2hH/LC88Xd75XjTYVZNFp4hugB0nEHJl+iKwZJhKE5s0EQ9eo0kltyislRpGQg== X-Received: by 10.55.33.167 with SMTP id f39mr267681qki.132.1461249829931; Thu, 21 Apr 2016 07:43:49 -0700 (PDT) Received: from [5.5.33.69] (vpn.snozzages.com. [204.42.252.17]) by smtp.gmail.com with ESMTPSA id g184sm410577qkb.7.2016.04.21.07.43.49 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 21 Apr 2016 07:43:49 -0700 (PDT) From: Sean Turner Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: Date: Thu, 21 Apr 2016 10:43:43 -0400 To: spasm@ietf.org Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) Archived-At: Subject: [Spasm] OCSP over DNS X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 14:43:52 -0000 Max, I assume: https://datatracker.ietf.org/doc/draft-pala-odin/ is somewhat related to: https://www.ietf.org/archive/id/draft-pala-rea-ocsp-over-dns-00.txt spt From nobody Thu Apr 21 07:51:16 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A67B512E952 for ; Thu, 21 Apr 2016 07:51:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8OqbRHoOCDJ for ; Thu, 21 Apr 2016 07:51:01 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 9B79512E972 for ; Thu, 21 Apr 2016 07:50:55 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id C6907F2401F; Thu, 21 Apr 2016 10:50:54 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id dM1RwOjBIM2Q; Thu, 21 Apr 2016 10:35:23 -0400 (EDT) Received: from [192.168.2.100] (pool-108-51-128-219.washdc.fios.verizon.net [108.51.128.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id 649BDF24013; Thu, 21 Apr 2016 10:50:54 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: Date: Thu, 21 Apr 2016 10:50:51 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <178461A7-36C1-4105-BD00-542BBA70F77A@vigilsec.com> References: <20160421141229.21655.qmail@ary.lan> To: Sean Turner X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 14:51:13 -0000 > I understand and support #1 and #3, but what=92s #2 about again? Please see the thread that begins here: = http://mailarchive.ietf.org/arch/msg/pkix/MHwcSWuuzezj4qHuzSmbYeGUbdI Russ From nobody Sat Apr 23 03:24:11 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79DD712E4A9 for ; Sat, 23 Apr 2016 03:24:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.997 X-Spam-Level: X-Spam-Status: No, score=-2.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I5X0gITOGPMq for ; Sat, 23 Apr 2016 03:24:07 -0700 (PDT) Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 13E3A12E49E for ; Sat, 23 Apr 2016 03:24:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1461407046; d=isode.com; s=selector; i=@isode.com; bh=8gQx4vFitfuxVdEOIDMpGs89LWgVcl/fhXzh6ZAThkQ=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=HsV2gYjQhtfu6zXm/eviiLpp+4KOHrzqV284FpAUuUYe3E2hLQ773alAwBCr5PuRqEB6my uy3W3pq/e4OE6tT3RFg5o9pH8KRqUrY6FPR4RJVHelYcX/u0UDNMLdUttBOU5M+AMNs5jF 7HOquMpxbPCilZ3cqGA0dLIcQZ8BCj4=; Received: from [192.168.0.2] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Sat, 23 Apr 2016 11:24:05 +0100 To: Russ Housley , spasm@ietf.org References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> From: Alexey Melnikov Message-ID: <571B4D44.5010209@isode.com> Date: Sat, 23 Apr 2016 11:24:04 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 In-Reply-To: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Apr 2016 10:24:09 -0000 On 20/04/2016 18:51, Russ Housley wrote: > This does not include the two things proposed by Eliot or Max earlier today. > > Russ > > = = = = = = = > > The PKIX and S/MIME Working Groups have been closed for some time. Some > updates are need to the X.509 certificate documents produced by the PKIX > Working Group and the electronic mail security documents produced by the > S/MIME Working Group. > > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the > updates where there is a known constituency and there is a at least one > known approach to the update. The current charter included updates to > satisfy the following needs: > > 1. Specify the way to include an i18n email address as a subject > alternative name and an issuer alternative name. > > 2. Specify the processing for the Extended Key Usage certificate > extension when it appears in the certificate of an intermediate > certification authority. > > 3. Specify the way to use authenticated encryption in S/MIME. > > In addition, the SPASM Working Group may investigate other updates to > the documents produced by the PKIX and S/MIME Working Groups, but the > SPASM Working Group shall not adopt any of these potential work items > without rechartering. I think this is a reasonable charter to start PKIX/S/MIME work. From nobody Tue Apr 26 11:29:47 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B6F612B05C for ; Tue, 26 Apr 2016 11:29:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YS-btXPV2dPe for ; Tue, 26 Apr 2016 11:29:44 -0700 (PDT) Received: from smtp.outgoing.loopia.se (smtp.outgoing.loopia.se [194.9.95.112]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2C0212B033 for ; Tue, 26 Apr 2016 11:29:43 -0700 (PDT) Received: from s554.loopia.se (localhost [127.0.0.1]) by s554.loopia.se (Postfix) with ESMTP id 77E09B720BC for ; Tue, 26 Apr 2016 20:29:41 +0200 (CEST) X-Loopia-Auth: user X-Loopia-Originating-IP: 90.229.17.25 X-Loopia-User: stefan@fiddler.nu Received: from s500.loopia.se (unknown [172.21.200.98]) by s554.loopia.se (Postfix) with ESMTP id 59F8A990F19 for ; Tue, 26 Apr 2016 20:29:41 +0200 (CEST) Received: from s405.loopia.se (unknown [172.21.200.105]) by s500.loopia.se (Postfix) with ESMTP id 57B65A9A48E for ; Tue, 26 Apr 2016 20:29:41 +0200 (CEST) X-Virus-Scanned: amavisd-new at amavis.loopia.se Received: from s500.loopia.se ([172.21.200.105]) by s405.loopia.se (s405.loopia.se [172.21.200.135]) (amavisd-new, port 10024) with LMTP id bYZkP_MVZNMo for ; Tue, 26 Apr 2016 20:29:41 +0200 (CEST) Received: from [10.0.1.51] (unknown [90.229.17.25]) (Authenticated sender: stefan@fiddler.nu) by s500.loopia.se (Postfix) with ESMTPSA id 077BFA9A45C for ; Tue, 26 Apr 2016 20:29:41 +0200 (CEST) User-Agent: Microsoft-MacOutlook/0.0.0.160212 Date: Tue, 26 Apr 2016 20:29:40 +0200 From: Stefan Santesson To: Message-Id: <420D3CCB-A80B-43F8-9600-A2C86AE40A31@aaa-sec.com> Thread-Topic: No need for work item related to EU needs to extend OCSP Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="B_3544547381_51555300" Archived-At: Subject: [Spasm] No need for work item related to EU needs to extend OCSP X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 18:29:46 -0000 > This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --B_3544547381_51555300 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Hi, Yes, this is just a redraw notice for the work item I have discussed with some people, Stephen included. The background is that the EU regulation requires issuers of Qualified Certificates to provide revocation status also for expired certificates, and OCSP is a vital protocol mandated in many of the EU specifications and standards. After closer analysis, I have concluded that the Archive Cutoff extension is sufficient to meet the needs of the EU regulation. So I will not submit any new draft on this matter and will not request that it be added to the charter. /Stefan --B_3544547381_51555300 Content-type: text/html; charset="UTF-8" Content-transfer-encoding: quoted-printable
Hi,

= Yes, this is just a redraw notice for the work item I have discussed with so= me people, Stephen included.

The background is that= the EU regulation requires issuers of Qualified Certificates to provide rev= ocation status also for expired certificates, and OCSP is a vital protocol m= andated in many of the EU specifications and standards.

=
After closer analysis, I have concluded that the Archive Cutoff extensi= on is sufficient to meet the needs of the EU regulation.
So I will= not submit any new draft on this matter and will not request that it be add= ed to the charter.

/Stefan

--B_3544547381_51555300-- From nobody Tue Apr 26 12:33:45 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CB0612B00F for ; Tue, 26 Apr 2016 12:33:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.297 X-Spam-Level: X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBxDtMCUf6Ix for ; Tue, 26 Apr 2016 12:33:41 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB53F12B02F for ; Tue, 26 Apr 2016 12:33:40 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 604C1BE32; Tue, 26 Apr 2016 20:33:39 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-dMnjy6vI5w; Tue, 26 Apr 2016 20:33:38 +0100 (IST) Received: from [10.87.49.100] (unknown [86.46.24.231]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 71AC2BE5B; Tue, 26 Apr 2016 20:33:37 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461699218; bh=rOOXQRfy1CIk4CcA5wtD+1krv18wwMSzWVT2/pUCttg=; h=Subject:To:References:From:Date:In-Reply-To:From; b=g9W00KOEPCr5WbLOzx8d0XuV7ikj7dw2ESvW8Kf7+ZOCX6gYQduVG917pYNfAp5hr uxBwdyOTOgidTGEwFLFalzkpwy5v1qmLyX1CQHD6oZl+1Xxoe9Otvhuk+0pyUL6V58 x7aoYIkcrNkLZVDRkHL0ILbZbiBtcsQFjdQRX+kA= To: Stefan Santesson , spasm@ietf.org References: <420D3CCB-A80B-43F8-9600-A2C86AE40A31@aaa-sec.com> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: <571FC291.7090701@cs.tcd.ie> Date: Tue, 26 Apr 2016 20:33:37 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <420D3CCB-A80B-43F8-9600-A2C86AE40A31@aaa-sec.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms050002070909060800080409" Archived-At: Subject: Re: [Spasm] No need for work item related to EU needs to extend OCSP X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 19:33:44 -0000 This is a cryptographically signed message in MIME format. --------------ms050002070909060800080409 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Thanks! It's always good when someone simplifies. S. On 26/04/16 19:29, Stefan Santesson wrote: > Hi, >=20 > Yes, this is just a redraw notice for the work item I have discussed > with some people, Stephen included. >=20 > The background is that the EU regulation requires issuers of > Qualified Certificates to provide revocation status also for expired > certificates, and OCSP is a vital protocol mandated in many of the EU > specifications and standards. >=20 > After closer analysis, I have concluded that the Archive Cutoff > extension is sufficient to meet the needs of the EU regulation. So I > will not submit any new draft on this matter and will not request > that it be added to the charter. >=20 > /Stefan >=20 >=20 >=20 >=20 >=20 > _______________________________________________ Spasm mailing list=20 > Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm >=20 --------------ms050002070909060800080409 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CvIwggUIMIID8KADAgECAhBPzaE7pzYviUJyhmHTFBdnMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwMjA5MDkyODE1WhcNMTcwMjA5MDkyODE1WjBOMSIwIAYDVQQDDBlzdGVw aGVuLmZhcnJlbGxAY3MudGNkLmllMSgwJgYJKoZIhvcNAQkBFhlzdGVwaGVuLmZhcnJlbGxA Y3MudGNkLmllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuC0rYze/2JinSra C9F2RjGdQZjNALLcW9C3WKTwYII3wBslobmHuPEYE5JaGItmzuKnAW619R1rD/kfoNWC19N3 rBZ6UX9Cmb9D9exCwYIwVuSwjrCQWGxgCtNQTrwKzCCpI790GRiMTvxvO7UmzmBrCaBLiZW5 R0fBjK5Yn6hUhAzGBkNbkIEL28cLJqH0yVz7Kl92OlzrQqTPEts5m6cDnNdY/ADfeAX18c1r dxZqcAxhLotrCqgsVA4ilbQDMMXGTLlB5TP35HeWZuGBU7xu003rLcFLdOkD8xvpJoYZy9Kt 3oABXPS5yqtMK+XCNdqmMn+4mOtLwQSMmPCSiQIDAQABo4IBuTCCAbUwCwYDVR0PBAQDAgSw MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQJ QhvwQ5Fl372Z6xqo6fdn8XejTTAfBgNVHSMEGDAWgBQkgWw5Yb5JD4+3G0YrySi1J0htaDBv BggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5 BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLmNsaWVudDEu Y3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1jbGll bnQxLmNybDAkBgNVHREEHTAbgRlzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllMCMGA1UdEgQc MBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBGBgNVHSAEPzA9MDsGCysGAQQBgbU3AQIE MCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTANBgkqhkiG 9w0BAQsFAAOCAQEArzrSv2C8PlBBmGuiGrzm2Wma46/KHtXmZYS0bsd43pM66Pc/MsqPE0HD C1GzMFfwB6BfkJn8ijNSIhlgj898WzjvnpM/SO8KStjlB8719ig/xKISrOl5mX55XbFlQtX9 U6MrqRgbDIATxhD9IDr+ryvovDzChqgQj7mt2jYr4mdlRjsjod3H1VY6XglRmaaNGZfsCARM aE/TU5SXIiqauwt5KxNGYAY67QkOBs7O1FkSXpTk7+1MmzJMF4nP8QQ5n8vhVNseF+/Wm7ai 9mtnrkLbaznMsy/ULo/C2yuLUWTbZZbf4EKNmVdme6tUDgYkFjAFOblfA7W1fSPiQGagYzCC BeIwggPKoAMCAQICEGunin0K14jWUQr5WeTntOEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g QXV0aG9yaXR5MB4XDTE1MTIxNjAxMDAwNVoXDTMwMTIxNjAxMDAwNVowdTELMAkGA1UEBhMC SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL192vfDon2D9luC/dtbX64eG3XAtRmv mCSsu1d52DXsCR58zJQbCtB2/A5uFqNxWacpXGGtTCRk9dEDBlmixEd8QiLkUfvHpJX/xKnm VkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+Cevdfa89VLnUztRr2cgmCfyO9Otrh7LJDPG+4 D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PI dopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4DIM8UlVS8pkIsoGGJtMuWjLL4tq2hYQuu N0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFgMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzAp MCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwZgYIKwYBBQUHAQEE WjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wMAYIKwYBBQUHMAKG JGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAdBgNVHQ4EFgQUJIFsOWG+ SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwPwYDVR0g BDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv bGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wBi4StDwECW5zhIycjBL008HACblIf26HY 0JdOruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspBOB/y5uzSns1lZwh7sG96bYBZpcGzGxpF NjDmQbcM3yl3WFIRS4WhNrsOY14V7y2IrUGsvetsD+bjyOngCIVeC/GmsmtbuLOzJ606tEc9 uRbhjTu/b0x2Fo+/e7UkQvKzNeo7OMhijixaULyINBfCBJb+e29bLafgu6JqjOUJ9eXXj20p 6q/CW+uVrZiSW57+q5an2P2i7hP85jQJcy5j4HzA0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOv Z3UDsTDTagXpRDIKQLZo02wrlxY6iMFqvlzsemVf1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOu mZhLP+SWJQnjpLpSlUOj95uf1zo9oz9e0NgIJoz/tdfrBzez76xtDsK0KfUDHt1/q59BvDI7 RX6gVr0fQoCyMczNzCTcRXYHY0tq2J0oT+bsb6sH2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO /ZskmSY8wtAk24orAc0vwXgYanqNsBX5Yv4sN4Z9VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsN JQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1UeGp/2deoprGevfnxWB+vHNQiu85o6MxggPM MIIDyAIBATCBiTB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcG A1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0 Q29tIENsYXNzIDEgQ2xpZW50IENBAhBPzaE7pzYviUJyhmHTFBdnMA0GCWCGSAFlAwQCAQUA oIICEzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MjYx OTMzMzdaMC8GCSqGSIb3DQEJBDEiBCA2MNZMsNO4OGKJIq/ozSoMCkvPng7NVOJ8odrdQ55y zTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIGaBgkrBgEEAYI3EAQxgYwwgYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMw IQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzCB nAYLKoZIhvcNAQkQAgsxgYyggYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYD VQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzANBgkq hkiG9w0BAQEFAASCAQAG3L41QywD7iP3ws0jQfkQbmjuP6ZWsDIIMbx5VYrqSkOINs7Sji5g vRkVRtyvR+ki3BhJC622eTTykOwOpa/EqJ4XlGaRdJjYhmpFb2lYnBL9WXpk4XWFWaN3Sdyd kGfICUNuQrPK031iLex4e31KcSieEQ7F4m4q+brfjrbFw2Il8oblmBgfwjfoEG4oiR9VU/Ak zYdthYPjGlp4DbE5Ue65M5S9M2EUs4tP3s84nr6QYw5ad/QeX915oFbn62Jl2Rk1ZLkhvGN5 Mtpb0sRQQt4wW09+QsHbGB8ERrL1f+7SkOHHO53aA/G09Ah3YyjimY4xOugzNP0oCa7xf9/S AAAAAAAA --------------ms050002070909060800080409-- From nobody Tue Apr 26 13:37:18 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6B0012D58A for ; Tue, 26 Apr 2016 13:37:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.899 X-Spam-Level: X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wTxhzy3wbPG1 for ; Tue, 26 Apr 2016 13:37:14 -0700 (PDT) Received: from odin.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 9AFA212B04B for ; Tue, 26 Apr 2016 13:37:14 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by odin.smetech.net (Postfix) with ESMTP id 81524F2401F; Tue, 26 Apr 2016 16:37:14 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from odin.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id XE4+TTiqkPy2; Tue, 26 Apr 2016 16:21:23 -0400 (EDT) Received: from [172.20.1.174] (c-73-99-75-174.hsd1.va.comcast.net [73.99.75.174]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by odin.smetech.net (Postfix) with ESMTP id DA46FF24013; Tue, 26 Apr 2016 16:37:13 -0400 (EDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_4E09820C-62F4-4CC3-8A3E-07E9B09FAA20" Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: <420D3CCB-A80B-43F8-9600-A2C86AE40A31@aaa-sec.com> Date: Tue, 26 Apr 2016 16:37:05 -0400 Message-Id: References: <420D3CCB-A80B-43F8-9600-A2C86AE40A31@aaa-sec.com> To: Stefan Santesson X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] No need for work item related to EU needs to extend OCSP X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 20:37:16 -0000 --Apple-Mail=_4E09820C-62F4-4CC3-8A3E-07E9B09FAA20 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Thanks for letting us know. Russ On Apr 26, 2016, at 2:29 PM, Stefan Santesson = wrote: > Hi, >=20 > Yes, this is just a redraw notice for the work item I have discussed = with some people, Stephen included. >=20 > The background is that the EU regulation requires issuers of Qualified = Certificates to provide revocation status also for expired certificates, = and OCSP is a vital protocol mandated in many of the EU specifications = and standards. >=20 > After closer analysis, I have concluded that the Archive Cutoff = extension is sufficient to meet the needs of the EU regulation. > So I will not submit any new draft on this matter and will not request = that it be added to the charter. >=20 > /Stefan >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --Apple-Mail=_4E09820C-62F4-4CC3-8A3E-07E9B09FAA20 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Thanks = for letting us = know.

Russ


On Apr 26, 2016, at 2:29 PM, Stefan Santesson <stefan@aaa-sec.com> = wrote:

Hi,

Yes, this is just a = redraw notice for the work item I have discussed with some people, = Stephen included.

The background is that the EU = regulation requires issuers of Qualified Certificates to provide = revocation status also for expired certificates, and OCSP is a vital = protocol mandated in many of the EU specifications and = standards.

After closer analysis, I have = concluded that the Archive Cutoff extension is sufficient to meet the = needs of the EU regulation.
So I will not submit any new draft = on this matter and will not request that it be added to the = charter.

/Stefan

_______________________________________________
Spasm mailing = list
Spasm@ietf.org
https://www.ietf.org/= mailman/listinfo/spasm

= --Apple-Mail=_4E09820C-62F4-4CC3-8A3E-07E9B09FAA20-- From nobody Wed Apr 27 13:28:25 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96F4912D1C8 for ; Wed, 27 Apr 2016 13:28:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.696 X-Spam-Level: X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDP683Z8TBLc for ; Wed, 27 Apr 2016 13:28:22 -0700 (PDT) Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C4ED112B045 for ; Wed, 27 Apr 2016 13:28:22 -0700 (PDT) Received: by mail-oi0-x22a.google.com with SMTP id v145so28868393oie.0 for ; Wed, 27 Apr 2016 13:28:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=O1U83pF9uri7ke5ljUX5ziaE2ZohulM+Cr/YXECrWcc=; b=CYD5aaUFFIfz9/3JI+Rly+4CaX1WAfxVvz6Hk3XrWeEzPxZL+FEYJeiUfBotIvdQ9/ xZLCeew3+voc969EBtPwCdx86bLulU73LGxWLdywiLhWSDunrmv1qc3oeOIqkLg9/ZRN hfSWYVwLqLN2gW9P/hAo+KPmGnS2ISdT+ciUEZVemNumvjcFYbSlhwjQjngebnP1NgMx /sxAIjgdB1P5Nil7ZbBtTD5PEzfKLkb/0fAHvmkOFd9+bejhyFJbo0BpNMdheliyYUmH QxaDadqln+LWh1G39/fzpvIwU9TgNS9W0A0VNIX2xPyYXHuDFQAQBD5MGS06e7P3Xn70 pJeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=O1U83pF9uri7ke5ljUX5ziaE2ZohulM+Cr/YXECrWcc=; b=SLmcMv1tHM7TnFzza4DOp0QmZ6gSWHzza2SToWsOTIaOowF7KGW/y3jhWjMSHZg+Wi AldL84YG9vE8mn9K1V7lOpTIRMYpo7PCA1zyZwEg7XqJSx0EShvxB4T8t4qF5IBu1Ppj uGaqZXAQUR5+O/KbD0xm76S8MXGTPZ6v2Dr/Ont5HNNan2R4QD71FYgQksBUJvpfAzuH BUcx2Q6CefMHH7Lp8FxoDG7fxqqvGnnV4Ji94QdmhBGWD6ihNYiuJmlaIH+v8olRIQAw WDkzlLfkdhpvNkQEWmlNc+qms5ONDmeiF0YwlIGLGaa5BXn0RCYPkrNhBh/VLHgz//IY LvqA== X-Gm-Message-State: AOPr4FXHVo8gkbs6rC8hkBoFbHA+KsO/sr0o0OaX1SuHSPzciFuD8yIewGaLTSrUSgQOwXzstB9p6VzEsICEV80o MIME-Version: 1.0 X-Received: by 10.202.64.132 with SMTP id n126mr4229850oia.80.1461788899716; Wed, 27 Apr 2016 13:28:19 -0700 (PDT) Received: by 10.157.35.36 with HTTP; Wed, 27 Apr 2016 13:28:19 -0700 (PDT) In-Reply-To: <571B4D44.5010209@isode.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <571B4D44.5010209@isode.com> Date: Wed, 27 Apr 2016 13:28:19 -0700 Message-ID: From: Wei Chuang To: Alexey Melnikov Content-Type: multipart/alternative; boundary=001a113d76f41b27e505317d40f4 Archived-At: Cc: spasm@ietf.org, Russ Housley Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2016 20:28:24 -0000 --001a113d76f41b27e505317d40f4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I also think is a good charter to start PKIX/S/MIME work. -Wei On Sat, Apr 23, 2016 at 3:24 AM, Alexey Melnikov wrote: > On 20/04/2016 18:51, Russ Housley wrote: > > This does not include the two things proposed by Eliot or Max earlier > today. > > > > Russ > > > > = = = = = = = > > > > The PKIX and S/MIME Working Groups have been closed for some time. Some > > updates are need to the X.509 certificate documents produced by the PKIX > > Working Group and the electronic mail security documents produced by the > > S/MIME Working Group. > > > > The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the > > updates where there is a known constituency and there is a at least one > > known approach to the update. The current charter included updates to > > satisfy the following needs: > > > > 1. Specify the way to include an i18n email address as a subject > > alternative name and an issuer alternative name. > > > > 2. Specify the processing for the Extended Key Usage certificate > > extension when it appears in the certificate of an intermediate > > certification authority. > > > > 3. Specify the way to use authenticated encryption in S/MIME. > > > > In addition, the SPASM Working Group may investigate other updates to > > the documents produced by the PKIX and S/MIME Working Groups, but the > > SPASM Working Group shall not adopt any of these potential work items > > without rechartering. > > I think this is a reasonable charter to start PKIX/S/MIME work. > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --001a113d76f41b27e505317d40f4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
I also think is a good charter to start PKIX/S/MIME work.

-Wei

On Sat, Apr 23, 2016 at 3:24 AM, Alexey Melnikov <alexey.melnikov@isode.com> wrote:
On 20/04/2016 18:51, Russ Housley wrote:
> This does not include the two things proposed by Eliot or Max earlier today.
>
> Russ
>
> = = = = = = =
>
> The PKIX and S/MIME Working Groups have been closed for some time.  Some
> updates are need to the X.509 certificate documents produced by the PKIX
> Working Group and the electronic mail security documents produced by the
> S/MIME Working Group.
>
> The Some PKIX and S/MIME (SPASM) Working Group is chartered to make the
> updates where there is a known constituency and there is a at least one
> known approach to the update.  The current charter included updates to
> satisfy the following needs:
>
> 1. Specify the way to include an i18n email address as a subject
>    alternative name and an issuer alternative name.
>
> 2. Specify the processing for the Extended Key Usage certificate
>    extension when it appears in the certificate of an intermediate
>    certification authority.
>
> 3. Specify the way to use authenticated encryption in S/MIME.
>
> In addition, the SPASM Working Group may investigate other updates to
> the documents produced by the PKIX and S/MIME Working Groups, but the
> SPASM Working Group shall not adopt any of these potential work items
> without rechartering.

I think this is a reasonable charter to start PKIX/S/MIME work.

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--001a113d76f41b27e505317d40f4-- From nobody Wed Apr 27 17:56:17 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD0512D10A for ; Wed, 27 Apr 2016 17:56:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dRDsqqPQuupK for ; Wed, 27 Apr 2016 17:56:15 -0700 (PDT) Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BE8112D09F for ; Wed, 27 Apr 2016 17:56:15 -0700 (PDT) Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id EA96038F2F for ; Wed, 27 Apr 2016 17:56:14 -0700 (PDT) From: "Jim Schaad" To: References: <20160428005112.25281.10712.idtracker@ietfa.amsl.com> In-Reply-To: <20160428005112.25281.10712.idtracker@ietfa.amsl.com> Date: Wed, 27 Apr 2016 17:56:14 -0700 Message-ID: <086f01d1a0e8$c3e24da0$4ba6e8e0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQG32jHBd+GHgi/yU1smdPzqJwahAZ/SHPLQ Content-Language: en-us Archived-At: Subject: [Spasm] FW: New Version Notification for draft-schaad-rfc5751-bis-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 00:56:17 -0000 Here is a first cut at a draft to deal with issue #3 on the proposed = charter. > -----Original Message----- > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Sent: Wednesday, April 27, 2016 5:51 PM > To: Blake Ramsdell ; Jim Schaad = ; > Blake C. Ramsdell ; Sean Turner > Subject: New Version Notification for draft-schaad-rfc5751-bis-00.txt >=20 >=20 > A new version of I-D, draft-schaad-rfc5751-bis-00.txt has been = successfully > submitted by Jim Schaad and posted to the IETF repository. >=20 > Name: draft-schaad-rfc5751-bis > Revision: 00 > Title: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version > 3.5 Message Specification > Document date: 2016-04-27 > Group: Individual Submission > Pages: 49 > URL: = https://www.ietf.org/internet-drafts/draft-schaad-rfc5751-bis- > 00.txt > Status: = https://datatracker.ietf.org/doc/draft-schaad-rfc5751-bis/ > Htmlized: = https://tools.ietf.org/html/draft-schaad-rfc5751-bis-00 >=20 >=20 > Abstract: > This document defines Secure/Multipurpose Internet Mail Extensions > (S/MIME) version 3.5. S/MIME provides a consistent way to send and > receive secure MIME data. Digital signatures provide = authentication, > message integrity, and non-repudiation with proof of origin. > Encryption provides data confidentiality. Compression can be used = to > reduce data size. This document obsoletes RFC 5751. >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat From nobody Thu Apr 28 02:05:46 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD4912D0BF for ; Thu, 28 Apr 2016 02:05:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.995 X-Spam-Level: X-Spam-Status: No, score=-2.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOxcRpz3RgUv for ; Thu, 28 Apr 2016 02:05:43 -0700 (PDT) Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 7A13212D0A1 for ; Thu, 28 Apr 2016 02:05:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1461834342; d=isode.com; s=selector; i=@isode.com; bh=3D0+xUUpU9JDJWZpTUs6w7aYJbZmT6FqPBSe9gC+lFc=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=ZQO+xzy6zwLOsRlB6/Fj6yn96aDAU0taFpdOYOpRt+IgHns4v2Xx0gNYC8Mu1BfDpEBTik EUJ+KyYiVHxMsS7B60gzxPBTOxWA+CqWs3F6gZCtoNNBkmExqumoF0ki6WwonmzmEbQxsx SjT7INhLecQ1YuRCJ6yqMJIK4dThBcc=; Received: from [192.168.0.6] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Thu, 28 Apr 2016 10:05:42 +0100 X-SMTP-Protocol-Errors: PIPELINING From: Alexey Melnikov X-Mailer: iPad Mail (13E238) In-Reply-To: Date: Thu, 28 Apr 2016 10:13:12 +0100 Message-Id: <1A601E1B-0CB7-4470-AFF9-E430F452785A@isode.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> To: Dmitry Belyavsky MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Apple-Mail-E79C085B-9970-4FFD-9678-E7802DBB751B Content-Transfer-Encoding: 7bit Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 09:05:45 -0000 --Apple-Mail-E79C085B-9970-4FFD-9678-E7802DBB751B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi Dmitry, On 20 Apr 2016, at 20:56, Dmitry Belyavsky wrote: >>>> 1. Specify the way to include an i18n email address as a subject >>>> alternative name and an issuer alternative name. >>>=20 >>> Is there a way to specify an i18n email address as a subject itself, not= as SAN? >>> If not, it is useful to add it to the point 1. >>=20 >> Are there any situations where extensions to SAN/IAN would not be suffici= ent. >=20 > I think yes. For example the situation when the address is IDN domain is p= rimary. Sorry, I don't understand what is "primary IDN domain". Can you elaborate? >=20 >>>=20 >>> The IDN domains are used widely enough in Russia so it's an actual probl= em.=20 >>=20 >> Right, this item would deal with IDN domains in email addresses. > =20 > If I understand correctly, there are different encodings for the left part= (before '@') and for the domain name (IDNA). The domain part can be encoded as either UTF-8 version or its ASCII encoding= (xn--...). I don't think we can prohibit use of any of them. The left hand side is always in UTF-8. Best Regards, Alexey --Apple-Mail-E79C085B-9970-4FFD-9678-E7802DBB751B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hi Dmitry,

On= 20 Apr 2016, at 20:56, Dmitry Belyavsky <beldmit@gmail.com> wrote:

1.= Specify the way to include an i18n email address as a subject
   alternative name and an issuer alternative name.


Is there a way to s= pecify an i18n email address as a subject itself, not as SAN?
If n= ot, it is useful to add it to the point 1.

Are there any situations where extensions to S= AN/IAN would not be sufficient.

I thin= k yes. For example the situation when the address is IDN domain is primary.<= /div>

Sorry, I don't understand what is "pr= imary IDN domain". Can you elaborate?


The IDN d= omains are used widely enough in Russia so it's an actual problem. 

Right, this ite= m would deal with IDN domains in email addresses.


 
If I understand correctly, there are different= encodings for the left part (before '@') and for the domain name (IDNA).
The domain part can be encoded as either UTF-8 version or= its ASCII encoding (xn--...). I don't think we can prohibit use of any of t= hem.
The left hand side is always in UTF-8.

Best Regards,
Alexey

= --Apple-Mail-E79C085B-9970-4FFD-9678-E7802DBB751B-- From nobody Thu Apr 28 02:08:28 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EF7F12D5A8 for ; Thu, 28 Apr 2016 02:08:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.997 X-Spam-Level: X-Spam-Status: No, score=-2.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwPOyUSj3fPO for ; Thu, 28 Apr 2016 02:08:26 -0700 (PDT) Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id E194D12D0F5 for ; Thu, 28 Apr 2016 02:08:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1461834505; d=isode.com; s=selector; i=@isode.com; bh=dzi+mGUnx9ApmOqjYURr03OS+mm8EOAbk1tS2KbESGE=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=WP5sK1o02xPh4YSgk+5MEw0rRPBbmS3t7i9SH997R1RGVsjCvk2TL7WAEFy68+uSExZ3Xz 6j2B9dtU7wsUcfFJyoIwuom3MtHf8l6s2MVkPzIViJClwXJvQAR23fwRrFZzPcxmNdMrzF HzBvbrG1fHQga/Ca8IPJogudZ0OKtfY=; Received: from [192.168.0.6] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by statler.isode.com (submission channel) via TCP with ESMTPSA id ; Thu, 28 Apr 2016 10:08:25 +0100 X-SMTP-Protocol-Errors: PIPELINING From: Alexey Melnikov X-Mailer: iPad Mail (13E238) In-Reply-To: <20160420232425.18637.qmail@ary.lan> Date: Thu, 28 Apr 2016 10:15:54 +0100 Message-Id: <6E60FC1D-31FE-4ECD-A858-8E4E93AF8849@isode.com> References: <20160420232425.18637.qmail@ary.lan> To: John Levine MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 09:08:27 -0000 On 21 Apr 2016, at 00:24, John Levine wrote: >> Right, this item would deal with IDN domains in email addresses. >=20 > Since every IDN domain has an ASCII A-label equivalent, why is > this a problem? It is not. But I was wondering whether we can actually require people to onl= y use A-labels. >=20 > I agree that EAI addresses with UTF-8 local parts need at least > a small document update. >=20 > R's, > John >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Thu Apr 28 02:10:58 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8736412D5E6 for ; Thu, 28 Apr 2016 02:10:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.897 X-Spam-Level: X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-y3WQa5lAOJ for ; Thu, 28 Apr 2016 02:10:51 -0700 (PDT) Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F04E112D5EA for ; Thu, 28 Apr 2016 02:10:50 -0700 (PDT) Received: from srv4.stroeder.local (srv1.stroeder.com [213.240.180.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.stroeder.local", Issuer "stroeder.com Server CA no. 2009-07" (verified OK)) by srv1.stroeder.com (Postfix) with ESMTPS id 85A041CEAB; Thu, 28 Apr 2016 09:10:48 +0000 (UTC) Received: from nb2.stroeder.local (nb2.stroeder.local [10.1.1.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by srv4.stroeder.local (Postfix) with ESMTPS id 344F71D961; Thu, 28 Apr 2016 09:10:47 +0000 (UTC) To: Alexey Melnikov References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> <1A601E1B-0CB7-4470-AFF9-E430F452785A@isode.com> From: =?UTF-8?Q?Michael_Str=c3=b6der?= Openpgp: id=43C8730E84A20E560722806C07DC7AE36A8BC938 Message-ID: <5721D396.1080805@stroeder.com> Date: Thu, 28 Apr 2016 11:10:46 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 SeaMonkey/2.40 MIME-Version: 1.0 In-Reply-To: <1A601E1B-0CB7-4470-AFF9-E430F452785A@isode.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms040203080607040404090604" Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 09:10:56 -0000 This is a cryptographically signed message in MIME format. --------------ms040203080607040404090604 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Alexey Melnikov wrote: > The domain part can be encoded as either UTF-8 version or its ASCII enc= oding > (xn--...). I don't think we can prohibit use of any of them. But at least there could be a implementation note that encoding the domai= n part as ASCII is recommended for backward compability. > The left hand side is always in UTF-8. And is usable only with SMTPUTF8 extension. Ciao, Michael. --------------ms040203080607040404090604 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC DGYwggYqMIIFEqADAgECAgMPVg4wDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAklMMRYw FAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZp Y2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJt ZWRpYXRlIENsaWVudCBDQTAeFw0xNTA5MTAxNjMwMTdaFw0xNjA5MTAxNDA3NTBaMEQxHTAb BgNVBAMMFG1pY2hhZWxAc3Ryb2VkZXIuY29tMSMwIQYJKoZIhvcNAQkBFhRtaWNoYWVsQHN0 cm9lZGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3ulgRkFW/ozuAX 8HwDmP7ifGF09KbLcAEVVjS013fTAlEzq0TJVcMXx/57LqdWtelCi35YvCzXHURuZl6hpUlR +yOR1sev9xP2NfEJHQKUfs435wN6xFmdg/LI+ydlJ/exc3XxZVnb994vtJOlQh1HgXJvCORp 9d359fQQMY5N71TiQs0rcn8SNUBLZYHom1U2g2oEHN/QFNf2noxfXdPxTWeeeR0EuhH1Yy/0 AE2JZk2VmFW6VZYjEPoXUOfRizEzSM6HjyG347RnFd5Zh5vquxN609Z2iSg1Txuvd/eLSSuu 9sxLfw/5Qq4Xd/vhNVTrvG8d4M9L54orRVdFwmsCAwEAAaOCAtowggLWMAkGA1UdEwQCMAAw CwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU ubJgGvVtleGfzm7tjClKT2uUcB4wHwYDVR0jBBgwFoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIw HwYDVR0RBBgwFoEUbWljaGFlbEBzdHJvZWRlci5jb20wggFMBgNVHSAEggFDMIIBPzCCATsG CysGAQQBgbU3AQIDMIIBKjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20v cG9saWN5LnBkZjCB9wYIKwYBBQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwAwIBARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcg dG8gdGhlIENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4g Y29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wNgYDVR0fBC8w LTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0dTEtY3JsLmNybDCBjgYIKwYB BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9j bGFzczEvY2xpZW50L2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9j ZXJ0cy9zdWIuY2xhc3MxLmNsaWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5z dGFydHNzbC5jb20vMA0GCSqGSIb3DQEBCwUAA4IBAQAv5aQr1I7ZAg4VJJtaPIi61v/v0v9j Hs/Gl695n7shMeZx/H5F6EAwma0MWIWv1H9mtFcGhXiwr55SR1xMffy+C2Q5byyVcVKmrC+E vP1Ke+VnJ6v/l3JV5zPQf38XdCvYQACHFIODnVmD5JI59TWzS5ReudfTf60kQeNoRTZH15el 8hORNOzkoGiV70Kuuw7pCOf0ncjshttJE3NetXa2f4rTsCC5UNrMqhF8Y6NALa3m/zzCK1+i nvukFQPBU3+NFeNcrpp2nroEutsl3ftkcw6jAvQvTGEIw6AO13fgujtge+kxyoF2RuCSsEmT jmyZ7QweLwfmuU70umVTM8HUMIIGNDCCBBygAwIBAgIBHjANBgkqhkiG9w0BAQUFADB9MQsw CQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMDcxMDI0MjEwMTU1WhcNMTcxMDI0MjEwMTU1WjCBjDELMAkG A1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdp dGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJp bWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAxwmDzM4t2BqxKaQuE6uWvooyg4ymiEGWVUet1G8SD+rqvyNH4QrvnEIaFHxOhESi p7vMz39ScLpNLbL1QpOlPW/tFIzNHS3qd2XRNYG5Sv9RcGE+T4qbLtsjjJbi6sL7Ls/f/X9f tTyhxvxWkf8KW37iKrueKsxw2HqolH7GM6FX5UfNAwAu4ZifkpmZzU1slBhyWwaQPEPPZRsW oTb7q8hmgv6Nv3Hg9rmA1/VPBIOQ6SKRkHXG0Hhmq1dOFoAFI411+a/9nWm5rcVjGcIWZ2v/ 43Yksq60jExipA4l5uv9/+Hm33mbgmCszdj/Dthf13tgAv2O83hLJ0exTqfrlwIDAQABo4IB rTCCAakwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFNy7ZKc 4NrLAVx8fpY1TvLUuFGCMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7yMGYGCCsG AQUFBwEBBFowWDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL2NhMC0G CCsGAQUFBzAChiFodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcnQwWwYDVR0fBFQw UjAnoCWgI4YhaHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3JsMCegJaAjhiFodHRw Oi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwgYAGA1UdIAR5MHcwdQYLKwYBBAGBtTcB AgEwZjAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0 BggrBgEFBQcCARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjAN BgkqhkiG9w0BAQUFAAOCAgEACoMIfXirLAZcuGOMXq4cuSN3TaFx2H2GvD5VSy/6rV55BYHb WNaPeQn3oBSU8KgQZn/Kck1JxbLpAxVCNtsxeW1R87ifhsYZ0qjdrA9anrW2MAWCtosmAOT4 OxK9QPoSjCMxM3HbkZCDJgnlE8jMopH21BbyAYr7b5EfGRQJNtgWcvqSXwKHnTutR08+Kkn0 KAkXCzeQNLeA5LlYUzFyM7kPAp8pIRMQ+seHunmyG642S2+y/qHEdMuGIwpfz3eDF1PdctL0 4qYK/zu+Qg1Bw0RwgigVZs/0c5HP2/e9DBHh7eSwtzYlk4AUr6yxLlcwSjOfOmKEQ/Q8tzh0 IFiNu9IPuTGAPBn4CPxD0+Ru8T2wg8/s43R/PT3kd1OEqOJUl7q+h+r6fpvU0Fzxd2tC8Ga6 fDEPme+1Nbi+03pVjuZQKbGwKJ66gEn06WqaxVZC+J8hh/jR0k9mST1iAZPNYulcNJ8tKmVt jYsv0L1TSm2+NwON58tO+pIVzu3DWwSEXSf+qkDavQam+QtEOZxLBXI++aMUEapSn+k3Lxm4 8ZCYfAWLb/Xj7F5JQMbZvCexglAbYR0kIHqW5DnsYSdMD/IplJMojx0NBrxJ3fN9dvX2Y6BI XRsF1du4qESm4/3CKuyUV7p9DW3mPlHTGLvYxnyKQy7VFBkoLINszBrOUeIxggPtMIID6QIB ATCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29t IENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMPVg4wDQYJYIZIAWUD BAIBBQCgggIpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE2 MDQyODA5MTA0NlowLwYJKoZIhvcNAQkEMSIEIMNc1xN4hNrylHY6zwJFRWDmnGjNe5SIeFfw DGeC6I76MGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBAjAKBggq hkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI hvcNAwICASgwgaUGCSsGAQQBgjcQBDGBlzCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoT DVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNp Z25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUg Q2xpZW50IENBAgMPVg4wgacGCyqGSIb3DQEJEAILMYGXoIGUMIGMMQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlm aWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVy bWVkaWF0ZSBDbGllbnQgQ0ECAw9WDjANBgkqhkiG9w0BAQEFAASCAQAf+sHlzAeJTwV+JOeD SWWgVaFiWU1ACgtP7cvxeNTJb61o+/nIVnttvu+y1ZYWdIQYC2zaB/wPNKWIPg9wP80HD2rk 8awzXKxSGBpXHhT0Z+nP/UVHgIOWEBYWTCSDzfXe6hL7Kzb5IcGxTY2sLY0M4R+JAgsuiE7f XwD+yv0fYncaFkOcsRyfxP/B4K/mdQMfc5xutxShA/Zvh4hd/uQd31IPwOr+92fSRIQdNezP rfhxeCQBcTUJy0IUQ6r6Ii2aMC0FtOnv7dkiNuDCI1I773Fa6439ITLFWwFmyFUBFOc4bxw9 1s7Cff0MKDG4q6OUzVgDAeYAAlC6jUocSn9rAAAAAAAA --------------ms040203080607040404090604-- From nobody Thu Apr 28 02:15:39 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D4B12D5FC for ; Thu, 28 Apr 2016 02:15:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.699 X-Spam-Level: X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txMVQvP4eDRM for ; Thu, 28 Apr 2016 02:15:35 -0700 (PDT) Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD47312D5F3 for ; Thu, 28 Apr 2016 02:15:34 -0700 (PDT) Received: by mail-lf0-x22d.google.com with SMTP id u64so77229681lff.3 for ; Thu, 28 Apr 2016 02:15:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=dGmwDqXtSAd+6bcmw+O8MdpXBRLHMuyahLMvP+mf83w=; b=x846jGQZurjam6QG5DSYSZpjw9raulI/V73mxU5HuEKAX6jSWjRvS28lJVEYty83Ah irL5mRzpbb++vm2Uu1J/SZvwqMolZZwSYY9qeevGEvol4BU7SsyCA/WHP8pR1jge9WEV Pf1uZ2ppwlbPS32eNQlHZrifhc8QSM+RjZVGkdhuEFHEOQZPTlGC7u155ECtvhSUzmLT E/1oTY1VfzQ7wibRglLGESg7YOMXT5F0E3coJiUw9Me/HOmr7hhMn+BhWkY+YnXrbAn2 rqbNYEphMgJA1h+eu7lFAwrtWRAVRjJdIa5milVLftkg9VrzekKwTTHodz2/pAgbhO4f Dcmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=dGmwDqXtSAd+6bcmw+O8MdpXBRLHMuyahLMvP+mf83w=; b=QY7NoF+0EF9pQN4dtmohTZHCaTHCf4+LHox5ZLsui+MjItnbMmMQ0A6Yg3CM1be3bJ z/Eog82Y6nl4OhK5ASAAGr5IpYZQvYC13Ahr8C3e1xMYEy0GyM8UAzShXdu1H1MnhVVT QFR6ocWvcLYCwhe1vsksTE4zO9Pub/ASKnF8w09uVQ7b8tqkeJ5voosZwQ7XrVh9N/+S 8Azr1fOL1M7Hz+CRZTtaDQPOGhWS9srrh57PVHC3U/PXP2Egwq9jjUBtvx2XSkbNXcvH PnlTBsKOoPU29qsdK0n3px2sVhNHuengt0WIWMxuERW2o4e5S+3183GLcJBXGn/rI6LJ TY2w== X-Gm-Message-State: AOPr4FWsfxzeapep1EEOgOepc2VLbK+oiFRMqKxzDSiEmCIE3JtS07YVqlnUE3sFqP4fupg3VyYzeOftmXtRew== MIME-Version: 1.0 X-Received: by 10.25.24.35 with SMTP id o35mr5685111lfi.25.1461834932794; Thu, 28 Apr 2016 02:15:32 -0700 (PDT) Received: by 10.25.17.157 with HTTP; Thu, 28 Apr 2016 02:15:32 -0700 (PDT) In-Reply-To: <1A601E1B-0CB7-4470-AFF9-E430F452785A@isode.com> References: <487A4FBB-5C99-4E50-BC98-B838429E323F@vigilsec.com> <37F45C68-65B8-4BAF-B20C-413AB7DB5838@isode.com> <1A601E1B-0CB7-4470-AFF9-E430F452785A@isode.com> Date: Thu, 28 Apr 2016 12:15:32 +0300 Message-ID: From: Dmitry Belyavsky To: Alexey Melnikov Content-Type: multipart/alternative; boundary=001a11401642e3bd11053187f761 Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 09:15:38 -0000 --001a11401642e3bd11053187f761 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello Alexey, On Thu, Apr 28, 2016 at 12:13 PM, Alexey Melnikov wrote: > Hi Dmitry, > > On 20 Apr 2016, at 20:56, Dmitry Belyavsky wrote: > > 1. Specify the way to include an i18n email address as a subject >>> alternative name and an issuer alternative name. >>> >>> >> Is there a way to specify an i18n email address as a subject itself, not >> as SAN? >> If not, it is useful to add it to the point 1. >> >> >> Are there any situations where extensions to SAN/IAN would not be >> sufficient. >> > > I think yes. For example the situation when the address is IDN domain is > primary. > > > Sorry, I don't understand what is "primary IDN domain". Can you elaborate= ? > In Russia a lot of companies have their site in the .=D1=80=D1=84 domains (= Cyrillic unicode). If users from such companies want to obtain a certificate for any email address in such a domain, it seems to me that it should be specified not in SAN but in Subject. > > > >> The IDN domains are used widely enough in Russia so it's an actual >> problem. >> >> >> Right, this item would deal with IDN domains in email addresses. >> >> >> > If I understand correctly, there are different encodings for the left par= t > (before '@') and for the domain name (IDNA). > > > The domain part can be encoded as either UTF-8 version or its ASCII > encoding (xn--...). I don't think we can prohibit use of any of them. > The left hand side is always in UTF-8. > In the DNS world domain names are usually presented in the PUNYCODE format. A lot of programs have to change the presentation for usability purposes, and it seems to be not a problem. --=20 SY, Dmitry Belyavsky --001a11401642e3bd11053187f761 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello Alexey,

On Thu, Apr 28, 2016 at 12:13 PM, Alexey Melnikov <al= exey.melnikov@isode.com> wrote:
Hi Dmitry,

On 20 Apr 2016, at 20:56, Dmitry Belyavsky <beldmit@gmail.com> wrote:

1. Specify the way to include an i18n email address as= a subject
=C2=A0 =C2=A0alternative name and an issuer alternative name.


Is there a way to specify an i18n email a= ddress as a subject itself, not as SAN?
If not, it is useful to a= dd it to the point 1.

Are there any situations where extensions to SAN/IAN would not b= e sufficient.

I think yes. For exampl= e the situation when the address is IDN domain is primary.

Sorry, I don't understand what is "p= rimary IDN domain". Can you elaborate?


In Russia a lot of companies have their site in the .= =D1=80=D1=84 domains (Cyrillic unicode).
If users from such compa= nies want to obtain a certificate for any email address in such a domain,= =C2=A0
it seems to me that it should be specified not in SAN but = in Subject.

=C2=A0



The IDN dom= ains are used widely enough in Russia so it's an actual problem.=C2=A0<= /div>

Right, this= item would deal with IDN domains in email addresses.


=C2=A0
If I understan= d correctly, there are different encodings for the left part (before '@= ') and for the domain name (IDNA).

The doma= in part can be encoded as either UTF-8 version or its ASCII encoding (xn--.= ..). I don't think we can prohibit use of any of them.
The le= ft hand side is always in UTF-8.

In the DNS world domain names are usually presented in the PUNYCODE forma= t.=C2=A0
A lot of programs have to change the presentation for us= ability purposes, and it seems to be not a problem.


--
SY, Dmitry Belya= vsky
--001a11401642e3bd11053187f761-- From nobody Thu Apr 28 14:33:32 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6600E12B034 for ; Thu, 28 Apr 2016 14:33:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.635 X-Spam-Level: X-Spam-Status: No, score=0.635 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_SBL_CSS=3.335, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F1_Cy7HvsgxX for ; Thu, 28 Apr 2016 14:33:30 -0700 (PDT) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A022312B015 for ; Thu, 28 Apr 2016 14:33:29 -0700 (PDT) Received: by mail-wm0-x22d.google.com with SMTP id n129so5201720wmn.1 for ; Thu, 28 Apr 2016 14:33:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ACNypyLDxOFnJdOCbwb/Y1pjJJ25ePHym0ZhFELbSD0=; b=fQA6vzrpmKZL5eQU9+PyQg1k1G+fjlwSQx7LrY/D4FRI08f6c/PJj1UOMYaoe8CgC1 RibplI8nC6B/6GOI4b1FAUfE7sXAEG9lqr06VpOs7FGhkGIv0l6XFKxb6K+BEoxntgp6 xq+AO+8BV1Esbkt2Xy4hl9SxPnUxNsMqC8ENOdwsCs3QZKDbz6jfr8FCFihQ2gp3I2Io H0rShselKrXp2pqnaCIIQRyfShPrLnscLo4ZM5wi8JZgdbKw15W6KgvxFK6ty2RhqS/t h730EvK1T3CnsMBp/gFziQhMW1vx34Hg/I1xzO7MKrRCo/H75LzB0lBXDxBHTlW9pjAC XfQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ACNypyLDxOFnJdOCbwb/Y1pjJJ25ePHym0ZhFELbSD0=; b=GEBCqeW0apWdxeSwxBhB3Vp0/ccgCqAP6aVQ7ZA/O8mq4WIpmA0WlJtAYvRThFSzXI q2cHl4GpeijpZP0+Kiw7vKXFkjjNzSAH/nZohuOZQTELvZcq4dA/3MTgEQgGd+F3t/7q Cx6RiE/GjnR87fD05AyVhMew+oYIjouHOTRx6fOz1P7EnlK1GTfgm9O75z7bRGtuBjMv q8ug1yiT4SbIpj5yfcbIE+TjVIVHVc9MHSnHRAv1QCrfKIQl7UoJ0/UML2eYhNhY13CD 2VCAslvdZqTCEHJhgcdXc4DbO/pgGGWXpTLqYY/xj/YvCamBPNfB5O7DuHKq18G9cRV0 LbeQ== X-Gm-Message-State: AOPr4FUfZq/CmmxkCoxjxdHFnKk67DpasDNpsf+2rI8gGKgyfvLF4w/gx1OFkGVXxDa+Jw== X-Received: by 10.28.142.197 with SMTP id q188mr134393wmd.52.1461879208203; Thu, 28 Apr 2016 14:33:28 -0700 (PDT) Received: from [192.168.1.13] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id o4sm11521004wjx.45.2016.04.28.14.33.26 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 28 Apr 2016 14:33:27 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Yoav Nir In-Reply-To: <178461A7-36C1-4105-BD00-542BBA70F77A@vigilsec.com> Date: Fri, 29 Apr 2016 00:33:25 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <3C786CE1-CBF4-422B-B60A-DE1B7F7A7B5D@gmail.com> References: <20160421141229.21655.qmail@ary.lan> <178461A7-36C1-4105-BD00-542BBA70F77A@vigilsec.com> To: Russ Housley X-Mailer: Apple Mail (2.3124) Archived-At: Cc: spasm@ietf.org, Sean Turner Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 21:33:31 -0000 > On 21 Apr 2016, at 5:50 PM, Russ Housley wrote: >=20 >=20 >> I understand and support #1 and #3, but what=92s #2 about again? >=20 > Please see the thread that begins here: = http://mailarchive.ietf.org/arch/msg/pkix/MHwcSWuuzezj4qHuzSmbYeGUbdI >=20 That seems like an ugly hack. We have an intermediate CA certificate = with EKU for (for example) Code Signing and Email Protection, but the = key in that certificate is never ever used for either code signing or = email protection. It is only used to sign certificates (OK, and = revocation). I see that all this has been covered in the referenced PKIX thread. What = we are being asked to do is to =93bless" existing practice, an existing = practice that has been documented by the CA/BF, but in fact predates it. = If, as the thread claims, =93all the browsers implement this=94, it=92s = a good fit for the Spasm requirement that documents have a high = likelihood of being implemented.=20 One of the messages in that thread ([1]) states that =93the CA/Browser = Forum sets standards for Certification Authorities=94. That is not = strictly true. The CA/BF sets standards for a very specific set of CAs - = those that are the so-called =93Web PKI=94. There are many other CAs = used in other contexts, and any RFC that updates or replaces RFC 5280 = has to consider those as well. Do we have any information about how much = breakage could occur if this requirement was added to path validation = libraries in all libraries? Yoav [1] = https://mailarchive.ietf.org/arch/msg/pkix/Dl_lme0pfswdkxUS3oAVzRiFSjE From nobody Thu Apr 28 16:09:50 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0388D12D0C9 for ; Thu, 28 Apr 2016 16:09:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjgeVH0enJ0N for ; Thu, 28 Apr 2016 16:09:47 -0700 (PDT) Received: from mail.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 1BDC712B038 for ; Thu, 28 Apr 2016 16:09:47 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by mail.smetech.net (Postfix) with ESMTP id D8AE0F2402E; Thu, 28 Apr 2016 19:09:46 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from mail.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id yNgKeiEz021b; Thu, 28 Apr 2016 18:53:47 -0400 (EDT) Received: from [172.20.1.174] (c-73-99-75-174.hsd1.va.comcast.net [73.99.75.174]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.smetech.net (Postfix) with ESMTP id 4DDF1F24013; Thu, 28 Apr 2016 19:09:46 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: <3C786CE1-CBF4-422B-B60A-DE1B7F7A7B5D@gmail.com> Date: Thu, 28 Apr 2016 19:09:44 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <6D4AFEF7-1893-4BF4-BACE-442C08524EFC@vigilsec.com> References: <20160421141229.21655.qmail@ary.lan> <178461A7-36C1-4105-BD00-542BBA70F77A@vigilsec.com> <3C786CE1-CBF4-422B-B60A-DE1B7F7A7B5D@gmail.com> To: Yoav Nir X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] DRAFT charter text X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2016 23:09:49 -0000 Yoav: Personally, I would be much happier with an EKU-constrainsts extension. = We have several examples like this that can be used as design patterns. = It would be interesting to find out if CAs and reeling parties would = migrate their existing code to use such and extension. That said, let=92s= get the charter done, then argue the technical merits of potential = solutions. Russ On Apr 28, 2016, at 5:33 PM, Yoav Nir wrote: >=20 >> On 21 Apr 2016, at 5:50 PM, Russ Housley = wrote: >>=20 >>=20 >>> I understand and support #1 and #3, but what=92s #2 about again? >>=20 >> Please see the thread that begins here: = http://mailarchive.ietf.org/arch/msg/pkix/MHwcSWuuzezj4qHuzSmbYeGUbdI >>=20 >=20 > That seems like an ugly hack. We have an intermediate CA certificate = with EKU for (for example) Code Signing and Email Protection, but the = key in that certificate is never ever used for either code signing or = email protection. It is only used to sign certificates (OK, and = revocation). >=20 > I see that all this has been covered in the referenced PKIX thread. = What we are being asked to do is to =93bless" existing practice, an = existing practice that has been documented by the CA/BF, but in fact = predates it. If, as the thread claims, =93all the browsers implement = this=94, it=92s a good fit for the Spasm requirement that documents have = a high likelihood of being implemented.=20 >=20 > One of the messages in that thread ([1]) states that =93the CA/Browser = Forum sets standards for Certification Authorities=94. That is not = strictly true. The CA/BF sets standards for a very specific set of CAs - = those that are the so-called =93Web PKI=94. There are many other CAs = used in other contexts, and any RFC that updates or replaces RFC 5280 = has to consider those as well. Do we have any information about how much = breakage could occur if this requirement was added to path validation = libraries in all libraries? >=20 > Yoav >=20 >=20 > [1] = https://mailarchive.ietf.org/arch/msg/pkix/Dl_lme0pfswdkxUS3oAVzRiFSjE >=20 From nobody Fri Apr 29 12:44:24 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ABB612D0DF for ; Fri, 29 Apr 2016 12:44:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.697 X-Spam-Level: X-Spam-Status: No, score=-3.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUb1g-FWmQIu for ; Fri, 29 Apr 2016 12:44:21 -0700 (PDT) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75C6A12D52D for ; Fri, 29 Apr 2016 12:44:21 -0700 (PDT) Received: by mail-wm0-x22f.google.com with SMTP id g17so52335402wme.1 for ; Fri, 29 Apr 2016 12:44:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to :content-transfer-encoding; bh=Mv8R4VMXrfJcjQ67vP5hQ8IVQQtVRzb635wYWHdUznI=; b=k3xmPUJUiCAFRcpURYVzGVZWUn8k7P27nQs2IdN7F1CqQPmVDK9kRSRcaovDziBmSV 2FO4zDCqKXEKyCU7Y0AxIiOQrWrMBktfTLH4v8Houej3w6EBwZFmyD/b/pWpiOGi3MS0 s4be0MS/vGAJIqh/j1g9t6MWyoUnlQ869bg+ryzfXo3vDfPFdtX/qaqBRe2PWelorXMf D82bxO/YkHB8sMAYicpFPZhNq9cXk86N+QMPJ5P3xGEc330XpzcKwk2T8TCmYHxzQtpZ K4/FRjptTwdwx+L9lc931itd1xWCaElDM5pnFVZ6SFvKVfsyzcphEJFuoTwaRDUkKm1T E0Bw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-transfer-encoding; bh=Mv8R4VMXrfJcjQ67vP5hQ8IVQQtVRzb635wYWHdUznI=; b=TXtfZftj4OI96rHfOr7Eo+aqEzirH4+Zj5nNJZEzYaS/eb8wsN/s6nSwvFb7ASa+We DQH3Yk+IDyE0e1/629+z2AA8D3EacZR9pWDhvThafPayJ1ioQBWMSaWNEpARChhbDEAc ZajXllqZRL/JakgZmLBnVUScaJLHdFSZZZdBVscQvMX9ulbYeOIBOktZ2UNIXZLRkkfa Tn3ytEVmop9pBzI/Vt1MZtjN2E1wdWAFSdpTd3GIjRoGSwXyvXpspt/qSZjqq0IZDJdT h1FsRhfHyZHn3d5m/VoZ+dd+dOnE/J8/GHULZprHc4nQR8M483jjoaTQM6AQeDgMmLyf rt6Q== X-Gm-Message-State: AOPr4FUmBIekAjGOHC4InxmuebcUW7sELRgK5+ec1hyzokr6r2B0DPliYTDdcxUiHJ9jyQh1o1u2prboG6Yaw5Mb MIME-Version: 1.0 X-Received: by 10.28.143.11 with SMTP id r11mr6398752wmd.46.1461959059914; Fri, 29 Apr 2016 12:44:19 -0700 (PDT) Received: by 10.28.31.215 with HTTP; Fri, 29 Apr 2016 12:44:19 -0700 (PDT) Date: Fri, 29 Apr 2016 12:44:19 -0700 Message-ID: From: Laetitia Baudoin To: spasm@ietf.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Archived-At: Subject: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 19:44:23 -0000 Hi, Could we update the text in section 3.4 [Creating an Authenticated Enveloped-Only Message]? Currently it states: ----- This section describes the format for enveloping a MIME entity without signing it. It is important to note that sending authenticated enveloped but not signed messages does not provide for authentication or non-repudiation. It is possible to replace ciphertext in such a way that the processed message will still be valid, but the meaning can be altered. ----- Which is incorrect: alterations to the encrypted part of the message would be detected. The problem is that authenticated encryption alone does not prove anything about the sender. An alternative to the last sentence could be something like "It is possible to change the sender without altering the validity of the processed message". From nobody Fri Apr 29 13:52:22 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A807012D53B for ; Fri, 29 Apr 2016 13:52:20 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.696 X-Spam-Level: X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8B9OOQZ-79Hx for ; Fri, 29 Apr 2016 13:52:17 -0700 (PDT) Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0CE312D66B for ; Fri, 29 Apr 2016 13:52:16 -0700 (PDT) Received: by mail-oi0-x235.google.com with SMTP id v145so98888074oie.0 for ; Fri, 29 Apr 2016 13:52:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=Uvmbl3jQ14HnFl1A+67iMLSLzJiukCmspGHUEqm55ww=; b=ohznGJguYBJMidPOo+wzJeK+xzAMq7/ngS8aKnZMAZmK9h4w1+45FL0viIKrvKAKFw RPSbrKjgR2WmAXIgVFvj/8bIIeFTKjJZnZvo1UMGOpvlF9E0VekaG1MTSONHAdHw2Z9A 2LF9CfiATAaNjWVeaw7IUJmaGEvE1XkgXA8W6n0vlij8o31dtizFrfHCw2UCsyA7ApH2 HKq512b2H0xN+yoVAZVFyUpVGzJ9Mhmc1tU7auX15QsG3PtJLNDRXCC57+SvYgelsbKU z3FHCeozJgC1b+k3BowIqFiSbFWvtY56hqlzwuDMyriibyBiZQOEmPL/p0XeJVeSAIOt Z10Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Uvmbl3jQ14HnFl1A+67iMLSLzJiukCmspGHUEqm55ww=; b=N+9VcTnIIqN4GdUlq0Y/KN6e58eYLE5nAKlqJtGrIPTYS5tC/j8O6A2BZrxewpEsx2 Rp3ZxMZiB2vsDBt3RkYGg/OTpf3R5G3qye/mcgNXjCCUaNyZTy0CYxz7tzWatKDREpoD loy2N/1DqGnTY5L06VRrpZsLfpntKXN7mGloQhYQMjh29h1BjpUI0RJ811pPDfUUNIKu H3RH7Vvyzl4IFOZ0guv3NXbIXQhVjA2Fq0L0qApkiwkcX8yPYvCIdoYqg0mqB32bMRw7 Hn45DtlOLnVu9tFlMB+Dsp6fXt6svkE2iGPFav/x7ADxjwmSHF9iNEKtb2pczYpq6sBW 3vEg== X-Gm-Message-State: AOPr4FVvESPg8lw6aq0Tcu7V9C2yf7dXBG9glPzVyxd9rtvbyrh9fNK8Ztmi4gDQf6mNmJnEscryrZpwewCZggeA MIME-Version: 1.0 X-Received: by 10.202.64.132 with SMTP id n126mr9370954oia.80.1461963136191; Fri, 29 Apr 2016 13:52:16 -0700 (PDT) Received: by 10.157.35.36 with HTTP; Fri, 29 Apr 2016 13:52:13 -0700 (PDT) In-Reply-To: References: Date: Fri, 29 Apr 2016 13:52:13 -0700 Message-ID: From: Wei Chuang To: Laetitia Baudoin Content-Type: multipart/alternative; boundary=001a113d76f468bba80531a5d119 Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 20:52:20 -0000 --001a113d76f468bba80531a5d119 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit First thanks goes to the authors of draft-schaad-rfc5751-bis-00 for doing the update. On Fri, Apr 29, 2016 at 12:44 PM, Laetitia Baudoin wrote: > Hi, > > Could we update the text in section 3.4 [Creating an Authenticated > Enveloped-Only Message]? > Currently it states: > ----- > > This section describes the format for enveloping a MIME entity > without signing it. It is important to note that sending > authenticated enveloped but not signed messages does not provide for > authentication or non-repudiation. It is possible to replace > ciphertext in such a way that the processed message will still be > valid, but the meaning can be altered. > > ----- > > Which is incorrect: alterations to the encrypted part of the message > would be detected. > The problem is that authenticated encryption alone does not prove > anything about the sender. > > An alternative to the last sentence could be something like "It is > possible to change the sender without altering the validity of the > processed message". > +1 Also I'm bothered by the second sentence as too alarming as potential uses would presumably find a means to authenticate. As this update also adds AES-GCM, can draft-housley-cms-chacha20-poly1305-00 be considered too? That would help authenticated encryption algorithm diversity. Also does this means that updating algorithms in general will be covered in this pass? If so, can keysize and algorithm deprecation occur e.g. drop md5? For possible work much farther down the road, I would suggest that section 3.1 and details of wrapping messages in "message/rfc822" be clarified. Thanks, -Wei > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --001a113d76f468bba80531a5d119 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
First thanks goes to the authors of draft-schaad-rfc5751-bis-00 for doing the update.

On Fri, Apr 29, 2016 at 12:44 PM, Laetitia Baudoin <lbaudoin@google.com> wrote:
Hi,

Could we update the text in section 3.4 [Creating an Authenticated
Enveloped-Only Message]?

Currently it states:
-----

This section describes the format for enveloping a MIME entity
   without signing it.  It is important to note that sending
   authenticated enveloped but not signed messages does not provide for
   authentication or non-repudiation.  It is possible to replace
   ciphertext in such a way that the processed message will still be
   valid, but the meaning can be altered.

-----

Which is incorrect: alterations to the encrypted part of the message
would be detected.
The problem is that authenticated encryption alone does not prove
anything about the sender.

An alternative to the last sentence could be something like "It is
possible to change the sender without altering the validity of the
processed message".


+1   Also I'm bothered by the second sentence as too alarming as potential uses would presumably find a means to authenticate.
 
As this update also adds AES-GCM, can draft-housley-cms-chacha20-poly1305-00 be considered too?  That would help authenticated encryption algorithm diversity.

Also does this means that updating algorithms in general will be covered in this pass?  If so, can keysize and algorithm deprecation occur e.g. drop md5?

For possible work much farther down the road, I would suggest that section 3.1 and details of wrapping messages in "message/rfc822" be clarified.

Thanks, 
-Wei


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--001a113d76f468bba80531a5d119-- From nobody Fri Apr 29 14:25:14 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F63312D572 for ; Fri, 29 Apr 2016 14:25:13 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u1kPPpFfLk2V for ; Fri, 29 Apr 2016 14:25:11 -0700 (PDT) Received: from mail.smetech.net (x-bolt-wan.smeinc.net [209.135.219.146]) by ietfa.amsl.com (Postfix) with ESMTP id 526C212D0DA for ; Fri, 29 Apr 2016 14:25:11 -0700 (PDT) Received: from localhost (ronin.smetech.net [209.135.209.5]) by mail.smetech.net (Postfix) with ESMTP id 954CEF2404B; Fri, 29 Apr 2016 17:25:10 -0400 (EDT) X-Virus-Scanned: amavisd-new at smetech.net Received: from mail.smetech.net ([209.135.209.4]) by localhost (ronin.smeinc.net [209.135.209.5]) (amavisd-new, port 10024) with ESMTP id rZyyNpF5575R; Fri, 29 Apr 2016 17:08:57 -0400 (EDT) Received: from [172.20.1.174] (c-73-99-75-174.hsd1.va.comcast.net [73.99.75.174]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.smetech.net (Postfix) with ESMTP id 24552F24036; Fri, 29 Apr 2016 17:25:00 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: Date: Fri, 29 Apr 2016 17:24:59 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Wei Chuang X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 21:25:13 -0000 =20 > As this update also adds AES-GCM, can = draft-housley-cms-chacha20-poly1305-00 be considered too? That would = help authenticated encryption algorithm diversity. >=20 > Also does this means that updating algorithms in general will be = covered in this pass? If so, can keysize and algorithm deprecation = occur e.g. drop md5? The Security ADs have asked that algorithm work be done in the CURDLE = WG. So, I have asked that WG to adopt these three drafts: draft-housley-cms-eddsa-signatures draft-housley-cms-ecdh-new-curves draft-housley-cms-chacha20-poly1305 > For possible work much farther down the road, I would suggest that = section 3.1 and details of wrapping messages in "message/rfc822" be = clarified. If clarification is needed, I=92d like to roll it into the rfc5751bis = work. Russ From nobody Sat Apr 30 20:01:57 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05CC312D1C1 for ; Sat, 30 Apr 2016 20:01:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXiRRn0mTA4b for ; Sat, 30 Apr 2016 20:01:54 -0700 (PDT) Received: from smtp2.pacifier.net (smtp2.pacifier.net [64.255.237.172]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EA8412D127 for ; Sat, 30 Apr 2016 20:01:53 -0700 (PDT) Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp2.pacifier.net (Postfix) with ESMTPSA id 2F0A02CA4D; Sat, 30 Apr 2016 20:01:53 -0700 (PDT) From: "Jim Schaad" To: "'Laetitia Baudoin'" , References: In-Reply-To: Date: Sat, 30 Apr 2016 20:01:52 -0700 Message-ID: <0afb01d1a355$d064a720$712df560$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGlmp13BAVndVKnuhSrCmxTsNgUlJ/7cElQ Content-Language: en-us Archived-At: Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2016 03:01:56 -0000 -----Original Message----- From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Laetitia Baudoin Sent: Friday, April 29, 2016 12:44 PM To: spasm@ietf.org Subject: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt Hi, Could we update the text in section 3.4 [Creating an Authenticated Enveloped-Only Message]? Currently it states: ----- This section describes the format for enveloping a MIME entity without signing it. It is important to note that sending authenticated enveloped but not signed messages does not provide for authentication or non-repudiation. It is possible to replace ciphertext in such a way that the processed message will still be valid, but the meaning can be altered. ----- Which is incorrect: alterations to the encrypted part of the message would be detected. The problem is that authenticated encryption alone does not prove anything about the sender. [JLS] It is not totally incorrect, but I would agree that it is misleading. The odds of being able change the message are approximately 1 in 2^128 (assuming a 128-bit authentication tag). This is much better than the CBC world where the odds would be roughly 1 in 256. An alternative to the last sentence could be something like "It is possible to change the sender without altering the validity of the processed message". [JLS] I find this to be a very misleading statement. I find that the term authenticated encryption to be very misleading. An AE algorithm only gives authentication about the sender under some very specific conditions, and those conditions are not generally found for many S/MIME messages. If it had been up to me, I would have called this class of algorithms integrity protected encryption rather than authenticated encryption. Just to be clear, the following conditions would be required to have an authenticated encryption in terms of knowing who the sender is. 1) You would need to use an authenticated encryption algorithm, 2) One would need to have exactly one recipient information structure (otherwise any other recipient can change the message or forge a future message), and 3) the CEK would need to be a key directly derived from information about both the sender and the recipient. This would require the use of static-static DH which is not generally considered to be an option for S/MIME. Given these conditions, I believe that it would be very unwise to say that one is going to get authentication from an S/MIME message. One will get integrity protection but that is a different service. Jim _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Sat Apr 30 20:34:47 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB57412D1C2 for ; Sat, 30 Apr 2016 20:34:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vp94ubwkegzF for ; Sat, 30 Apr 2016 20:34:44 -0700 (PDT) Received: from smtp4.pacifier.net (smtp4.pacifier.net [64.255.237.176]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4309E12D18C for ; Sat, 30 Apr 2016 20:34:44 -0700 (PDT) Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp4.pacifier.net (Postfix) with ESMTPSA id E779438F30; Sat, 30 Apr 2016 20:34:42 -0700 (PDT) From: "Jim Schaad" To: "'Wei Chuang'" , "'Laetitia Baudoin'" References: In-Reply-To: Date: Sat, 30 Apr 2016 20:34:42 -0700 Message-ID: <0afc01d1a35a$667346f0$3359d4d0$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0AFD_01D1A31F.BA188DA0" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGlmp13BAVndVKnuhSrCmxTsNgUlAGaazQXn+6jTSA= Content-Language: en-us Archived-At: Cc: spasm@ietf.org Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2016 03:34:47 -0000 This is a multipart message in MIME format. ------=_NextPart_000_0AFD_01D1A31F.BA188DA0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Wei, =20 See below. =20 From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Wei Chuang Sent: Friday, April 29, 2016 1:52 PM To: Laetitia Baudoin Cc: spasm@ietf.org Subject: Re: [Spasm] Suggestions for draft-schaad-rfc5751-bis-00.txt =20 First thanks goes to the authors of draft-schaad-rfc5751-bis-00 for = doing the update. =20 On Fri, Apr 29, 2016 at 12:44 PM, Laetitia Baudoin > wrote: Hi, Could we update the text in section 3.4 [Creating an Authenticated Enveloped-Only Message]? Currently it states: ----- This section describes the format for enveloping a MIME entity without signing it. It is important to note that sending authenticated enveloped but not signed messages does not provide for authentication or non-repudiation. It is possible to replace ciphertext in such a way that the processed message will still be valid, but the meaning can be altered. ----- Which is incorrect: alterations to the encrypted part of the message would be detected. The problem is that authenticated encryption alone does not prove anything about the sender. An alternative to the last sentence could be something like "It is possible to change the sender without altering the validity of the processed message". =20 +1 Also I'm bothered by the second sentence as too alarming as = potential uses would presumably find a means to authenticate. =20 [JLS] See my comments to Laetitia on why I don=E2=80=99t think = authentication is a viable option here. =20 As this update also adds AES-GCM, can = draft-housley-cms-chacha20-poly1305-00 be considered too? That would = help authenticated encryption algorithm diversity. =20 [JLS] As Russ said in his mail, the actual draft is not going through = this proposed working group. I would be open to having both AES-GCM and = ChaCha/Pol1305 as being listed as AEAD algorithms to be supported by the = message specification. I added in AES-GCM only because I needed to = place some algorithm in the draft to motivate the reason for adding the = CMS authenticated encryption algorithm. =20 =20 Also does this means that updating algorithms in general will be covered = in this pass? If so, can keysize and algorithm deprecation occur e.g. = drop md5? =20 [JLS] Sean is unhappy, but I do believe that since the draft is open all = of these issues are open as well. I am not really sure what I want to = say about MD5 the current draft says it is supported so you can talk to = (and potentially read old message from) S/MIME v2 implementations. Are = we really sure that we want to shut off this option given that S/MIME v2 = was only made historical by RFC 5751 in 2010. I think we need to be = careful about how we make recommendations on MD5, but potentially doing = a verify but don=E2=80=99t send makes sense. =20 We need to have a strawman to discuss on key sizes, but this is normally = a very controversial topic. =20 For possible work much farther down the road, I would suggest that = section 3.1 and details of wrapping messages in "message/rfc822" be = clarified. =20 [JLS] What are the things you want to be able to do that is not covered? = This was heavily discussed at the time the original RFC was done and it = was not possible to get any consensus about how to make this clearer = than what it is. Indeed, there were tons of problems with deciding how = to address what fields are to be duplicated, what fields can be hidden, = how to show/highlight what happens in the event of a conflict between = the fields. Think about the situation of sending a signed message to = the spasm mailing list. In that event you get a new header added called = sender that changes how Outlook displays who the message is coming from. = (Consider a case where sender privacy is enforced by the mailing list.) = The headers which are authenticated by DKIM are no longer the same as = the ones in the message. There are lots of problems that need to be = dealt with if we are going to =E2=80=9Cclarify=E2=80=9D this language. =20 Jim =20 Thanks,=20 -Wei =20 _______________________________________________ Spasm mailing list Spasm@ietf.org =20 https://www.ietf.org/mailman/listinfo/spasm =20 ------=_NextPart_000_0AFD_01D1A31F.BA188DA0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Wei,

 

See = below.

 

From:<= /b> = Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Wei = Chuang
Sent: Friday, April 29, 2016 1:52 PM
To: = Laetitia Baudoin <lbaudoin@google.com>
Cc: = spasm@ietf.org
Subject: Re: [Spasm] Suggestions for = draft-schaad-rfc5751-bis-00.txt

 

First thanks goes to the = authors of draft-schaad-rfc5751-bis-00 for doing the = update.

 

On Fri, Apr 29, 2016 at = 12:44 PM, Laetitia Baudoin <lbaudoin@google.com> = wrote:

Hi,

Could we update the text in = section 3.4 [Creating an Authenticated
Enveloped-Only = Message]?


Currently it states:
-----

This = section describes the format for enveloping a MIME entity
  =  without signing it.  It is important to note that = sending
   authenticated enveloped but not signed messages = does not provide for
   authentication or = non-repudiation.  It is possible to replace
  =  ciphertext in such a way that the processed message will still = be
   valid, but the meaning can be = altered.

-----

Which is incorrect: alterations to the = encrypted part of the message
would be detected.
The problem is = that authenticated encryption alone does not prove
anything about the = sender.


An alternative to the last sentence could = be something like "It is
possible to change the sender without = altering the validity of the
processed = message".

 


+1   Also I'm = bothered by the second sentence as too alarming as potential uses would = presumably find a means to authenticate.

 

[JLS] See my = comments to Laetitia on = why I don=E2=80=99t think authentication is a viable option = here.

 

As this update also adds = AES-GCM, can draft-housley-cms-chacha20-poly1305-00 be considered = too?  That would help authenticated encryption algorithm = diversity.

 

[JLS]=C2=A0 = As Russ said in his mail, the actual draft is not going through this = proposed working group.=C2=A0 I would be open to having both AES-GCM and = ChaCha/Pol1305 as being listed as AEAD algorithms to be supported by the = message specification.=C2=A0 I added in AES-GCM only because I needed to = place some algorithm in the draft to motivate the reason for adding the = CMS authenticated encryption algorithm.=C2=A0 =

 

Also does this means that = updating algorithms in general will be covered in this pass?  If = so, can keysize and algorithm deprecation occur e.g. drop = md5?

 

[JLS] Sean = is unhappy, but I do believe that since the draft is open all of these = issues are open as well.=C2=A0 I am not really sure what I want to say = about MD5 the current draft says it is supported so you can talk to (and = potentially read old message from) S/MIME v2 implementations.=C2=A0 Are = we really sure that we want to shut off this option given that S/MIME v2 = was only made historical by RFC 5751 in 2010.=C2=A0 I think we need to = be careful about how we make recommendations on MD5, but potentially = doing a verify but don=E2=80=99t send makes = sense.

 

We need to = have a strawman to discuss on key sizes, but this is normally a very = controversial topic.

 

For possible work much = farther down the road, I would suggest that section 3.1 and details of = wrapping messages in "message/rfc822" be = clarified.

 

[JLS] What = are the things you want to be able to do that is not covered? =C2=A0This = was heavily discussed at the time the original RFC was done and it was = not possible to get any consensus about how to make this clearer than = what it is.=C2=A0 Indeed, there were tons of problems with deciding how = to address what fields are to be duplicated, what fields can be hidden, = how to show/highlight what happens in the event of a conflict between = the fields.=C2=A0 Think about the situation of sending a signed message = to the spasm mailing list.=C2=A0 In that event you get a new header = added called sender that changes how Outlook displays who the message is = coming from. =C2=A0(Consider a case where sender privacy is enforced by = the mailing list.) =C2=A0=C2=A0The headers which are authenticated by = DKIM are no longer the same as the ones in the message.=C2=A0 There are = lots of problems that need to be dealt with if we are going to = =E2=80=9Cclarify=E2=80=9D this language.

 

Jim

 


Thanks, 

-Wei

 


__________________________________________= _____
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org= /mailman/listinfo/spasm

 

= ------=_NextPart_000_0AFD_01D1A31F.BA188DA0--