From nobody Tue Oct 4 12:44:49 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89A3C129409 for ; Tue, 4 Oct 2016 12:44:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.9 X-Spam-Level: X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1L0UWo-t20Cq for ; Tue, 4 Oct 2016 12:44:47 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E27D129448 for ; Tue, 4 Oct 2016 12:44:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 6F8FF300A32 for ; Tue, 4 Oct 2016 15:44:46 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1kQy_2Cw58pU for ; Tue, 4 Oct 2016 15:44:45 -0400 (EDT) Received: from [192.168.2.100] (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 884F730044A for ; Tue, 4 Oct 2016 15:44:45 -0400 (EDT) From: Russ Housley Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Message-Id: <939A4C00-A981-4EB5-95C3-4800218902F8@vigilsec.com> Date: Tue, 4 Oct 2016 15:44:44 -0400 To: SPASM Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) Archived-At: Subject: [Spasm] Review of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2016 19:44:48 -0000 I just read draft-ietf-lamps-eai-addresses-00, and I have a few = comments. I encourage others to read it and post their comments too. Section 1 tells why an EAI cannot appear in a subjectAltName using the = rfc822Name choice. It should go on to say that this document specifies = a way to carry EAI in otherName so that EAI can appear in a = subjectAltName. BTW, this also allows EAI to appear in issuerAltName. Section 3, the first paragraph, should be restructured so that it is = clear that smtputf8Name can appear as subjectAltName, issuerAltName, or = anywhere else that GeneralName is used. I suggest: The GeneralName structure is defined in [RFC5280], and it supports many different names forms. GeneralName includes otherName for extensibility. This section specifies the smtputf8Name name form, so that Internationalized Email addresses can appear in the subjectAltName of a certificate, the issuerAltName of a certificate, or anywhere else that GeneralName is used. Section 3 says: smtputf8Name ::=3D UTF8String (SIZE (1..MAX)) The left hand side needs to begin with a capital letter. In Section 5, please use allowed.example.com and excluded.example.com in = Figure 1. Please add an Appendix that contains the ASN.1 module. It should = contain: The front matter for the module, including the IMPORTS for OTHER-NAME = from RFC 5912. SmtpUtf8OtherNames OTHER-NAME ::=3D { on-smtputf8Name, =85 } on-smtputf8Name OTHER-NAME ::=3D { SmtpUtf8Name IDENTIFIED BY id-on-smtputf8Name } id-on-smtputf8Name OBJECT IDENTIFIER ::=3D { id-on XXX } SmtpUtf8Name ::=3D UTF8String (SIZE (1..MAX)) END From nobody Thu Oct 6 09:05:51 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3332A12970E for ; Thu, 6 Oct 2016 09:05:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -5.696 X-Spam-Level: X-Spam-Status: No, score=-5.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhJfNHBFZ0i1 for ; Thu, 6 Oct 2016 09:05:46 -0700 (PDT) Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54F8F129710 for ; Thu, 6 Oct 2016 09:05:42 -0700 (PDT) Received: by mail-oi0-x233.google.com with SMTP id r126so26854759oib.0 for ; Thu, 06 Oct 2016 09:05:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mDvtAG0R99JZAj9j+R1xcqXB1rlZoJY4deTkvOcK9bY=; b=nUJ4GHKX15SlmIb+mLXvMRlvBoN9tQ29rrQVu0FkVpkaHsnMXgUGKn5uIw8UeKwry4 SZxpgOYDfGlzLdy8zNu1JMkN81vSTJWU+7gkTP9yxGY+QvuX900RmQoif5I7Qq1/WKxA x+u69HMHdUysfvAsmJmIUO+Lih5t83HyA//vQWZOR7z0TKp4bhbqQu4B2zvUJQWF3Ml7 ZJeGe+5wf4PKREgrlHNDaD3Ywj1E2r3T6WRnSTUXlvrZFiusrl9NI9Dl985OJcwuWEcu 1pgTU4556EDMWtEMruAzOtHfI3R3tkY1ILtbVkggK4M9+Lr2eCKe9AZ6cQk97JRarMSd 9ODA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mDvtAG0R99JZAj9j+R1xcqXB1rlZoJY4deTkvOcK9bY=; b=UGj0MYwekrPRCym+dXWQcqiGIyfjIA1sIoZFk2s/sNvmiSkR3nx/KUh2qDNe3/q6jU FAKQShpG0cp0+hPAwFX8lHC5aI3sXhaEZvOQS410Qrd3d/7ksK3mWw+vN3e7k3QQ3oas Rk4vuGDjGbOMhwhyFHI59F1BMEmKzsE/rrKsCY0va2Ft7j+Cq3VkFy4nDvozVEKHmKi6 AqaaXT/trZembcrOi17vya7rMdi4dOEgYVjOEBLcfKXTrXyPkDRN6yDcZ+42juvRJ3eB ln+BTvTErwBThs7/7N03rTn2Up/ViShZYzqC77r+Z7Z+AMq8V6mrq+yYpe/SHKywv61L jigA== X-Gm-Message-State: AA6/9Rl68ymL8v/ZZe240lzRuc0KhJrrCawY4GH/4DhmGgNaD5xvPt09IB4YRV47I2kwRXNaLj46dfm34nlR0B79 X-Received: by 10.202.199.66 with SMTP id x63mr12749888oif.25.1475769940406; Thu, 06 Oct 2016 09:05:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.43.170 with HTTP; Thu, 6 Oct 2016 09:05:39 -0700 (PDT) In-Reply-To: <939A4C00-A981-4EB5-95C3-4800218902F8@vigilsec.com> References: <939A4C00-A981-4EB5-95C3-4800218902F8@vigilsec.com> From: Wei Chuang Date: Thu, 6 Oct 2016 09:05:39 -0700 Message-ID: To: Russ Housley Content-Type: multipart/alternative; boundary=001a1134e75411f0f1053e347790 Archived-At: Cc: SPASM Subject: Re: [Spasm] Review of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Oct 2016 16:05:50 -0000 --001a1134e75411f0f1053e347790 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Russ, Thanks for the feedback. We can start a 01 draft to capture these changes. -Wei On Tue, Oct 4, 2016 at 12:44 PM, Russ Housley wrote: > I just read draft-ietf-lamps-eai-addresses-00, and I have a few > comments. I encourage others to read it and post their comments too. > > > Section 1 tells why an EAI cannot appear in a subjectAltName using the > rfc822Name choice. It should go on to say that this document specifies a > way to carry EAI in otherName so that EAI can appear in a subjectAltName. > BTW, this also allows EAI to appear in issuerAltName. > > > Section 3, the first paragraph, should be restructured so that it is clear > that smtputf8Name can appear as subjectAltName, issuerAltName, or anywhere > else that GeneralName is used. I suggest: > > The GeneralName structure is defined in [RFC5280], and it supports > many different names forms. GeneralName includes otherName for > extensibility. This section specifies the smtputf8Name name form, > so that Internationalized Email addresses can appear in the > subjectAltName of a certificate, the issuerAltName of a certificate, > or anywhere else that GeneralName is used. > > > Section 3 says: > > smtputf8Name ::= UTF8String (SIZE (1..MAX)) > > The left hand side needs to begin with a capital letter. > > > In Section 5, please use allowed.example.com and excluded.example.com in > Figure 1. > > > Please add an Appendix that contains the ASN.1 module. It should contain: > > The front matter for the module, including the IMPORTS for OTHER-NAME from > RFC 5912. > > SmtpUtf8OtherNames OTHER-NAME ::= { > on-smtputf8Name, … } > > on-smtputf8Name OTHER-NAME ::= > { SmtpUtf8Name IDENTIFIED BY id-on-smtputf8Name } > > id-on-smtputf8Name OBJECT IDENTIFIER ::= { id-on XXX } > > SmtpUtf8Name ::= UTF8String (SIZE (1..MAX)) > > END > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --001a1134e75411f0f1053e347790 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Russ,

Thanks for the feedback.  We can start a 01 draft to capture these changes.

-Wei

On Tue, Oct 4, 2016 at 12:44 PM, Russ Housley <housley@vigilsec.com> wrote:
I just read draft-ietf-lamps-eai-addresses-00, and I have a few comments.  I encourage others to read it and post their comments too.


Section 1 tells why an EAI cannot appear in a subjectAltName using the rfc822Name choice.  It should go on to say that this document specifies a way to carry EAI in otherName so that EAI can appear in a subjectAltName.  BTW, this also allows EAI to appear in issuerAltName.


Section 3, the first paragraph, should be restructured so that it is clear that smtputf8Name can appear as subjectAltName, issuerAltName, or anywhere else that GeneralName is used.  I suggest:

   The GeneralName structure is defined in [RFC5280], and it supports
   many different names forms.  GeneralName includes otherName for
   extensibility.  This section specifies the smtputf8Name name form,
   so that Internationalized Email addresses can appear in the
   subjectAltName of a certificate, the issuerAltName of a certificate,
   or anywhere else that GeneralName is used.


Section 3 says:

     smtputf8Name ::= UTF8String (SIZE (1..MAX))

The left hand side needs to begin with a capital letter.


In Section 5, please use allowed.example.com and excluded.example.com in Figure 1.


Please add an Appendix that contains the ASN.1 module.  It should contain:

The front matter for the module, including the IMPORTS for OTHER-NAME from RFC 5912.

 SmtpUtf8OtherNames OTHER-NAME ::= {
          on-smtputf8Name, … }

  on-smtputf8Name OTHER-NAME ::=
          { SmtpUtf8Name IDENTIFIED BY id-on-smtputf8Name }

   id-on-smtputf8Name OBJECT IDENTIFIER ::= { id-on XXX }

   SmtpUtf8Name ::= UTF8String (SIZE (1..MAX))

  END


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--001a1134e75411f0f1053e347790-- From nobody Fri Oct 21 16:23:40 2016 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 905431297CF; Fri, 21 Oct 2016 16:21:10 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , X-Test-IDTracker: no X-IETF-IDTracker: 6.36.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147709207058.28214.12840644437364938420.idtracker@ietfa.amsl.com> Date: Fri, 21 Oct 2016 16:21:10 -0700 Archived-At: Cc: spasm@ietf.org, stephen.farrell@cs.tcd.ie Subject: [Spasm] lamps - Requested session has been scheduled for IETF 97 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Oct 2016 23:21:10 -0000 Dear Russ Housley, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. lamps Session 1 (1:00:00) Wednesday, Morning Session II 1110-1210 Room Name: Grand Ballroom 3 size: 175 --------------------------------------------- Request Information: --------------------------------------------------------- Working Group Name: Limited Additional Mechanisms for PKIX and SMIME Area Name: Security Area Session Requester: Russ Housley Number of Sessions: 1 Length of Session(s): 1 Hour Number of Attendees: 50 Conflicts to Avoid: First Priority: its sidrops openpgp acme rtcweb tls stir sipbrandy sidr saag perc jose ianaplan dane cose curdle radext Second Priority: ntp cfrg dprive ecrit oauth quic sacm mile modern Third Priority: mtgvenue Special Requests: --------------------------------------------------------- From nobody Wed Oct 26 22:02:09 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BDF129432 for ; Wed, 26 Oct 2016 22:02:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XWT3Tjoj0h_R for ; Wed, 26 Oct 2016 22:02:06 -0700 (PDT) Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E99E129A4F for ; Wed, 26 Oct 2016 22:02:06 -0700 (PDT) Received: by mail-qk0-x22b.google.com with SMTP id x11so30306827qka.1 for ; Wed, 26 Oct 2016 22:02:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=JrAhjDeBPboPouLj4MgfMoXO4w+DsQlG4KJ0tQyKoC4=; b=cL/h4OyFBFVXVCkUAMmV39gB/SUXJmtbIlZL4B55lvPyyEoO5atHS+UhfCNE+kNCJ6 T4lWb0mfDCsYvpWDQZBG8HCJqYXn7wWznW8Ig6aqz/OoZzOqEsgqxLXTiAPdBIxTGCP8 3kIyRg7FK54u0RTsKB/lMizFYvCsZQTDB4kQM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=JrAhjDeBPboPouLj4MgfMoXO4w+DsQlG4KJ0tQyKoC4=; b=m6jCt/V4tQL9nSqQfJnIOQY3Ao8floy+5TtIfxiKez9guPBBPr5MebvqTmJX6pzwVe vV/92MLvZryW3gXfoqhJLaW+PVYHKYYYxBOv1QoAvKUVVj+8Fa8SA8EdpdLcwMXrple/ n366jF+S1R9mqhFAskGLFxeRRPvsScqQ765SsRwS6wMCJGQARQa2csnTwkYz3VXqua1V gCtx9SYd3IsWiK2j8qTMqqx7Uar3Sc6+YHXCoIMo1rrMURQTXLiTdXXYQqsa2APHlUuE GZW+veuSUrPcDyQ4EMmsniBO+dIGs82CpiLRbeCv8dG6gcOnSzfMBfrx4saBiKfG716V 711w== X-Gm-Message-State: ABUngvdkuCP8dYw/oiYX9M+1IYFjooPpHV4c4tI5bhm0fN9SzOpnC51oWoln2Ey/8Ct09g== X-Received: by 10.55.200.152 with SMTP id t24mr5087536qkl.205.1477544525421; Wed, 26 Oct 2016 22:02:05 -0700 (PDT) Received: from [172.16.0.112] ([96.231.230.70]) by smtp.gmail.com with ESMTPSA id x35sm2774766qte.40.2016.10.26.22.02.04 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 26 Oct 2016 22:02:04 -0700 (PDT) From: Sean Turner Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-Id: Date: Thu, 27 Oct 2016 01:02:03 -0400 To: SPASM Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) X-Mailer: Apple Mail (2.3124) Archived-At: Subject: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 05:02:08 -0000 These are pretty nitty: 0) I gotta ask whether this document should include an =E2=80=9CUpdates: = 5280 (once approved)=E2=80=9D header? 1) I guess s2 should be updated to also refer to ASN.1 for the formal = syntax used in s3 as well as the ASN.1 module (as suggested by Russ); = also requires adding a normative reference to ASN.1? 2) I=E2=80=99m not sure about this one, but do you need to say anything = about wildcards? The last para in s4.2.1.6 before the ASN.1 in 5280 = says it=E2=80=99s up to the application, but maybe that=E2=80=99s = already covered somewhere else?=20 3) s7: (I suspect after Russ=E2=80=99 comment you knew this) if you put = in an ASN.1 module you=E2=80=99ll also need to register an OID for the = module and the extension. Something along these lines ought to work for = that section: This document makes use of object identifiers for the other name defined in Section 2 and the ASN.1 module identifier defined in Section [insert location]. IANA is kindly requested to make the following assignments for: o The [insert name of module] ASN.1 module in the SMI Security for PKIX Module Identifier registry: http://www.iana.org/assignments/smi-numbers/smi- numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 o The smtputf8Name other name in the PKIX Other Name Forms registry: http://www.iana.org/assignments/smi-numbers/ smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8 4) Is it worth pointing out that this OTHER-NAME is *not* applicable to = IssuerAltName? The draft is very clear it=E2=80=99s just talking about = SubjectAltName but it=E2=80=99s the same syntax and sometimes smart = implementers do weird things. (definitely willing to not have this = incorporated, but I thought I should at least bring it up) spt= From nobody Thu Oct 27 10:58:18 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72B501295C4 for ; Thu, 27 Oct 2016 10:58:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MPi3fy2zAXgC for ; Thu, 27 Oct 2016 10:58:14 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFC7B1294A8 for ; Thu, 27 Oct 2016 10:58:13 -0700 (PDT) Received: from hebrews (50.45.239.150) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 27 Oct 2016 11:14:16 -0700 From: Jim Schaad To: 'Sean Turner' , 'SPASM' References: In-Reply-To: Date: Thu, 27 Oct 2016 10:58:03 -0700 Message-ID: <00c301d2307b$ab42fb50$01c8f1f0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQHUdirwhVmjSGkXVg97FRG7Fgn8PaC4Cq9Q Content-Language: en-us X-Originating-IP: [50.45.239.150] Archived-At: Subject: Re: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 17:58:16 -0000 > -----Original Message----- > From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Sean Turner > Sent: Wednesday, October 26, 2016 10:02 PM > To: SPASM > Subject: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 >=20 > These are pretty nitty: >=20 > 0) I gotta ask whether this document should include an = =E2=80=9CUpdates: 5280 (once > approved)=E2=80=9D header? Personal opinion - no >=20 > 1) I guess s2 should be updated to also refer to ASN.1 for the formal = syntax used > in s3 as well as the ASN.1 module (as suggested by Russ); also = requires adding a > normative reference to ASN.1? >=20 > 2) I=E2=80=99m not sure about this one, but do you need to say = anything about wildcards? > The last para in s4.2.1.6 before the ASN.1 in 5280 says it=E2=80=99s = up to the application, > but maybe that=E2=80=99s already covered somewhere else? >=20 > 3) s7: (I suspect after Russ=E2=80=99 comment you knew this) if you = put in an ASN.1 > module you=E2=80=99ll also need to register an OID for the module and = the extension. > Something along these lines ought to work for that section: >=20 > This document makes use of object identifiers for the > other name defined in Section 2 and the ASN.1 module > identifier defined in Section [insert location]. IANA is kindly > requested to make the following assignments for: >=20 > o The [insert name of module] ASN.1 module in the SMI > Security for PKIX Module Identifier registry: > http://www.iana.org/assignments/smi-numbers/smi- > numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 >=20 > o The smtputf8Name other name in the PKIX Other > Name Forms registry: > http://www.iana.org/assignments/smi-numbers/ > smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8 >=20 > 4) Is it worth pointing out that this OTHER-NAME is *not* applicable = to > IssuerAltName? The draft is very clear it=E2=80=99s just talking = about SubjectAltName but > it=E2=80=99s the same syntax and sometimes smart implementers do weird = things. > (definitely willing to not have this incorporated, but I thought I = should at least > bring it up) I would disagree, while I can't think of a good reason for putting in an = IssuerAltName, there is no reason why it cannot be put there. Jim >=20 > spt > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Thu Oct 27 14:11:00 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EEF31296B1 for ; Thu, 27 Oct 2016 14:11:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vKyjHxYWX_UG for ; Thu, 27 Oct 2016 14:10:58 -0700 (PDT) Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CBD11294B7 for ; Thu, 27 Oct 2016 14:10:58 -0700 (PDT) Received: by mail-qk0-x22a.google.com with SMTP id z190so63149427qkc.2 for ; Thu, 27 Oct 2016 14:10:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kgayBOQ9QjW75EGTZmK02ijZpOTc8Qlm8IQL+Ml+x5A=; b=dafxbynqMw9CIr2MWOfE/t7CCxVY3+/pGvnRpYdmHUO7KeeuKf/ODSCboZCg0F6OYG mrTFoI4tayjQN6ZSiYWIzJ9vt8QVos6cAzZn1H+11QnyGyQYx7HyWShFtzwOTHMGutMk SybAQu/tQF1scvDxB5yht20HLQAZI4PMspBe0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kgayBOQ9QjW75EGTZmK02ijZpOTc8Qlm8IQL+Ml+x5A=; b=e8f8lPS/Ut7Q27WH5p3rMWHxg0lK+leAuN9HjUs00ulWCV/xV5wvVnkn3QU+WQ0nYr cv4hndkLbLm6d7Yk+Y84bE1RzzjP3gnBiEfFu7wFabKz3y6VjrZPsTPvCVAxVVW/D48V OnI5JavLeYfcal58a0fPxhPHahWFwIEmpXyfLOcRCOnZGYdP1CVjW/mzz0nO24znJbjU XDO1KEyTPcEaujbH7pcSKjVvlgN+Kr+8mYwDHWPT+kTkaQzPBNgjgYDPvwLieatlV1vd L8KW3vTLTfC/f9NIUwj+ieOgRvCuW3wbAj7IKIp5/R/+mLzt4LgSU+KxINZmuojnjRTp 05eg== X-Gm-Message-State: ABUngvfxa9oQNyrDt9DKFCfu4Zd3+P+ePBFclxrxmMrAx/YCXtSRYsAyE3qpNcKih1mLxA== X-Received: by 10.55.5.134 with SMTP id 128mr8310699qkf.261.1477602657540; Thu, 27 Oct 2016 14:10:57 -0700 (PDT) Received: from [172.16.0.112] ([96.231.230.70]) by smtp.gmail.com with ESMTPSA id c38sm4586810qte.17.2016.10.27.14.10.56 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 27 Oct 2016 14:10:56 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Sean Turner In-Reply-To: <00c301d2307b$ab42fb50$01c8f1f0$@augustcellars.com> Date: Thu, 27 Oct 2016 17:10:54 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <595A5A73-FB0E-462A-B0D9-DADE9FF18DBC@sn3rd.com> References: <00c301d2307b$ab42fb50$01c8f1f0$@augustcellars.com> To: Jim Schaad X-Mailer: Apple Mail (2.3124) Archived-At: Cc: SPASM Subject: Re: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2016 21:11:00 -0000 On Oct 27, 2016, at 13:58, Jim Schaad wrote: >=20 >=20 >=20 >> -----Original Message----- >> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Sean Turner >> Sent: Wednesday, October 26, 2016 10:02 PM >> To: SPASM >> Subject: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 >>=20 >> These are pretty nitty: >>=20 >> 0) I gotta ask whether this document should include an =E2=80=9CUpdates= : 5280 (once >> approved)=E2=80=9D header? >=20 > Personal opinion - no I could go either way, which probably means NOT doing it is the right = thing. >> 1) I guess s2 should be updated to also refer to ASN.1 for the formal = syntax used >> in s3 as well as the ASN.1 module (as suggested by Russ); also = requires adding a >> normative reference to ASN.1? >>=20 >> 2) I=E2=80=99m not sure about this one, but do you need to say = anything about wildcards? >> The last para in s4.2.1.6 before the ASN.1 in 5280 says it=E2=80=99s = up to the application, >> but maybe that=E2=80=99s already covered somewhere else? >>=20 >> 3) s7: (I suspect after Russ=E2=80=99 comment you knew this) if you = put in an ASN.1 >> module you=E2=80=99ll also need to register an OID for the module and = the extension. >> Something along these lines ought to work for that section: >>=20 >> This document makes use of object identifiers for the >> other name defined in Section 2 and the ASN.1 module >> identifier defined in Section [insert location]. IANA is kindly >> requested to make the following assignments for: >>=20 >> o The [insert name of module] ASN.1 module in the SMI >> Security for PKIX Module Identifier registry: >> http://www.iana.org/assignments/smi-numbers/smi- >> numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 >>=20 >> o The smtputf8Name other name in the PKIX Other >> Name Forms registry: >> http://www.iana.org/assignments/smi-numbers/ >> smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8 >>=20 >> 4) Is it worth pointing out that this OTHER-NAME is *not* applicable = to >> IssuerAltName? The draft is very clear it=E2=80=99s just talking = about SubjectAltName but >> it=E2=80=99s the same syntax and sometimes smart implementers do = weird things. >> (definitely willing to not have this incorporated, but I thought I = should at least >> bring it up) >=20 > I would disagree, while I can't think of a good reason for putting in = an IssuerAltName, there is no reason why it cannot be put there. Likewise here, I could see going either way. If we did preclude it and = later somebody came up with a reason to use it you=E2=80=99d we=E2=80=99d = have to update to unpreclude it. That sounds painful so maybe saying = nothing is the right thing here. spt > Jim >=20 >>=20 >> spt >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 From nobody Thu Oct 27 17:14:06 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75BE61295F8 for ; Thu, 27 Oct 2016 17:14:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.131 X-Spam-Level: X-Spam-Status: No, score=-3.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tcxlvjwDMvXU for ; Thu, 27 Oct 2016 17:14:03 -0700 (PDT) Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DA771295B3 for ; Thu, 27 Oct 2016 17:14:03 -0700 (PDT) Received: by mail-oi0-x230.google.com with SMTP id p136so32611220oic.1 for ; Thu, 27 Oct 2016 17:14:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tHqEkAzp8nQyBik1TQ+pGJebljc5QBWHtqrptsQwfy8=; b=TlUMVq9N1Yn5BK/40tims4xHZ5p8ASZ96pqPB6GpGOYn7hyQ4ayNqqBKhenoyViXqh T4sq7peEozoPwaT0a4PcFSRtOs1/8a4kOFFAXamdKctL2VrLkSmnvScrRjsvTZPKSbpV LdfNBAZBYkNklzocDxnxg10EQ8Kk59phqocqBnvjUtiGIZxqfPHCH8gE0dHHePaxFyRD UxoxCX1WJKmiF/kB2pxVzJAKafgA/BSRXh5LAw8HQYJVzzGet37aXMXSzxUppOYaHxm4 6ApAvjysDVR1vv3C4BPW819BFjxuZXYmD6JjIwe9NE/o1iUdGAhm+8f9Q/yQWDwKcCMA KeGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tHqEkAzp8nQyBik1TQ+pGJebljc5QBWHtqrptsQwfy8=; b=K/jz9TlYruip7zaWviPexM0k5LiGQRwxePJFwORdBSQzBfvUyTWYmDrHYIK2MBT77Y Tz+jibNr/ERiILUAe3uJg2M8QnW0/03LnTJwzTfi97QUmIT3iXDKnJcTow8tiNiVyqO9 o7P4VhQ3UXiqNdT/hRPVgcOqeRCgzcBlcrA9Hph5THwUCXnwYyaBaxHKXK+3wcO2Jv/V UN4brrzSKyRvJzNUDzLu8QfoorWoXhI8dTZJ+sGkXL1RtmQnSdM7xnfF7hYds0ucDYqa oo9UOUSnuLED1aF/G7f+nnR0rKrzZ8pcsRbc9eow3Ip4CVA17ga6Vku4VbqbejG6hE/L YEwA== X-Gm-Message-State: ABUngvftvcb3Tq1AkldPDSe77Vh4HFV+TU8oHmX448ouEH6xf7mcPtsQ9Wpypo7/k+p5GWUub4HJ4lgjYw5tFrnU X-Received: by 10.157.34.18 with SMTP id o18mr8044922ota.112.1477613642439; Thu, 27 Oct 2016 17:14:02 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.14.226 with HTTP; Thu, 27 Oct 2016 17:14:01 -0700 (PDT) In-Reply-To: <595A5A73-FB0E-462A-B0D9-DADE9FF18DBC@sn3rd.com> References: <00c301d2307b$ab42fb50$01c8f1f0$@augustcellars.com> <595A5A73-FB0E-462A-B0D9-DADE9FF18DBC@sn3rd.com> From: Wei Chuang Date: Thu, 27 Oct 2016 17:14:01 -0700 Message-ID: To: Sean Turner Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a113ad0cc4a4d32053fe1bc6d" Archived-At: Cc: SPASM , Jim Schaad Subject: Re: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 00:14:05 -0000 --001a113ad0cc4a4d32053fe1bc6d Content-Type: multipart/alternative; boundary=001a113ad0cc46457c053fe1bc81 --001a113ad0cc46457c053fe1bc81 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Thu, Oct 27, 2016 at 2:10 PM, Sean Turner wrote: > On Oct 27, 2016, at 13:58, Jim Schaad wrote: > > > > > > > >> -----Original Message----- > >> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Sean Turner > >> Sent: Wednesday, October 26, 2016 10:02 PM > >> To: SPASM > >> Subject: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 > >> > >> These are pretty nitty: > >> > >> 0) I gotta ask whether this document should include an “Updates: 5280 > (once > >> approved)” header? > > > > Personal opinion - no > > I could go either way, which probably means NOT doing it is the right > thing. > > >> 1) I guess s2 should be updated to also refer to ASN.1 for the formal > syntax used > >> in s3 as well as the ASN.1 module (as suggested by Russ); also requires > adding a > >> normative reference to ASN.1? > >> > >> 2) I’m not sure about this one, but do you need to say anything about > wildcards? > >> The last para in s4.2.1.6 before the ASN.1 in 5280 says it’s up to the > application, > >> but maybe that’s already covered somewhere else? > I think we would prefer not to allow wildcard in this specification. Multiple subjectAltName can used instead, and explicit naming is preferable. Also wildcards also adds complexity to the matching rules. > >> > >> 3) s7: (I suspect after Russ’ comment you knew this) if you put in an > ASN.1 > >> module you’ll also need to register an OID for the module and the > extension. > >> Something along these lines ought to work for that section: > >> > >> This document makes use of object identifiers for the > >> other name defined in Section 2 and the ASN.1 module > >> identifier defined in Section [insert location]. IANA is kindly > >> requested to make the following assignments for: > >> > >> o The [insert name of module] ASN.1 module in the SMI > >> Security for PKIX Module Identifier registry: > >> http://www.iana.org/assignments/smi-numbers/smi- > >> numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 > >> > >> o The smtputf8Name other name in the PKIX Other > >> Name Forms registry: > >> http://www.iana.org/assignments/smi-numbers/ > >> smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8 > >> > >> 4) Is it worth pointing out that this OTHER-NAME is *not* applicable to > >> IssuerAltName? The draft is very clear it’s just talking about > SubjectAltName but > >> it’s the same syntax and sometimes smart implementers do weird things. > >> (definitely willing to not have this incorporated, but I thought I > should at least > >> bring it up) > > > > I would disagree, while I can't think of a good reason for putting in an > IssuerAltName, there is no reason why it cannot be put there. > > Likewise here, I could see going either way. If we did preclude it and > later somebody came up with a reason to use it you’d we’d have to update to > unpreclude it. That sounds painful so maybe saying nothing is the right > thing here. > Indeed that was the notion for not saying something explicitly since it wasn't clear there was a use for smptutf8Name in IssuerAltName. Could go either way or keep it as is. Is there a strong preference for it? -Wei > > spt > > > Jim > > > >> > >> spt > >> _______________________________________________ > >> Spasm mailing list > >> Spasm@ietf.org > >> https://www.ietf.org/mailman/listinfo/spasm > > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --001a113ad0cc46457c053fe1bc81 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
On Thu, Oct 27, 2016 at 2:10 PM, Sean Turner <sean@sn3rd.com> wrote:
On Oct 27, 2016, at 13:58, Jim Schaad <ietf@augustcellars.com> wrote:
>
>
>
>> -----Original Message-----
>> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Sean Turner
>> Sent: Wednesday, October 26, 2016 10:02 PM
>> To: SPASM <spasm@ietf.org>
>> Subject: [Spasm] review of of draft-ietf-lamps-eai-addresses-00
>>
>> These are pretty nitty:
>>
>> 0) I gotta ask whether this document should include an “Updates: 5280 (once
>> approved)” header?
>
> Personal opinion - no

I could go either way, which probably means NOT doing it is the right thing.

>> 1) I guess s2 should be updated to also refer to ASN.1 for the formal syntax used
>> in s3 as well as the ASN.1 module (as suggested by Russ); also requires adding a
>> normative reference to ASN.1?
>>
>> 2) I’m not sure about this one, but do you need to say anything about wildcards?
>> The last para in s4.2.1.6 before the ASN.1 in 5280 says it’s up to the application,
>> but maybe that’s already covered somewhere else?

I think we would prefer not to allow wildcard in this specification.  Multiple subjectAltName can used instead, and explicit naming is preferable.  Also wildcards also adds complexity to the matching rules.
 
>>
>> 3) s7: (I suspect after Russ’ comment you knew this) if you put in an ASN.1
>> module you’ll also need to register an OID for the module and the extension.
>> Something along these lines ought to work for that section:
>>
>>   This document makes use of object identifiers for the
>>   other name defined in Section 2 and the ASN.1 module
>>   identifier defined in Section [insert location]. IANA is kindly
>>   requested to make the following assignments for:
>>
>>  o  The [insert name of module] ASN.1 module in the SMI
>>      Security for PKIX Module Identifier registry:
>>      http://www.iana.org/assignments/smi-numbers/smi-
>>      numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0
>>
>>  o  The smtputf8Name other name in the PKIX Other
>>      Name Forms registry:
>>      http://www.iana.org/assignments/smi-numbers/
>>      smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8
>>
>> 4) Is it worth pointing out that this OTHER-NAME is *not* applicable to
>> IssuerAltName?  The draft is very clear it’s just talking about SubjectAltName but
>> it’s the same syntax and sometimes smart implementers do weird things.
>> (definitely willing to not have this incorporated, but I thought I should at least
>> bring it up)
>
> I would disagree, while I can't think of a good reason for putting in an IssuerAltName, there is no reason why it cannot be put there.

Likewise here, I could see going either way.  If we did preclude it and later somebody came up with a reason to use it you’d we’d have to update to unpreclude it.  That sounds painful so maybe saying nothing is the right thing here.

Indeed that was the notion for not saying something explicitly since it wasn't clear there was a use for smptutf8Name in IssuerAltName.  Could go either way or keep it as is.  Is there a strong preference for it?

-Wei
 

spt

> Jim
>
>>
>> spt
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org
>> https://www.ietf.org/mailman/listinfo/spasm
>

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--001a113ad0cc46457c053fe1bc81-- --001a113ad0cc4a4d32053fe1bc6d Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIS5wYJKoZIhvcNAQcCoIIS2DCCEtQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghBNMIIEXDCCA0SgAwIBAgIOSBtqDm4P/739RPqw/wcwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UE BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVy c29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hBMjU2IC0gRzIwHhcNMTYwNjE1MDAwMDAwWhcNMjEw NjE1MDAwMDAwWjBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEiMCAG A1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALR23lKtjlZW/17kthzYcMHHKFgywfc4vLIjfq42NmMWbXkNUabIgS8KX4PnIFsTlD6F GO2fqnsTygvYPFBSMX4OCFtJXoikP2CQlEvO7WooyE94tqmqD+w0YtyP2IB5j4KvOIeNv1Gbnnes BIUWLFxs1ERvYDhmk+OrvW7Vd8ZfpRJj71Rb+QQsUpkyTySaqALXnyztTDp1L5d1bABJN/bJbEU3 Hf5FLrANmognIu+Npty6GrA6p3yKELzTsilOFmYNWg7L838NS2JbFOndl+ce89gM36CW7vyhszi6 6LqqzJL8MsmkP53GGhf11YMP9EkmawYouMDP/PwQYhIiUO0CAwEAAaOCASIwggEeMA4GA1UdDwEB /wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIB ADAdBgNVHQ4EFgQUyzgSsMeZwHiSjLMhleb0JmLA4D8wHwYDVR0jBBgwFoAUJiSSix/TRK+xsBtt r+500ox4AAMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n c3BlcnNvbmFsc2lnbnB0bnJzc2hhMmcyLmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG 9w0BAQsFAAOCAQEACskdySGYIOi63wgeTmljjA5BHHN9uLuAMHotXgbYeGVrz7+DkFNgWRQ/dNse Qa4e+FeHWq2fu73SamhAQyLigNKZF7ZzHPUkSpSTjQqVzbyDaFHtRBAwuACuymaOWOWPePZXOH9x t4HPwRQuur57RKiEm1F6/YJVQ5UTkzAyPoeND/y1GzXS4kjhVuoOQX3GfXDZdwoN8jMYBZTO0H5h isymlIl6aot0E5KIKqosW6mhupdkS1ZZPp4WXR4frybSkLejjmkTYCTUmh9DuvKEQ1Ge7siwsWgA NS1Ln+uvIuObpbNaeAyMZY0U5R/OyIDaq+m9KXPYvrCZ0TCLbcKuRzCCBB4wggMGoAMCAQICCwQA AAAAATGJxkCyMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAt IFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTExMDgwMjEw MDAwMFoXDTI5MDMyOTEwMDAwMFowZDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24g bnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hB MjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hRKosYAGP+P7mIdq5NB Kr3J0tg+8lPATlgp+F6W9CeIvnXRGUvdniO+BQnKxnX6RsC3AnE0hUUKRaM9/RDDWldYw35K+sge C8fWXvIbcYLXxWkXz+Hbxh0GXG61Evqux6i2sKeKvMr4s9BaN09cqJ/wF6KuP9jSyWcyY+IgL6u2 52my5UzYhnbf7D7IcC372bfhwM92n6r5hJx3r++rQEMHXlp/G9J3fftgsD1bzS7J/uHMFpr4MXua eoiMLV5gdmo0sQg23j4pihyFlAkkHHn4usPJ3EePw7ewQT6BUTFyvmEB+KDoi7T4RCAZDstgfpzD rR/TNwrK8/FXoqnFAgMBAAGjgegwgeUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C AQEwHQYDVR0OBBYEFCYkkosf00SvsbAbba/udNKMeAADMEcGA1UdIARAMD4wPAYEVR0gADA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMB8GA1UdIwQY MBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQACAFVjHihZCV/IqJYt 7Nig/xek+9g0dmv1oQNGYI1WWeqHcMAV1h7cheKNr4EOANNvJWtAkoQz+076Sqnq0Puxwymj0/+e oQJ8GRODG9pxlSn3kysh7f+kotX7pYX5moUa0xq3TCjjYsF3G17E27qvn8SJwDsgEImnhXVT5vb7 qBYKadFizPzKPmwsJQDPKX58XmPxMcZ1tG77xCQEXrtABhYC3NBhu8+c5UoinLpBQC1iBnNpNwXT Lmd4nQdf9HCijG1e8myt78VP+QSwsaDT7LVcLT2oDPVggjhVcwljw3ePDwfGP9kNrR+lc8XrfClk WbrdhC2o4Ui28dtIVHd3MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAw TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24x EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEG A1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X 17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hp sk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7 DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBL QNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV 3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyr VQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E 7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fMIIEZDCCA0ygAwIBAgIMZN1N4N3KNCF5ZBTQMA0G CSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw IAYDVQQDExlHbG9iYWxTaWduIEhWIFMvTUlNRSBDQSAxMB4XDTE2MTAyNjE4NDI0NVoXDTE3MDQy NDE4NDI0NVowIjEgMB4GCSqGSIb3DQEJAQwRd2VpaGF3QGdvb2dsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDiNpZ5E2IqcxktrcD1X5jWksphe1Ur882fsZM99Y4hiVugSVOb zIZIxoh3ckmGpUFyK1un6AU9Rxq9GSSkRskGAaSGrGcy7ncPi7Z1NlOJN25oXFmzituZsZeYIs0S QqT9hlDpLGc95r1CpsuTlaIB8m9Uvi+H6sGecVb2TOuGbRViQIWWf5GWk2AlJYhBFyJv7regqVa8 v3fx6SLkn/hIzBQf7xpVJzG6kAa09ZE0LoPdp5YV+Hv38EqDOWjm+g6Qbh1NADhdGpbmQDp9kdlm 6WZjCMwryQukdCypLKI2BPa08F18LZktaQNlJ2s7VxDJj2ozxomeBpSK6rxSxLAjAgMBAAGjggFu MIIBajAcBgNVHREEFTATgRF3ZWloYXdAZ29vZ2xlLmNvbTBQBggrBgEFBQcBAQREMEIwQAYIKwYB BQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzaHZzbWltZWNhMS5j cnQwHQYDVR0OBBYEFIMwgx+nNfYP3NyOZfiHYydFyNdQMB8GA1UdIwQYMBaAFMs4ErDHmcB4koyz IZXm9CZiwOA/MEwGA1UdIARFMEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9j cmwuZ2xvYmFsc2lnbi5jb20vZ3NodnNtaW1lY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAO0J2vGX8ye90RegS3 HS+OE2hGEdDYJlR+S9ZSpla5AC9eejUKUc9JZR3y0ocGeQ3FQyXjM5/azBblqz/ajAbj2Fxuge45 SdRXrItDhAGWtQNl3utu2Uhf4y3re4ZRjApnhEBBX1l0E2BJuHf8MmqMhVU70Ko6Lk3lyPxnBeWo Q3tG2He3CNCkq/SDImq9vf8CNoxKxEkCP+kI+/NaCh5peLygU1h7Dc0ryWAcrxRWn8GUeEOg28MI vpwttw54cNR4YJYJVuiXCNc6PqkT/JxCiMvHS1woXJuET6QZSPtpNtvhNu90sV68Q7b2m6Vp8QTn xbzoEIHhiQWIcfphXjbeMYICXjCCAloCAQEwXDBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEiMCAGA1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMQIMZN1N4N3K NCF5ZBTQMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCBHbZPz+hWfptLB1Nt48s/v vWqQdcNyhYC4adVPCciRHTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjEwMjgwMDE0MDJaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB FjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzALBglg hkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAjJcKxrTu+eEJgfln6WH5s/ItrvmSk7gm3K9Y09vv rrBJbTGocF1r96LpFZX92wK68IkBOTyXXOaoUQSheU4FGICFxGeehZenj3X/Q8YswPXszRSLvoph mbzbqTr3CDKm3lxMFB2JB9k0YG5FfK+daYIN5ooomfI9PalfJtWAVhMO1BOu7/vi8tQ95mgtsRr7 +/MTYiqZwSFGyNloSRWZ7O6tTXd0mBVTiYYUlvbE/5S6lsvYEAmAdx4HKQRXCTZPbfrCUe+VeId2 JTZ1dkOyBWKQ9chy0CapwnhN7tuf9YHZJZvncUW+Y65Knyo1VXuuAXVXyJnCQHuKaXi9Db5QJw== --001a113ad0cc4a4d32053fe1bc6d-- From nobody Thu Oct 27 17:15:52 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 999D612962C for ; Thu, 27 Oct 2016 17:15:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.131 X-Spam-Level: X-Spam-Status: No, score=-3.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkYnQ9w5cu08 for ; Thu, 27 Oct 2016 17:15:49 -0700 (PDT) Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C990612943C for ; Thu, 27 Oct 2016 17:15:48 -0700 (PDT) Received: by mail-oi0-x230.google.com with SMTP id p136so32702068oic.1 for ; Thu, 27 Oct 2016 17:15:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=V/eTO1lvH/8AFpFZ3Totvv21ziz7B+E2TzPyFU9iZwQ=; b=n8mnIBr2PreCaiukmAJSP6LlmVFx8BOLm+ZuL0cSuTOjq/Ul1czHmIrAUpJLbpfyt4 38xXoBkTHAGi+fyStv6KegazcoRnLEp7LvPMK0DPo05AAtwskipKOJWsMPRQ+wSKLDCo dwfgnE7s+yZX7cAEnBpeviKa7iChEGLrysZWyWlREUQAN3ft2WKcxXch3EdP+InWWugI OMt9UfdJRuhCNQi729jow6XcM671AR3OQV5cmQHuSbEUPzPlKF9gZMnE6ehTILe7EWPo NWHIYdPNlxIYwPGIjCEK9S5G+rNF/Z5FNr9t5bXIuPbRnjLkKspWg73FOSfo8UJ22Iry y9Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=V/eTO1lvH/8AFpFZ3Totvv21ziz7B+E2TzPyFU9iZwQ=; b=kBzIglAUHVKoDmUrnljI9fiXo9EYYmBZ+3aLBbSppLYJs8hT6pVL5Hrvo2yTyddOEu t/dbU5AvuKTxt3vtcLrb9Z5YI1Lc1fUNbFriD24EYwc1UBdz/ta9r9MY8+ER02yB+siF VI/1Zr8BkpdLXkjfjVXycxaPfEL8q1BIPAJBnndyFES0qTlFMcdcnGv0PvjQ86fO8+l7 GhfV8zrmCLH9MEWlMdbSOTlZpKKOTitpDECNtAaVV0Yd80IoiQ26i2ZGmpSAT2Sx2ofr z76KmuiH9e9FyFbK375RO/AELi3PPGYfMLZfMhydip3QsztnrzFTaqm9STpDtRClKYGE Yb/g== X-Gm-Message-State: ABUngvd6SA5RUp08W5G/N3Dy8mxy4Z5MA/+6bPX6oeM0Su6eqIKGai1wOcdgrvugKHSsLLYxjSDyfWrcxq/9nCx5 X-Received: by 10.202.241.136 with SMTP id p130mr10861551oih.186.1477613748075; Thu, 27 Oct 2016 17:15:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.14.226 with HTTP; Thu, 27 Oct 2016 17:15:47 -0700 (PDT) In-Reply-To: <939A4C00-A981-4EB5-95C3-4800218902F8@vigilsec.com> References: <939A4C00-A981-4EB5-95C3-4800218902F8@vigilsec.com> From: Wei Chuang Date: Thu, 27 Oct 2016 17:15:47 -0700 Message-ID: To: Russ Housley Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="94eb2c094156963d5a053fe1c28c" Archived-At: Cc: SPASM Subject: Re: [Spasm] Review of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 00:15:50 -0000 --94eb2c094156963d5a053fe1c28c Content-Type: multipart/alternative; boundary=94eb2c0941569238ba053fe1c2ad --94eb2c0941569238ba053fe1c2ad Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Russ: On Tue, Oct 4, 2016 at 12:44 PM, Russ Housley wrote: > I just read draft-ietf-lamps-eai-addresses-00, and I have a few > comments. I encourage others to read it and post their comments too. > > > Section 1 tells why an EAI cannot appear in a subjectAltName using the > rfc822Name choice. It should go on to say that this document specifies a > way to carry EAI in otherName so that EAI can appear in a subjectAltName. > BTW, this also allows EAI to appear in issuerAltName. > Just double checking- Are you strongly in favor of EAI in issuerAltName? -Wei > > > Section 3, the first paragraph, should be restructured so that it is clear > that smtputf8Name can appear as subjectAltName, issuerAltName, or anywhere > else that GeneralName is used. I suggest: > > The GeneralName structure is defined in [RFC5280], and it supports > many different names forms. GeneralName includes otherName for > extensibility. This section specifies the smtputf8Name name form, > so that Internationalized Email addresses can appear in the > subjectAltName of a certificate, the issuerAltName of a certificate, > or anywhere else that GeneralName is used. > > > Section 3 says: > > smtputf8Name ::= UTF8String (SIZE (1..MAX)) > > The left hand side needs to begin with a capital letter. > > > In Section 5, please use allowed.example.com and excluded.example.com in > Figure 1. > > > Please add an Appendix that contains the ASN.1 module. It should contain: > > The front matter for the module, including the IMPORTS for OTHER-NAME from > RFC 5912. > > SmtpUtf8OtherNames OTHER-NAME ::= { > on-smtputf8Name, … } > > on-smtputf8Name OTHER-NAME ::= > { SmtpUtf8Name IDENTIFIED BY id-on-smtputf8Name } > > id-on-smtputf8Name OBJECT IDENTIFIER ::= { id-on XXX } > > SmtpUtf8Name ::= UTF8String (SIZE (1..MAX)) > > END > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --94eb2c0941569238ba053fe1c2ad Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Russ:

On Tue, Oct 4, 2016 at 12:44 PM, Russ Housley <housley@vigilsec.com> wrote:
I just read draft-ietf-lamps-eai-addresses-00, and I have a few comments.  I encourage others to read it and post their comments too.


Section 1 tells why an EAI cannot appear in a subjectAltName using the rfc822Name choice.  It should go on to say that this document specifies a way to carry EAI in otherName so that EAI can appear in a subjectAltName.  BTW, this also allows EAI to appear in issuerAltName.

Just double checking- Are you strongly in favor of EAI in issuerAltName?

-Wei
 


Section 3, the first paragraph, should be restructured so that it is clear that smtputf8Name can appear as subjectAltName, issuerAltName, or anywhere else that GeneralName is used.  I suggest:

   The GeneralName structure is defined in [RFC5280], and it supports
   many different names forms.  GeneralName includes otherName for
   extensibility.  This section specifies the smtputf8Name name form,
   so that Internationalized Email addresses can appear in the
   subjectAltName of a certificate, the issuerAltName of a certificate,
   or anywhere else that GeneralName is used.


Section 3 says:

     smtputf8Name ::= UTF8String (SIZE (1..MAX))

The left hand side needs to begin with a capital letter.


In Section 5, please use allowed.example.com and excluded.example.com in Figure 1.


Please add an Appendix that contains the ASN.1 module.  It should contain:

The front matter for the module, including the IMPORTS for OTHER-NAME from RFC 5912.

 SmtpUtf8OtherNames OTHER-NAME ::= {
          on-smtputf8Name, … }

  on-smtputf8Name OTHER-NAME ::=
          { SmtpUtf8Name IDENTIFIED BY id-on-smtputf8Name }

   id-on-smtputf8Name OBJECT IDENTIFIER ::= { id-on XXX }

   SmtpUtf8Name ::= UTF8String (SIZE (1..MAX))

  END


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--94eb2c0941569238ba053fe1c2ad-- --94eb2c094156963d5a053fe1c28c Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIS5wYJKoZIhvcNAQcCoIIS2DCCEtQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghBNMIIEXDCCA0SgAwIBAgIOSBtqDm4P/739RPqw/wcwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UE BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVy c29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hBMjU2IC0gRzIwHhcNMTYwNjE1MDAwMDAwWhcNMjEw NjE1MDAwMDAwWjBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEiMCAG A1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALR23lKtjlZW/17kthzYcMHHKFgywfc4vLIjfq42NmMWbXkNUabIgS8KX4PnIFsTlD6F GO2fqnsTygvYPFBSMX4OCFtJXoikP2CQlEvO7WooyE94tqmqD+w0YtyP2IB5j4KvOIeNv1Gbnnes BIUWLFxs1ERvYDhmk+OrvW7Vd8ZfpRJj71Rb+QQsUpkyTySaqALXnyztTDp1L5d1bABJN/bJbEU3 Hf5FLrANmognIu+Npty6GrA6p3yKELzTsilOFmYNWg7L838NS2JbFOndl+ce89gM36CW7vyhszi6 6LqqzJL8MsmkP53GGhf11YMP9EkmawYouMDP/PwQYhIiUO0CAwEAAaOCASIwggEeMA4GA1UdDwEB /wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIB ADAdBgNVHQ4EFgQUyzgSsMeZwHiSjLMhleb0JmLA4D8wHwYDVR0jBBgwFoAUJiSSix/TRK+xsBtt r+500ox4AAMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n c3BlcnNvbmFsc2lnbnB0bnJzc2hhMmcyLmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG 9w0BAQsFAAOCAQEACskdySGYIOi63wgeTmljjA5BHHN9uLuAMHotXgbYeGVrz7+DkFNgWRQ/dNse Qa4e+FeHWq2fu73SamhAQyLigNKZF7ZzHPUkSpSTjQqVzbyDaFHtRBAwuACuymaOWOWPePZXOH9x t4HPwRQuur57RKiEm1F6/YJVQ5UTkzAyPoeND/y1GzXS4kjhVuoOQX3GfXDZdwoN8jMYBZTO0H5h isymlIl6aot0E5KIKqosW6mhupdkS1ZZPp4WXR4frybSkLejjmkTYCTUmh9DuvKEQ1Ge7siwsWgA NS1Ln+uvIuObpbNaeAyMZY0U5R/OyIDaq+m9KXPYvrCZ0TCLbcKuRzCCBB4wggMGoAMCAQICCwQA AAAAATGJxkCyMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAt IFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTExMDgwMjEw MDAwMFoXDTI5MDMyOTEwMDAwMFowZDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24g bnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hB MjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hRKosYAGP+P7mIdq5NB Kr3J0tg+8lPATlgp+F6W9CeIvnXRGUvdniO+BQnKxnX6RsC3AnE0hUUKRaM9/RDDWldYw35K+sge C8fWXvIbcYLXxWkXz+Hbxh0GXG61Evqux6i2sKeKvMr4s9BaN09cqJ/wF6KuP9jSyWcyY+IgL6u2 52my5UzYhnbf7D7IcC372bfhwM92n6r5hJx3r++rQEMHXlp/G9J3fftgsD1bzS7J/uHMFpr4MXua eoiMLV5gdmo0sQg23j4pihyFlAkkHHn4usPJ3EePw7ewQT6BUTFyvmEB+KDoi7T4RCAZDstgfpzD rR/TNwrK8/FXoqnFAgMBAAGjgegwgeUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C AQEwHQYDVR0OBBYEFCYkkosf00SvsbAbba/udNKMeAADMEcGA1UdIARAMD4wPAYEVR0gADA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMB8GA1UdIwQY MBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQACAFVjHihZCV/IqJYt 7Nig/xek+9g0dmv1oQNGYI1WWeqHcMAV1h7cheKNr4EOANNvJWtAkoQz+076Sqnq0Puxwymj0/+e oQJ8GRODG9pxlSn3kysh7f+kotX7pYX5moUa0xq3TCjjYsF3G17E27qvn8SJwDsgEImnhXVT5vb7 qBYKadFizPzKPmwsJQDPKX58XmPxMcZ1tG77xCQEXrtABhYC3NBhu8+c5UoinLpBQC1iBnNpNwXT Lmd4nQdf9HCijG1e8myt78VP+QSwsaDT7LVcLT2oDPVggjhVcwljw3ePDwfGP9kNrR+lc8XrfClk WbrdhC2o4Ui28dtIVHd3MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAw TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24x EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEG A1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X 17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hp sk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7 DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBL QNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV 3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyr VQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E 7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fMIIEZDCCA0ygAwIBAgIMZN1N4N3KNCF5ZBTQMA0G CSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw IAYDVQQDExlHbG9iYWxTaWduIEhWIFMvTUlNRSBDQSAxMB4XDTE2MTAyNjE4NDI0NVoXDTE3MDQy NDE4NDI0NVowIjEgMB4GCSqGSIb3DQEJAQwRd2VpaGF3QGdvb2dsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDiNpZ5E2IqcxktrcD1X5jWksphe1Ur882fsZM99Y4hiVugSVOb zIZIxoh3ckmGpUFyK1un6AU9Rxq9GSSkRskGAaSGrGcy7ncPi7Z1NlOJN25oXFmzituZsZeYIs0S QqT9hlDpLGc95r1CpsuTlaIB8m9Uvi+H6sGecVb2TOuGbRViQIWWf5GWk2AlJYhBFyJv7regqVa8 v3fx6SLkn/hIzBQf7xpVJzG6kAa09ZE0LoPdp5YV+Hv38EqDOWjm+g6Qbh1NADhdGpbmQDp9kdlm 6WZjCMwryQukdCypLKI2BPa08F18LZktaQNlJ2s7VxDJj2ozxomeBpSK6rxSxLAjAgMBAAGjggFu MIIBajAcBgNVHREEFTATgRF3ZWloYXdAZ29vZ2xlLmNvbTBQBggrBgEFBQcBAQREMEIwQAYIKwYB BQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzaHZzbWltZWNhMS5j cnQwHQYDVR0OBBYEFIMwgx+nNfYP3NyOZfiHYydFyNdQMB8GA1UdIwQYMBaAFMs4ErDHmcB4koyz IZXm9CZiwOA/MEwGA1UdIARFMEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9j cmwuZ2xvYmFsc2lnbi5jb20vZ3NodnNtaW1lY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAO0J2vGX8ye90RegS3 HS+OE2hGEdDYJlR+S9ZSpla5AC9eejUKUc9JZR3y0ocGeQ3FQyXjM5/azBblqz/ajAbj2Fxuge45 SdRXrItDhAGWtQNl3utu2Uhf4y3re4ZRjApnhEBBX1l0E2BJuHf8MmqMhVU70Ko6Lk3lyPxnBeWo Q3tG2He3CNCkq/SDImq9vf8CNoxKxEkCP+kI+/NaCh5peLygU1h7Dc0ryWAcrxRWn8GUeEOg28MI vpwttw54cNR4YJYJVuiXCNc6PqkT/JxCiMvHS1woXJuET6QZSPtpNtvhNu90sV68Q7b2m6Vp8QTn xbzoEIHhiQWIcfphXjbeMYICXjCCAloCAQEwXDBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEiMCAGA1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMQIMZN1N4N3K NCF5ZBTQMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCBtHpdKS7fuJyVPkybG3KqI I0cQcEBnG8R4xlUnIci+azAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjEwMjgwMDE1NDhaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB FjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzALBglg hkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAM8KG1tZ25wH2Tj5phf7zcp4yd+EceTAlPY0W/K4s 91KtPes/AVDS/8IVV9J+Eu1ultJq+W4vxqDAddRQd+ew96ZaAyDGKTdM+Ec0oa/GH9iCwSbH9Q3m GiS4IeYfQpeXJ8f5K2joXBiW2iV0iN7g3v4Paf9aC158IHzjxAzLzRezfsnmNm5RPjuhcSLeFVK0 WDWu/FbgK9CT8fhHt9Ldvy644CjOnL3f4fV8qrAFkUPlfkpZ3RT5fhZ3h8p6EZQEELDL1kU38Rkf JU7t2XKkaMHg2ev3lnBR5R1VmSRX/lrXEEUxaDt2Kvzr4gEzsNm8qRdhr89XFjAs0snUsTBFig== --94eb2c094156963d5a053fe1c28c-- From nobody Thu Oct 27 19:35:58 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C2AC12947B for ; Thu, 27 Oct 2016 19:35:57 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.899 X-Spam-Level: X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzP30A58hFHU for ; Thu, 27 Oct 2016 19:35:55 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 977FB1293FC for ; Thu, 27 Oct 2016 19:35:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id BDA42300A2D for ; Thu, 27 Oct 2016 22:35:54 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GO29G4IOrcUL for ; Thu, 27 Oct 2016 22:35:53 -0400 (EDT) Received: from russellsleysmbp.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id A2D2B30050E; Thu, 27 Oct 2016 22:35:53 -0400 (EDT) Content-Type: multipart/signed; boundary="Apple-Mail=_E8AA4D6D-FCC4-40BD-A67F-5A2B6463A0B9"; protocol="application/pkcs7-signature"; micalg=sha1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: Date: Thu, 27 Oct 2016 22:35:51 -0400 Message-Id: References: <939A4C00-A981-4EB5-95C3-4800218902F8@vigilsec.com> To: Wei Chuang X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: SPASM Subject: Re: [Spasm] Review of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 02:35:57 -0000 --Apple-Mail=_E8AA4D6D-FCC4-40BD-A67F-5A2B6463A0B9 Content-Type: multipart/alternative; boundary="Apple-Mail=_FE6CA903-AE20-4E5E-AF50-C6E883071958" --Apple-Mail=_FE6CA903-AE20-4E5E-AF50-C6E883071958 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > Section 1 tells why an EAI cannot appear in a subjectAltName using the = rfc822Name choice. It should go on to say that this document specifies = a way to carry EAI in otherName so that EAI can appear in a = subjectAltName. BTW, this also allows EAI to appear in issuerAltName. >=20 > Just double checking- Are you strongly in favor of EAI in = issuerAltName? Yes, I think that it should be supported in subjectAltName and = issuerAltName. Russ --Apple-Mail=_FE6CA903-AE20-4E5E-AF50-C6E883071958 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Section 1 tells why an EAI cannot appear in a subjectAltName = using the rfc822Name choice.  It should go on to say that this = document specifies a way to carry EAI in otherName so that EAI can = appear in a subjectAltName.  BTW, this also allows EAI to appear in = issuerAltName.

Just double checking- = Are you strongly in favor of EAI in = issuerAltName?

Yes, I = think that it should be supported in subjectAltName and = issuerAltName.

Russ

= --Apple-Mail=_FE6CA903-AE20-4E5E-AF50-C6E883071958-- --Apple-Mail=_E8AA4D6D-FCC4-40BD-A67F-5A2B6463A0B9 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ9zCCBK8w ggOXoAMCAQICEQDgI8sVEoNTia1hbnpUZ2shMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAlNF MRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5l dHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMTQxMjIyMDAwMDAw WhcNMjAwNTMwMTA0ODM4WjCBmzELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hl c3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNV BAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWls IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibEN2npTGU5wUh28VqYGJre4SeCW 51Gr8fBaE0kVo7SMG2C8elFCp3mMpCLfF2FOkdV2IwoU00oCf7YdCYBupQQ92bq7Fv6hh6kuQ1JD FnyvMlDIpk9a6QjYz5MlnHuI6DBk5qT4VoD9KiQUMxeZrETlaYujRgZLwjPU6UCfBrCxrJNAubUI kzqcKlOjENs9IGE8VQOO2U52JQIhKfqjfHF2T+7hX4Hp+1SA28N7NVK3hN4iPSwwLTF/Wb1SN7Az aS1D6/rWpfGXd2dRjNnuJ+u8pQc4doykqTj/34z1A6xJvsr3c5k6DzKrnJU6Ez0ORjpXdGFQvsZA P8vk4p+iIQIDAQABo4IBFzCCARMwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYD VR0OBBYEFJJha4LhoqCqT+xn8cKj97SAAMHsMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAG AQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBgNVHSAECjAIMAYGBFUdIAAw RAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJu YWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNl cnRydXN0LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAGypurFXBOquIxdjtzVXzqmthK8AJECOZD8Vm am+x9bS1d14PAmEA330F/hKzpICAAPz7HVtqcgIKQbwFusFY1SbC6tVNhPv+gpjPWBvjImOcUvi7 BTarfVil3qs7Y+Xa1XPv7OD7e+Kj//BCI5zKto1NPuRLGAOyqC3U2LtCS5BphRDbpjc06HvgARCl nMo6x59PiDRuimXQGoq7qdzKyjbR9PzCZCk1r9axp3ER0gNDsY8+muyeMlP0dpLKhjQHuSzK5hxK 2JkNwYbikJL7WkJqIyEQ6WXH9dW7fuqMhSACYurROgcsWcWZM/I4ieW26RZ6H3kU9koQGib6fIr7 mzCCBUAwggQooAMCAQICEQCzIsUuKpsHVq2Oiy2wXwvCMA0GCSqGSIb3DQEBCwUAMIGbMQswCQYD VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRow GAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50 IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwHhcNMTYwMzMxMDAwMDAwWhcNMTcw MzMxMjM1OTU5WjAlMSMwIQYJKoZIhvcNAQkBFhRob3VzbGV5QHZpZ2lsc2VjLmNvbTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQwBbNVXhmLbyClWrRBX0GdNQFhVHEpbzM4tr5pdd0q rPp8i+6qqNa4dAbJT6kodJ/LgsBi5EN3li4MJOIlf3rCsK1/VXepRwqUoc1cZfLRGdEj/4zgwrNZ ULvOFiDIvYkAYDWRlYnEXulWr3KriOApHpfzbQvHStU1YsV762AIHVbZUW5tlTC9LfI8r+PIBFzv Y5ujoUnSAgKgeE8gDK9yAxemrQ6wzDpwaf5PxEVnw0gOC2jtDojdzhoQfz57MFrL9pA1QyMbnItV zCYfc5J7EfeCGupcFqwXytbJHSYPfLfM1/3omGgCGD/DZk4z4SUVC19k02iGxAIVDsWJ5oMCAwEA AaOCAfIwggHuMB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBTrsV85 Y7qY6oVPF5xRd+wqIu3VJTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUEGTAX BggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/MD0wOwYM KwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BT MF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNs aWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGA MFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRB dXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz cC5jb21vZG9jYS5jb20wHwYDVR0RBBgwFoEUaG91c2xleUB2aWdpbHNlYy5jb20wDQYJKoZIhvcN AQELBQADggEBACgHw+/VeC7LgLJs19KZ6Ds2cW+jLSPjA3AIqSxiQ+uyDFwe6FujBUqRCXfla0qg MzbhJ+1uSxcaktsS5idpB5Dfp8SVEGLcjtSJwWVlEofjaRrx6pi2mzazQwfKklY/epvsgnCoY8KW FeSGkpbQXu5WrIL18EFqMCHqDiu5/P49PcZnJRv2xHTi5CkIsI7XgOw4FazS3xuJMVQ5TVtIUeMW OqRlNJaeTiBsOVauS3FE/zRejsAYhHp3EV1PZFhV6hdcK/8qKrqRBtZtsEIm2FNWNsk8p/3RmUQl 4n4qN/NvapmXyYqfHZiuxf2g8H/WHF8IlVDzljLy90Uy0X7Qp0gxggPGMIIDwgIBATCBsTCBmzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9y ZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENs aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAsyLFLiqbB1atjostsF8L wjAJBgUrDgMCGgUAoIIB6TAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjEwMjgwMjM1NTJaMCMGCSqGSIb3DQEJBDEWBBSzPRH9Al+MtMmT4Fap5ksgM60ZOTCBwgYJ KwYBBAGCNxAEMYG0MIGxMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwg Q0ECEQCzIsUuKpsHVq2Oiy2wXwvCMIHEBgsqhkiG9w0BCRACCzGBtKCBsTCBmzELMAkGA1UEBhMC R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE ChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRo ZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhEAsyLFLiqbB1atjostsF8LwjANBgkqhkiG 9w0BAQEFAASCAQDTiD7S6Ew2TZpJklSsOxIhiPjII4mczt5mlI6VLYncGRD47TXS2MeJmAEkFdGP WLD1d0CHVXWErXC+thFIqSWixC9n46kke27d9j2hmaz7xivoctUTk1M9MS/xnfWG8syyaBSAqArH wdJD9ivJMnIcuBlDVq3jnrrkEWq7NFBM/+aIP8MMo93zhAIdPiu+8z89hT224oqw2pTlY4iecA0l rHxYLUkeLYKY7drPYd098yVWL5CqKw+NNM2f5KRo+CyZeEG9/MNc8CbKDxFMMKTlVQ9tJficl8bW giWqRvNomeVNJAX8UY/BVw34ye7dJxJ+dGO/AwnMqYsGxCXwg9zQAAAAAAAA --Apple-Mail=_E8AA4D6D-FCC4-40BD-A67F-5A2B6463A0B9-- From nobody Fri Oct 28 01:56:25 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7567129784 for ; Fri, 28 Oct 2016 01:56:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.43 X-Spam-Level: X-Spam-Status: No, score=-2.43 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-lewDx2rKUD for ; Fri, 28 Oct 2016 01:56:22 -0700 (PDT) Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id DAC98129527 for ; Fri, 28 Oct 2016 01:56:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1477644981; d=isode.com; s=june2016; i=@isode.com; bh=UU9gP9GoDI0Jg71DMrSnfD4gMUm4TsKFIOoAQhp+vs8=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=QBRWa/5yuEI8SKqcuIUkiLjOV88wPp2ti1DQmhigiogERGPnM5YObsrJ2oJ4YhKmY5kuWl JfPF151GBcCKomUzmnTSg2dC5FZzmraEaJpgeR15Es7/t0+JGJpe8MhFzj3HW6gykdtHjn MD4yuwsEMQ6lfy++MqSsup5bu0x1vdI=; Received: from [192.168.0.6] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id ; Fri, 28 Oct 2016 09:56:20 +0100 X-SMTP-Protocol-Errors: PIPELINING From: Alexey Melnikov X-Mailer: iPad Mail (14A456) In-Reply-To: Date: Fri, 28 Oct 2016 10:10:49 +0100 Message-Id: References: <00c301d2307b$ab42fb50$01c8f1f0$@augustcellars.com> <595A5A73-FB0E-462A-B0D9-DADE9FF18DBC@sn3rd.com> To: Wei Chuang MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Apple-Mail-2FE3A1CD-1FB5-4679-A8CD-22E6CD6A6691 Content-Transfer-Encoding: 7bit Archived-At: Cc: SPASM , Jim Schaad , Sean Turner Subject: Re: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 08:56:24 -0000 --Apple-Mail-2FE3A1CD-1FB5-4679-A8CD-22E6CD6A6691 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: quoted-printable > On 28 Oct 2016, at 01:14, Wei Chuang wrote: >=20 >> On Thu, Oct 27, 2016 at 2:10 PM, Sean Turner wrote: >> On Oct 27, 2016, at 13:58, Jim Schaad wrote: (Snip) >=20 >> >> 3) s7: (I suspect after Russ=92 comment you knew this) if you put in a= n ASN.1 >> >> module you=92ll also need to register an OID for the module and the ex= tension. >> >> Something along these lines ought to work for that section: >> >> >> >> This document makes use of object identifiers for the >> >> other name defined in Section 2 and the ASN.1 module >> >> identifier defined in Section [insert location]. IANA is kindly >> >> requested to make the following assignments for: >> >> >> >> o The [insert name of module] ASN.1 module in the SMI >> >> Security for PKIX Module Identifier registry: >> >> http://www.iana.org/assignments/smi-numbers/smi- >> >> numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 >> >> >> >> o The smtputf8Name other name in the PKIX Other >> >> Name Forms registry: >> >> http://www.iana.org/assignments/smi-numbers/ >> >> smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8 >> >> >> >> 4) Is it worth pointing out that this OTHER-NAME is *not* applicable t= o >> >> IssuerAltName? The draft is very clear it=92s just talking about Subj= ectAltName but >> >> it=92s the same syntax and sometimes smart implementers do weird thing= s. >> >> (definitely willing to not have this incorporated, but I thought I sho= uld at least >> >> bring it up) >> > >> > I would disagree, while I can't think of a good reason for putting in a= n IssuerAltName, there is no reason why it cannot be put there. >>=20 >> Likewise here, I could see going either way. If we did preclude it and l= ater somebody came up with a reason to use it you=92d we=92d have to update t= o unpreclude it. That sounds painful so maybe saying nothing is the right t= hing here. >=20 > Indeed that was the notion for not saying something explicitly since it wa= sn't clear there was a use for smptutf8Name in IssuerAltName. Could go eith= er way or keep it as is. Is there a strong preference for it? I would rather explicitly allow it. If something is omitted, people will dra= w different conclusions. >=20 > -Wei > =20 >>=20 >> spt >>=20 >> > Jim >> > >> >> >> >> spt >> >> _______________________________________________ >> >> Spasm mailing list >> >> Spasm@ietf.org >> >> https://www.ietf.org/mailman/listinfo/spasm >> > >>=20 >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 --Apple-Mail-2FE3A1CD-1FB5-4679-A8CD-22E6CD6A6691 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

On 28 Oct 2016, at 01:1= 4, Wei Chuang <weihaw@google.com= > wrote:

<= div>
O= n Thu, Oct 27, 2016 at 2:10 PM, Sean Turner <sean@sn3rd.com> wrot= e:
On Oct 27, 2016, at 13:58, Jim Schaad <ietf@augustcellars.com> wrote:
 (Snip)


>> 3) s7: (I suspect after Russ=E2=80=99 comment you knew this) if you= put in an ASN.1
>> module you=E2=80=99ll also need to register an OID for the module a= nd the extension.
>> Something along these lines ought to work for that section:
>>
>>   This document makes use of object identifiers for the >>   other name defined in Section 2 and the ASN.1 module >>   identifier defined in Section [insert location]. IANA i= s kindly
>>   requested to make the following assignments for:
>>
>>  o  The [insert name of module] ASN.1 module in the SMI >>      Security for PKIX Module Identifier registry: >>      http://www.iana.org/= assignments/smi-numbers/smi-
>>      numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0<= br> >>
>>  o  The smtputf8Name other name in the PKIX Other
>>      Name Forms registry:
>>      http://www.iana.org/assi= gnments/smi-numbers/
>>      smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.= 7.8
>>
>> 4) Is it worth pointing out that this OTHER-NAME is *not* applicabl= e to
>> IssuerAltName?  The draft is very clear it=E2=80=99s just talk= ing about SubjectAltName but
>> it=E2=80=99s the same syntax and sometimes smart implementers do we= ird things.
>> (definitely willing to not have this incorporated, but I thought I s= hould at least
>> bring it up)
>
> I would disagree, while I can't think of a good reason for putting in a= n IssuerAltName, there is no reason why it cannot be put there.

Likewise here, I could see going either way.  If we did pre= clude it and later somebody came up with a reason to use it you=E2=80=99d we= =E2=80=99d have to update to unpreclude it.  That sounds painful so may= be saying nothing is the right thing here.

Indeed that was the notion for not saying something explicitly since it w= asn't clear there was a use for smptutf8Name in IssuerAltName.  Could g= o either way or keep it as is.  Is there a strong preference for it?

I would rather explicitly a= llow it. If something is omitted, people will draw different conclusions.

= --Apple-Mail-2FE3A1CD-1FB5-4679-A8CD-22E6CD6A6691-- From nobody Fri Oct 28 06:06:19 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77F4412945D for ; Fri, 28 Oct 2016 06:06:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0b51Eb8rKkkF for ; Fri, 28 Oct 2016 06:06:15 -0700 (PDT) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61EAB1294DF for ; Fri, 28 Oct 2016 06:06:15 -0700 (PDT) Received: by mail-qk0-x230.google.com with SMTP id z190so84813115qkc.2 for ; Fri, 28 Oct 2016 06:06:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UkbPHj0G0qms9Q9xq09XmL8r6YTTQ6fGr8p3XMC12bU=; b=cNIC938mMfrgqMLXN0Ay2DqS0uVq4Mc0l2tUYt8EaN+aS47HDpujbPz8im4NVC/8ET 2ebAPd+1oiwE/0J6OlzPH9LdRVP5V0iqdOIbzdxLu+17XkeDPqKV/weAOO88EOahT5Q4 bdlJ5Zkzd0limDjGO1sOlLIEmo9QwDiid9yJQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=UkbPHj0G0qms9Q9xq09XmL8r6YTTQ6fGr8p3XMC12bU=; b=CSwfo4NOtCMt4i+SKQ+R6kwtWiNc/xI+YvZOyxDD2Co6oqGGAf6Ym8KjaalXgXlfOQ xcxot16dhJGr8Hj01HcS835YDxfEcVvFshMGdZLLU8AJN9GQl0syAe6Ka7lxe1Ip4q55 6PRuacKOiJwhWnGgRIZYj92/n8rRg/UZBomsX83eOUJXbtbQoHb/Zi+iKb6l0H9+kDTE W5aibm04TiQUc9zAqKBzRpaOE1VChhvF47yI1kzmFvU7ELSggbY1otR3zeK/FAbslKTc oNUumKbvgvpqSa/3gCn0GFVgcVFWD1CYxQJ2SWm9ATLDL3BDSLVrOk1LqkW6zWltdutM 9srA== X-Gm-Message-State: ABUngvfSXXQP8GBfZnEbOLzGpFpRy6d+rpRc474SP+fykOpgtrlJ2DkLuE+uoJdLy/+UAg== X-Received: by 10.55.148.131 with SMTP id w125mr10365078qkd.57.1477659974532; Fri, 28 Oct 2016 06:06:14 -0700 (PDT) Received: from [172.16.0.112] ([96.231.230.70]) by smtp.gmail.com with ESMTPSA id 14sm852405qtp.19.2016.10.28.06.06.12 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 28 Oct 2016 06:06:13 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) From: Sean Turner In-Reply-To: Date: Fri, 28 Oct 2016 09:06:11 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <44D6B230-D72F-4ACE-9558-DA843DCC4E98@sn3rd.com> References: <00c301d2307b$ab42fb50$01c8f1f0$@augustcellars.com> <595A5A73-FB0E-462A-B0D9-DADE9FF18DBC@sn3rd.com> To: Wei Chuang X-Mailer: Apple Mail (2.3124) Archived-At: Cc: SPASM , Jim Schaad Subject: Re: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 13:06:18 -0000 On Oct 27, 2016, at 20:14, Wei Chuang wrote: >=20 > On Thu, Oct 27, 2016 at 2:10 PM, Sean Turner wrote: > On Oct 27, 2016, at 13:58, Jim Schaad wrote: > > > > > > > >> -----Original Message----- > >> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Sean = Turner > >> Sent: Wednesday, October 26, 2016 10:02 PM > >> To: SPASM > >> Subject: [Spasm] review of of draft-ietf-lamps-eai-addresses-00 > >> > >> These are pretty nitty: > >> > >> 0) I gotta ask whether this document should include an =E2=80=9CUpdat= es: 5280 (once > >> approved)=E2=80=9D header? > > > > Personal opinion - no >=20 > I could go either way, which probably means NOT doing it is the right = thing. >=20 > >> 1) I guess s2 should be updated to also refer to ASN.1 for the = formal syntax used > >> in s3 as well as the ASN.1 module (as suggested by Russ); also = requires adding a > >> normative reference to ASN.1? > >> > >> 2) I=E2=80=99m not sure about this one, but do you need to say = anything about wildcards? > >> The last para in s4.2.1.6 before the ASN.1 in 5280 says it=E2=80=99s = up to the application, > >> but maybe that=E2=80=99s already covered somewhere else? >=20 > I think we would prefer not to allow wildcard in this specification. = Multiple subjectAltName can used instead, and explicit naming is = preferable. Also wildcards also adds complexity to the matching rules. I agree explicit naming so I guess a sentence to say that makes sense to = me. > >> > >> 3) s7: (I suspect after Russ=E2=80=99 comment you knew this) if you = put in an ASN.1 > >> module you=E2=80=99ll also need to register an OID for the module = and the extension. > >> Something along these lines ought to work for that section: > >> > >> This document makes use of object identifiers for the > >> other name defined in Section 2 and the ASN.1 module > >> identifier defined in Section [insert location]. IANA is kindly > >> requested to make the following assignments for: > >> > >> o The [insert name of module] ASN.1 module in the SMI > >> Security for PKIX Module Identifier registry: > >> http://www.iana.org/assignments/smi-numbers/smi- > >> numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.0 > >> > >> o The smtputf8Name other name in the PKIX Other > >> Name Forms registry: > >> http://www.iana.org/assignments/smi-numbers/ > >> smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8 > >> > >> 4) Is it worth pointing out that this OTHER-NAME is *not* = applicable to > >> IssuerAltName? The draft is very clear it=E2=80=99s just talking = about SubjectAltName but > >> it=E2=80=99s the same syntax and sometimes smart implementers do = weird things. > >> (definitely willing to not have this incorporated, but I thought I = should at least > >> bring it up) > > > > I would disagree, while I can't think of a good reason for putting = in an IssuerAltName, there is no reason why it cannot be put there. >=20 > Likewise here, I could see going either way. If we did preclude it = and later somebody came up with a reason to use it you=E2=80=99d we=E2=80=99= d have to update to unpreclude it. That sounds painful so maybe saying = nothing is the right thing here. >=20 > Indeed that was the notion for not saying something explicitly since = it wasn't clear there was a use for smptutf8Name in IssuerAltName. = Could go either way or keep it as is. Is there a strong preference for = it? I guess I=E2=80=99m leaning towards what Alexey=E2=80=99s train of = thought that we should explicit allow it. > -Wei > =20 >=20 > spt >=20 > > Jim > > > >> > >> spt > >> _______________________________________________ > >> Spasm mailing list > >> Spasm@ietf.org > >> https://www.ietf.org/mailman/listinfo/spasm > > >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm >=20 From nobody Fri Oct 28 07:12:17 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7031299C4 for ; Fri, 28 Oct 2016 07:12:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.597 X-Spam-Level: X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zIU39hXDylbV for ; Fri, 28 Oct 2016 07:12:14 -0700 (PDT) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA3F412965F for ; Fri, 28 Oct 2016 07:12:08 -0700 (PDT) Received: by mail-wm0-x234.google.com with SMTP id p190so13440800wmp.1 for ; Fri, 28 Oct 2016 07:12:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=u1OYjWsz3s7ASDfR9QLKq3YRLvc/LM79qJroS+RYC/E=; b=FyrjrRkmv++pd2zoKc1ZOYiXbhET0/MBUM5E5eL4na2yUNsbzyNlr6Q5D1ILoRNk50 JxObtgCvfh1uF8nOdPwCDq2GTIklF7RBZkmamI/BKKrh2PF73KZPMeZvzK7gmnT9GdFu iM8EZcXffMSNWWIFtJmu/E3hZQZEk/j+8ox7N73POumfuX/YSUy/fR1U6pbIjb5c9a9g XUQBvHdQxSL8ibHl/eQAUU2bhVGgGSTTVM06w/DuzgyTv2Vx6dlE2rAvAy4XMCw9C1yU s6J4w0M9KukeX46tOQNdrTSNrKLpb00RqTJn904+4kxZXxtMO9zz5xrz9oasWXY9ChWm 5kTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=u1OYjWsz3s7ASDfR9QLKq3YRLvc/LM79qJroS+RYC/E=; b=EA3QJdkJVawA1NqOxPJHmLtvjSa1rM1UIauMQqPidcZzPoe7jQVfTauyXX2bjehxoq JtrjyrWNA4OkbQTETOQxfY71pPlzeVS5i3Q/wDdLT8asCfXNvgrrZBxIhITMj5Pnrmzb z1GibDc9G7CB43tPGxTaU3iugte8N5z/HL/Ys4vT+MB58BWWoDpB7R8rA4EEQ9LTCCVc pZYfPmZAsLS+1IEV3W7jabPtpIgZ/24DId5Yl4xUaX0GZFxo7ngs5NLgkd9sMckEW6OA 5bm9qiBnS/SOv+bJ4EM6TkhGbC0GiTvH6h08ukFnphe9rotk1tutUovdB2yzAvAbtZw4 JWcw== X-Gm-Message-State: ABUngvdOgK79PeJ1TrmCxL7hfD6K1wJd0Vqj/LaqgUMa8WTLgC9jEqS7g2cXXpahbU2z1mYWPNCAmgqgCu6FFA== X-Received: by 10.195.13.107 with SMTP id ex11mr11219474wjd.99.1477663927163; Fri, 28 Oct 2016 07:12:07 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.194.227.170 with HTTP; Fri, 28 Oct 2016 07:12:06 -0700 (PDT) From: Phillip Hallam-Baker Date: Fri, 28 Oct 2016 10:12:06 -0400 X-Google-Sender-Auth: THYi2qIf6IFXUbpCYFb07yzO_O0 Message-ID: To: SPASM Content-Type: multipart/alternative; boundary=047d7bfcedbe79e30f053fed71bf Archived-At: Subject: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 14:12:15 -0000 --047d7bfcedbe79e30f053fed71bf Content-Type: text/plain; charset=UTF-8 Just a heads up for people in this group that there is a working group starting in CABForum looking at client certificate validation processes. One point that it might be useful to work on jointly would be ways of making use of organization level certificates in S/MIME systems. The WebPKI works well at what it is designed to do. The problem with the WebPKI is that is a subset of people want it to do. By 2030 I would love to see secure email to have got to the point where there is something like 'booths in shopping malls' where professionals, doctors, lawyers, etc. go to get their credentials notarized. But we aren't close to that yet and we won't ever get there unless we have another way to get to critical mass. Making use of EV guidelines or some variant thereof to jumpstart the process of issue seems like it could be a way to get to deployment of S/MIME in the public space. Right now we have a perfect storm as far as end to end email security is concerned. Snowden has got the tech community worked up on the issue. And email security is currently the top issue in the US Presidential election. I think that is a ludicrous situation but whoever wins is very likely to make fixing email insecurity a priority. And no, I don't think the opponents of strong crypto are going to stand in the way this time. In fact I think they will soon be looking for new jobs. Yes, even the one who thinks he has tenure. --047d7bfcedbe79e30f053fed71bf Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Jus= t a heads up for people in this group that there is a working group startin= g in CABForum looking at client certificate validation processes.

One point that it might be useful = to work on jointly would be ways of making use of organization level certif= icates in S/MIME systems. The WebPKI works well at what it is designed to d= o. The problem with the WebPKI is that is a subset of people want it to do.=


By 2030 I would love to see secure= email to have got to the point where there is something like 'booths i= n shopping malls' where professionals, doctors, lawyers, etc. go to get= their credentials notarized. But we aren't close to that yet and we wo= n't ever get there unless we have another way to get to critical mass.<= /div>

Making use of EV guidelin= es or some variant thereof to jumpstart the process of issue seems like it = could be a way to get to deployment of S/MIME in the public space.


Right now we have a perfect storm as far as= end to end email security is concerned. Snowden has got the tech community= worked up on the issue. And email security is currently the top issue in t= he US Presidential election. I think that is a ludicrous situation but whoe= ver wins is very likely to make fixing email insecurity a priority.

And no, I don't think the = opponents of strong crypto are going to stand in the way this time. In fact= I think they will soon be looking for new jobs. Yes, even the one who thin= ks he has tenure.
--047d7bfcedbe79e30f053fed71bf-- From nobody Fri Oct 28 10:25:00 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 642BE129565 for ; Fri, 28 Oct 2016 10:24:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -101.899 X-Spam-Level: X-Spam-Status: No, score=-101.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e9hyh-GwPaGI for ; Fri, 28 Oct 2016 10:24:57 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9654C1295B6 for ; Fri, 28 Oct 2016 10:24:57 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id EE7CB300AB9 for ; Fri, 28 Oct 2016 13:24:56 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 32hibWSAAIS5 for ; Fri, 28 Oct 2016 13:24:55 -0400 (EDT) Received: from [192.168.2.100] (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id A6D29300A04; Fri, 28 Oct 2016 13:24:55 -0400 (EDT) Content-Type: multipart/alternative; boundary="Apple-Mail=_283F56BE-F98D-46C6-A10E-3E0A86190951" Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) From: Russ Housley In-Reply-To: Date: Fri, 28 Oct 2016 13:24:05 -0400 Message-Id: <5344D01F-99F6-41D3-BB21-0A13335713EE@vigilsec.com> References: To: Phillip Hallam-Baker X-Mailer: Apple Mail (2.1878.6) Archived-At: Cc: SPASM Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 17:24:59 -0000 --Apple-Mail=_283F56BE-F98D-46C6-A10E-3E0A86190951 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Phillip: This is certainly beyond the current LAMPS charter. That said, I=92m = willing to work on things that will make it easier to get S/MIME = certificates. This was one of the goals of the ENROLL WG [see = https://datatracker.ietf.org/wg/enroll/charter/], but that did not work = out. Maybe we can get that restarted, per haps with a more narrow = focus. Russ On Oct 28, 2016, at 10:12 AM, Phillip Hallam-Baker = wrote: > Just a heads up for people in this group that there is a working group = starting in CABForum looking at client certificate validation processes. >=20 > One point that it might be useful to work on jointly would be ways of = making use of organization level certificates in S/MIME systems. The = WebPKI works well at what it is designed to do. The problem with the = WebPKI is that is a subset of people want it to do. >=20 >=20 > By 2030 I would love to see secure email to have got to the point = where there is something like 'booths in shopping malls' where = professionals, doctors, lawyers, etc. go to get their credentials = notarized. But we aren't close to that yet and we won't ever get there = unless we have another way to get to critical mass. >=20 > Making use of EV guidelines or some variant thereof to jumpstart the = process of issue seems like it could be a way to get to deployment of = S/MIME in the public space. >=20 >=20 > Right now we have a perfect storm as far as end to end email security = is concerned. Snowden has got the tech community worked up on the issue. = And email security is currently the top issue in the US Presidential = election. I think that is a ludicrous situation but whoever wins is very = likely to make fixing email insecurity a priority. >=20 > And no, I don't think the opponents of strong crypto are going to = stand in the way this time. In fact I think they will soon be looking = for new jobs. Yes, even the one who thinks he has tenure. --Apple-Mail=_283F56BE-F98D-46C6-A10E-3E0A86190951 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 Phillip:

This is certainly beyond = the current LAMPS charter.  That said, I=92m willing to work on = things that will make it easier to get S/MIME certificates.  This = was one of the goals of the ENROLL WG [see https://datatrac= ker.ietf.org/wg/enroll/charter/], but that did not work out. =  Maybe we can get that restarted, per haps with a more narrow = focus.

Russ


On Oct 28, 2016, at 10:12 AM, Phillip Hallam-Baker <phill@hallambaker.com> = wrote:

Just a heads up for people in this group that = there is a working group starting in CABForum looking at client = certificate validation processes.

One point that it might be useful to work on = jointly would be ways of making use of organization level certificates = in S/MIME systems. The WebPKI works well at what it is designed to do. = The problem with the WebPKI is that is a subset of people want it to = do.


By 2030 I would love to see secure email to = have got to the point where there is something like 'booths in shopping = malls' where professionals, doctors, lawyers, etc. go to get their = credentials notarized. But we aren't close to that yet and we won't ever = get there unless we have another way to get to critical mass.

Making use of EV = guidelines or some variant thereof to jumpstart the process of issue = seems like it could be a way to get to deployment of S/MIME in the = public space.


Right now we have a perfect storm as far as = end to end email security is concerned. Snowden has got the tech = community worked up on the issue. And email security is currently the = top issue in the US Presidential election. I think that is a ludicrous = situation but whoever wins is very likely to make fixing email = insecurity a priority.

And no, I don't think the opponents of strong = crypto are going to stand in the way this time. In fact I think they = will soon be looking for new jobs. Yes, even the one who thinks he has = tenure.

= --Apple-Mail=_283F56BE-F98D-46C6-A10E-3E0A86190951-- From nobody Fri Oct 28 14:42:11 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C053712969F for ; Fri, 28 Oct 2016 14:42:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.732 X-Spam-Level: X-Spam-Status: No, score=-4.732 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFqQx-uay3IK for ; Fri, 28 Oct 2016 14:42:08 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D03AB129697 for ; Fri, 28 Oct 2016 14:42:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 43A0FBE55; Fri, 28 Oct 2016 22:42:05 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ycgQDDaNDTLC; Fri, 28 Oct 2016 22:42:04 +0100 (IST) Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 92FB2BE51; Fri, 28 Oct 2016 22:42:03 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1477690924; bh=ti27YsZx28XWKeayb5EwXjjlw9XiBDAkW6AjSI9zFDg=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=S9BWup+7t27yV2/PAwX/KLbmhr7Exc3g2k/m0VUl861TBb4MFQr4nd/YL8UKEKu5H j0azr6h8dR81cgxy8XCLLWWySUpK3qBnXXZ44ta67dmMFPnJhNF+N+bqzfB362p9OW Dy0gl95ZBjJeht+i/tL9QyVNFet5BWodjOzyUaXw= To: Russ Housley , Phillip Hallam-Baker References: <5344D01F-99F6-41D3-BB21-0A13335713EE@vigilsec.com> From: Stephen Farrell Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url= Message-ID: Date: Fri, 28 Oct 2016 22:42:03 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <5344D01F-99F6-41D3-BB21-0A13335713EE@vigilsec.com> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms060703080107010302030306" Archived-At: Cc: SPASM Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2016 21:42:10 -0000 This is a cryptographically signed message in MIME format. --------------ms060703080107010302030306 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Wearing no hats... On 28/10/16 18:24, Russ Housley wrote: > That said, I=E2=80=99m willing to work on things that will make it easi= er to > get S/MIME certificates. I think to be credible, an overall approach to e2e email security has to address a number of issues - while only some of those are IETF things, and while we might break down the work into multiple independent bits, I'd honesty be surprised if any of those parts was worthwhile, if done all by itself. IOW, I'd be surprised if there were merit in trying to address s/mime enrolment when there are so many other killer reasons why e2e email security currently doesn't get used. All that said, if there were a credible overall plan then I'd also be up for helping. But, that'd have to e.g. have some of the major mail providers involved or supportive, or else have a story as to why those don't need to be involved at all. I'm not seeing that so far myself. S. --------------ms060703080107010302030306 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CvIwggUIMIID8KADAgECAhBPzaE7pzYviUJyhmHTFBdnMA0GCSqGSIb3DQEBCwUAMHUxCzAJ BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGll bnQgQ0EwHhcNMTYwMjA5MDkyODE1WhcNMTcwMjA5MDkyODE1WjBOMSIwIAYDVQQDDBlzdGVw aGVuLmZhcnJlbGxAY3MudGNkLmllMSgwJgYJKoZIhvcNAQkBFhlzdGVwaGVuLmZhcnJlbGxA Y3MudGNkLmllMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuC0rYze/2JinSra C9F2RjGdQZjNALLcW9C3WKTwYII3wBslobmHuPEYE5JaGItmzuKnAW619R1rD/kfoNWC19N3 rBZ6UX9Cmb9D9exCwYIwVuSwjrCQWGxgCtNQTrwKzCCpI790GRiMTvxvO7UmzmBrCaBLiZW5 R0fBjK5Yn6hUhAzGBkNbkIEL28cLJqH0yVz7Kl92OlzrQqTPEts5m6cDnNdY/ADfeAX18c1r dxZqcAxhLotrCqgsVA4ilbQDMMXGTLlB5TP35HeWZuGBU7xu003rLcFLdOkD8xvpJoYZy9Kt 3oABXPS5yqtMK+XCNdqmMn+4mOtLwQSMmPCSiQIDAQABo4IBuTCCAbUwCwYDVR0PBAQDAgSw MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQJ QhvwQ5Fl372Z6xqo6fdn8XejTTAfBgNVHSMEGDAWgBQkgWw5Yb5JD4+3G0YrySi1J0htaDBv BggrBgEFBQcBAQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5 BggrBgEFBQcwAoYtaHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLmNsaWVudDEu Y3J0MDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1jbGll bnQxLmNybDAkBgNVHREEHTAbgRlzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllMCMGA1UdEgQc MBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzBGBgNVHSAEPzA9MDsGCysGAQQBgbU3AQIE MCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTANBgkqhkiG 9w0BAQsFAAOCAQEArzrSv2C8PlBBmGuiGrzm2Wma46/KHtXmZYS0bsd43pM66Pc/MsqPE0HD C1GzMFfwB6BfkJn8ijNSIhlgj898WzjvnpM/SO8KStjlB8719ig/xKISrOl5mX55XbFlQtX9 U6MrqRgbDIATxhD9IDr+ryvovDzChqgQj7mt2jYr4mdlRjsjod3H1VY6XglRmaaNGZfsCARM aE/TU5SXIiqauwt5KxNGYAY67QkOBs7O1FkSXpTk7+1MmzJMF4nP8QQ5n8vhVNseF+/Wm7ai 9mtnrkLbaznMsy/ULo/C2yuLUWTbZZbf4EKNmVdme6tUDgYkFjAFOblfA7W1fSPiQGagYzCC BeIwggPKoAMCAQICEGunin0K14jWUQr5WeTntOEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE BhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFs IENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g QXV0aG9yaXR5MB4XDTE1MTIxNjAxMDAwNVoXDTMwMTIxNjAxMDAwNVowdTELMAkGA1UEBhMC SUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL192vfDon2D9luC/dtbX64eG3XAtRmv mCSsu1d52DXsCR58zJQbCtB2/A5uFqNxWacpXGGtTCRk9dEDBlmixEd8QiLkUfvHpJX/xKnm VkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+Cevdfa89VLnUztRr2cgmCfyO9Otrh7LJDPG+4 D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PI dopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4DIM8UlVS8pkIsoGGJtMuWjLL4tq2hYQuu N0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFgMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUE FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzAp MCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwZgYIKwYBBQUHAQEE WjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wMAYIKwYBBQUHMAKG JGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAdBgNVHQ4EFgQUJIFsOWG+ SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwPwYDVR0g BDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv bGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wBi4StDwECW5zhIycjBL008HACblIf26HY 0JdOruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspBOB/y5uzSns1lZwh7sG96bYBZpcGzGxpF NjDmQbcM3yl3WFIRS4WhNrsOY14V7y2IrUGsvetsD+bjyOngCIVeC/GmsmtbuLOzJ606tEc9 uRbhjTu/b0x2Fo+/e7UkQvKzNeo7OMhijixaULyINBfCBJb+e29bLafgu6JqjOUJ9eXXj20p 6q/CW+uVrZiSW57+q5an2P2i7hP85jQJcy5j4HzA0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOv Z3UDsTDTagXpRDIKQLZo02wrlxY6iMFqvlzsemVf1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOu mZhLP+SWJQnjpLpSlUOj95uf1zo9oz9e0NgIJoz/tdfrBzez76xtDsK0KfUDHt1/q59BvDI7 RX6gVr0fQoCyMczNzCTcRXYHY0tq2J0oT+bsb6sH2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO /ZskmSY8wtAk24orAc0vwXgYanqNsBX5Yv4sN4Z9VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsN JQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1UeGp/2deoprGevfnxWB+vHNQiu85o6MxggPM MIIDyAIBATCBiTB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcG A1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0 Q29tIENsYXNzIDEgQ2xpZW50IENBAhBPzaE7pzYviUJyhmHTFBdnMA0GCWCGSAFlAwQCAQUA oIICEzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjEwMjgy MTQyMDNaMC8GCSqGSIb3DQEJBDEiBCD2Z6tYlwh6MFwElFP75ju3EBS2h6/i3NU3EWuy0i+u ODBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAQIwCgYIKoZIhvcN AwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMC AgEoMIGaBgkrBgEEAYI3EAQxgYwwgYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMw IQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzCB nAYLKoZIhvcNAQkQAgsxgYyggYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29t IEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYD VQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQT82hO6c2L4lCcoZh0xQXZzANBgkq hkiG9w0BAQEFAASCAQBZgD/QZXneCFioypSwb1wZNJQPe3dWkHRvScfDt/bEmzsG0ZOMrXJN tpke1qMXhJDBQxH0ppyt4ogdLZJz6HtPGPmbU/rodKDYu+H+SdndTHZCXCgx9cxGNM9NdQJP m6ZNQRrT5ELwfcNf9F7aF83na2unWwzio94Bqk0geKbnXCiexNkzBqPs+uve8fwzLB8JUNRQ OtAjwwzHXKTaXFNiMSnHVP3Uxq3uCIkf3jo7bzoJclXhWQn7vKWMt1xTdMwhDZ9pRox25CCI EZxWUAdV62UAhD4scuQN4qLwCz+YCCOXaySyZCFMf6uynxcH/3iH5p2FDmctLySlYHmtdFtr AAAAAAAA --------------ms060703080107010302030306-- From nobody Sat Oct 29 10:22:28 2016 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C9D1294B9; Sat, 29 Oct 2016 10:22:26 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.36.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147776174688.30589.3759161241757522148.idtracker@ietfa.amsl.com> Date: Sat, 29 Oct 2016 10:22:26 -0700 Archived-At: Cc: spasm@ietf.org Subject: [Spasm] I-D Action: draft-ietf-lamps-rfc5750-bis-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2016 17:22:27 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF. Title : Secure/Multipurpose Internet Mail Extensions (S/ MIME) Version 4.0 Certificate Handling Authors : Jim Schaad Blake Ramsdell Sean Turner Filename : draft-ietf-lamps-rfc5750-bis-01.txt Pages : 25 Date : 2016-10-29 Abstract: This document specifies conventions for X.509 certificate usage by Secure/Multipurpose Internet Mail Extensions (S/MIME) v4.0 agents. S/MIME provides a method to send and receive secure MIME messages, and certificates are an integral part of S/MIME agent processing. S/MIME agents validate certificates as described in RFC 5280, the Internet X.509 Public Key Infrastructure Certificate and CRL Profile. S/MIME agents must meet the certificate processing requirements in this document as well as those in RFC 5280. This document obsoletes RFC 3850. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5750-bis/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-lamps-rfc5750-bis-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-rfc5750-bis-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Oct 29 10:23:06 2016 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 04618129534; Sat, 29 Oct 2016 10:23:05 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.36.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147776178501.30602.15276760122594776269.idtracker@ietfa.amsl.com> Date: Sat, 29 Oct 2016 10:23:05 -0700 Archived-At: Cc: spasm@ietf.org Subject: [Spasm] I-D Action: draft-ietf-lamps-rfc5751-bis-02.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2016 17:23:05 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF. Title : Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification Authors : Jim Schaad Blake Ramsdell Sean Turner Filename : draft-ietf-lamps-rfc5751-bis-02.txt Pages : 55 Date : 2016-10-29 Abstract: This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 5751. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5751-bis/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-lamps-rfc5751-bis-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-rfc5751-bis-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Sat Oct 29 10:39:09 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96FB812955A for ; Sat, 29 Oct 2016 10:39:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.332 X-Spam-Level: X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TyXepsYTKnbN for ; Sat, 29 Oct 2016 10:39:06 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91666129407 for ; Sat, 29 Oct 2016 10:39:05 -0700 (PDT) Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sat, 29 Oct 2016 10:55:05 -0700 From: Jim Schaad To: 'SPASM' References: <147776174698.30589.7319194696870404055.idtracker@ietfa.amsl.com> In-Reply-To: <147776174698.30589.7319194696870404055.idtracker@ietfa.amsl.com> Date: Sat, 29 Oct 2016 10:38:52 -0700 Message-ID: <027001d2320b$520ba690$f622f3b0$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGxXRWwbwt6w1I7JdmMg6gjJsXP+KEBW6qw Content-Language: en-us X-Originating-IP: [24.21.96.37] Archived-At: Subject: [Spasm] FW: New Version Notification for draft-ietf-lamps-rfc5750-bis-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2016 17:39:07 -0000 I have updated both drafts for S/MIME. These drafts include: * Adding text to deal with internationalized email addresses * Key Management algorithms Not done: * Request to add P-384 as a supported curve at some level I think this means, with the possible exception of the above list, that = everything that is supposed to be in the document is now present. = Please check this and provide me with a list of things that I am still = missing. I will also go through the mail archive in the next week = looking for things as well. Jim > -----Original Message----- > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > Sent: Saturday, October 29, 2016 10:22 AM > To: Blake Ramsdell ; Sean Turner ; = Jim > Schaad > Subject: New Version Notification for = draft-ietf-lamps-rfc5750-bis-01.txt >=20 >=20 > A new version of I-D, draft-ietf-lamps-rfc5750-bis-01.txt > has been successfully submitted by Jim Schaad and posted to the IETF > repository. >=20 > Name: draft-ietf-lamps-rfc5750-bis > Revision: 01 > Title: Secure/Multipurpose Internet Mail Extensions (S/ MIME) > Version 4.0 Certificate Handling > Document date: 2016-10-29 > Group: lamps > Pages: 25 > URL: = https://www.ietf.org/internet-drafts/draft-ietf-lamps-rfc5750-bis- > 01.txt > Status: = https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5750-bis/ > Htmlized: = https://tools.ietf.org/html/draft-ietf-lamps-rfc5750-bis-01 > Diff: = https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-rfc5750-bis-01 >=20 > Abstract: > This document specifies conventions for X.509 certificate usage by > Secure/Multipurpose Internet Mail Extensions (S/MIME) v4.0 agents. > S/MIME provides a method to send and receive secure MIME messages, > and certificates are an integral part of S/MIME agent processing. > S/MIME agents validate certificates as described in RFC 5280, the > Internet X.509 Public Key Infrastructure Certificate and CRL = Profile. > S/MIME agents must meet the certificate processing requirements in > this document as well as those in RFC 5280. This document = obsoletes > RFC 3850. >=20 >=20 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > The IETF Secretariat From nobody Mon Oct 31 02:53:12 2016 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D2F6C129572; Mon, 31 Oct 2016 02:53:07 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.36.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147790758785.32490.5348370968039259236.idtracker@ietfa.amsl.com> Date: Mon, 31 Oct 2016 02:53:07 -0700 Archived-At: Cc: spasm@ietf.org Subject: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 09:53:08 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF. Title : Internationalized Email Addresses in X.509 certificates Authors : Alexey Melnikov Weihaw Chuang Filename : draft-ietf-lamps-eai-addresses-01.txt Pages : 10 Date : 2016-10-30 Abstract: This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name extension that allows a certificate subject to be associated with an Internationalized Email Address. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Oct 31 06:02:47 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4F0D129591 for ; Mon, 31 Oct 2016 06:02:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.197 X-Spam-Level: X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zCmUKHV1jcQh for ; Mon, 31 Oct 2016 06:02:45 -0700 (PDT) Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 831621297BD for ; Mon, 31 Oct 2016 06:02:35 -0700 (PDT) Received: by mail-oi0-x233.google.com with SMTP id 62so106967451oif.1 for ; Mon, 31 Oct 2016 06:02:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=HP7yQAZ286bYYtCvr8r9wQBNl2P/gBYfC8ZMWE5Gjnk=; b=lgoCdhLoLVHLsKILuC8RS820QaIzE6MbrJqe1C6Fu8OfbGxo+YMhpCkvT7skVOFClw uDZMM2GuikfSAngcN6ljPPz+qnmZzHbfeGL9XWjUUtbS2OG53E5yst4V1ZBfWv3ghvTH 075kxt0UaeHC6thfIpYy/AbRnRG8SgnYXJPRsRX108uQE2mfwNIvf2WpvnDVRQDCUbXK 8pPJkx7p0DspzGmHONp3WgYJs+agtz2QCGUQbY8rPliMyYpkPyO8xwe9WrCD/O4Zz+o7 vCE5PB7SV6FcvOA7AknyFoyv0YcMEJPMzerzylA3mdJ4jSumB7FJbKhO9nuqk2/sZl3v A54Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=HP7yQAZ286bYYtCvr8r9wQBNl2P/gBYfC8ZMWE5Gjnk=; b=iwoDttoRQM7LqCRwXUm0WFALKEbtteQ4RTMH6BRoLj6IM7DBdA1bCIab67LteJljqW quehM5tvlwnGi900Zd+oOw/ldzazH79ofMdHlkZSysZ01jXTwlzzMYm5VqG/ao+3OKW6 QLOF5fBmtQZHFSLmGzHYAyHtEqoetG0mIuUya7eb5eJYX6pKLpSLrC790smKT7qQvgtE AD/HkraAuBy5fwZ0kxXWNv8X4p3hXl3BEFVYHGos/Y6HRv7cjRf0c7QtxsLlFhzCnNY8 4FEOe0uL3vG5cBfuiu7pNu+5VrmAzXSS1ds8ZG9Le1PYdr6F2RzhPYRQGHfLuIDXttXH T+Tg== X-Gm-Message-State: ABUngve4YK38imjRVswUm7Nz9IPy4DSfypqfR/ynRyDQ2s0pVbwRLjsYSkJZp5EuCYV6Zyo1qWLKpfWTFqafJxvn X-Received: by 10.157.47.232 with SMTP id b37mr21805275otd.67.1477918954595; Mon, 31 Oct 2016 06:02:34 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.14.226 with HTTP; Mon, 31 Oct 2016 06:02:33 -0700 (PDT) From: Wei Chuang Date: Mon, 31 Oct 2016 06:02:33 -0700 Message-ID: To: SPASM Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a113d0a905023c6054028d27c" Archived-At: Subject: [Spasm] Fwd: I-D Action: draft-ietf-lamps-eai-addresses-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 13:02:47 -0000 --001a113d0a905023c6054028d27c Content-Type: multipart/alternative; boundary=001a113d0a904c3573054028d296 --001a113d0a904c3573054028d296 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This update includes changes for various comments: >From the SPASM list * Adding language for issuerAltName * ASN.1 Module (or rather an attempt at it. The hypothetical IANA numbers are for example only) * Disallowing wildcards I asked my co-worker Laetitia Baudoin to take a look. She mentions that Byte Order Marks BOM are problematic in practice (despite being discouraged in RFC3629), and mentions that an encoding example would be useful. * Disallowing BOM language added. The encoding example will have to come later. -Wei ---------- Forwarded message ---------- From: Date: Mon, Oct 31, 2016 at 2:53 AM Subject: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-01.txt To: i-d-announce@ietf.org Cc: spasm@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF. Title : Internationalized Email Addresses in X.509 certificates Authors : Alexey Melnikov Weihaw Chuang Filename : draft-ietf-lamps-eai-addresses-01.txt Pages : 10 Date : 2016-10-30 Abstract: This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name extension that allows a certificate subject to be associated with an Internationalized Email Address. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm --001a113d0a904c3573054028d296 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
This update includes changes for various comments:
From the SPASM list
* Adding language for issuerAltName
* ASN.1 Module (or rather an attempt at it.  The hypothetical IANA numbers are for example only)
* Disallowing wildcards

I asked my co-worker Laetitia Baudoin to take a look.  She mentions that Byte Order Marks BOM are problematic in practice (despite being discouraged in RFC3629), and mentions that an encoding example would be useful.
* Disallowing BOM language added.
The encoding example will have to come later.

-Wei

---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Mon, Oct 31, 2016 at 2:53 AM
Subject: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-01.txt
To: i-d-announce@ietf.org
Cc: spasm@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF.

        Title           : Internationalized Email Addresses in X.509 certificates
        Authors         : Alexey Melnikov
                          Weihaw Chuang
        Filename        : draft-ietf-lamps-eai-addresses-01.txt
        Pages           : 10
        Date            : 2016-10-30

Abstract:
   This document defines a new name form for inclusion in the otherName
   field of an X.509 Subject Alternative Name extension that allows a
   certificate subject to be associated with an Internationalized Email
   Address.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-01

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

--001a113d0a904c3573054028d296-- --001a113d0a905023c6054028d27c Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIS5wYJKoZIhvcNAQcCoIIS2DCCEtQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghBNMIIEXDCCA0SgAwIBAgIOSBtqDm4P/739RPqw/wcwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UE BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVy c29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hBMjU2IC0gRzIwHhcNMTYwNjE1MDAwMDAwWhcNMjEw NjE1MDAwMDAwWjBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEiMCAG A1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALR23lKtjlZW/17kthzYcMHHKFgywfc4vLIjfq42NmMWbXkNUabIgS8KX4PnIFsTlD6F GO2fqnsTygvYPFBSMX4OCFtJXoikP2CQlEvO7WooyE94tqmqD+w0YtyP2IB5j4KvOIeNv1Gbnnes BIUWLFxs1ERvYDhmk+OrvW7Vd8ZfpRJj71Rb+QQsUpkyTySaqALXnyztTDp1L5d1bABJN/bJbEU3 Hf5FLrANmognIu+Npty6GrA6p3yKELzTsilOFmYNWg7L838NS2JbFOndl+ce89gM36CW7vyhszi6 6LqqzJL8MsmkP53GGhf11YMP9EkmawYouMDP/PwQYhIiUO0CAwEAAaOCASIwggEeMA4GA1UdDwEB /wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIB ADAdBgNVHQ4EFgQUyzgSsMeZwHiSjLMhleb0JmLA4D8wHwYDVR0jBBgwFoAUJiSSix/TRK+xsBtt r+500ox4AAMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n c3BlcnNvbmFsc2lnbnB0bnJzc2hhMmcyLmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG 9w0BAQsFAAOCAQEACskdySGYIOi63wgeTmljjA5BHHN9uLuAMHotXgbYeGVrz7+DkFNgWRQ/dNse Qa4e+FeHWq2fu73SamhAQyLigNKZF7ZzHPUkSpSTjQqVzbyDaFHtRBAwuACuymaOWOWPePZXOH9x t4HPwRQuur57RKiEm1F6/YJVQ5UTkzAyPoeND/y1GzXS4kjhVuoOQX3GfXDZdwoN8jMYBZTO0H5h isymlIl6aot0E5KIKqosW6mhupdkS1ZZPp4WXR4frybSkLejjmkTYCTUmh9DuvKEQ1Ge7siwsWgA NS1Ln+uvIuObpbNaeAyMZY0U5R/OyIDaq+m9KXPYvrCZ0TCLbcKuRzCCBB4wggMGoAMCAQICCwQA AAAAATGJxkCyMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAt IFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTExMDgwMjEw MDAwMFoXDTI5MDMyOTEwMDAwMFowZDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24g bnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hB MjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hRKosYAGP+P7mIdq5NB Kr3J0tg+8lPATlgp+F6W9CeIvnXRGUvdniO+BQnKxnX6RsC3AnE0hUUKRaM9/RDDWldYw35K+sge C8fWXvIbcYLXxWkXz+Hbxh0GXG61Evqux6i2sKeKvMr4s9BaN09cqJ/wF6KuP9jSyWcyY+IgL6u2 52my5UzYhnbf7D7IcC372bfhwM92n6r5hJx3r++rQEMHXlp/G9J3fftgsD1bzS7J/uHMFpr4MXua eoiMLV5gdmo0sQg23j4pihyFlAkkHHn4usPJ3EePw7ewQT6BUTFyvmEB+KDoi7T4RCAZDstgfpzD rR/TNwrK8/FXoqnFAgMBAAGjgegwgeUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C AQEwHQYDVR0OBBYEFCYkkosf00SvsbAbba/udNKMeAADMEcGA1UdIARAMD4wPAYEVR0gADA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMB8GA1UdIwQY MBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQACAFVjHihZCV/IqJYt 7Nig/xek+9g0dmv1oQNGYI1WWeqHcMAV1h7cheKNr4EOANNvJWtAkoQz+076Sqnq0Puxwymj0/+e oQJ8GRODG9pxlSn3kysh7f+kotX7pYX5moUa0xq3TCjjYsF3G17E27qvn8SJwDsgEImnhXVT5vb7 qBYKadFizPzKPmwsJQDPKX58XmPxMcZ1tG77xCQEXrtABhYC3NBhu8+c5UoinLpBQC1iBnNpNwXT Lmd4nQdf9HCijG1e8myt78VP+QSwsaDT7LVcLT2oDPVggjhVcwljw3ePDwfGP9kNrR+lc8XrfClk WbrdhC2o4Ui28dtIVHd3MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAw TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24x EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEG A1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X 17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hp sk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7 DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBL QNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV 3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyr VQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E 7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fMIIEZDCCA0ygAwIBAgIMZN1N4N3KNCF5ZBTQMA0G CSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw IAYDVQQDExlHbG9iYWxTaWduIEhWIFMvTUlNRSBDQSAxMB4XDTE2MTAyNjE4NDI0NVoXDTE3MDQy NDE4NDI0NVowIjEgMB4GCSqGSIb3DQEJAQwRd2VpaGF3QGdvb2dsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDiNpZ5E2IqcxktrcD1X5jWksphe1Ur882fsZM99Y4hiVugSVOb zIZIxoh3ckmGpUFyK1un6AU9Rxq9GSSkRskGAaSGrGcy7ncPi7Z1NlOJN25oXFmzituZsZeYIs0S QqT9hlDpLGc95r1CpsuTlaIB8m9Uvi+H6sGecVb2TOuGbRViQIWWf5GWk2AlJYhBFyJv7regqVa8 v3fx6SLkn/hIzBQf7xpVJzG6kAa09ZE0LoPdp5YV+Hv38EqDOWjm+g6Qbh1NADhdGpbmQDp9kdlm 6WZjCMwryQukdCypLKI2BPa08F18LZktaQNlJ2s7VxDJj2ozxomeBpSK6rxSxLAjAgMBAAGjggFu MIIBajAcBgNVHREEFTATgRF3ZWloYXdAZ29vZ2xlLmNvbTBQBggrBgEFBQcBAQREMEIwQAYIKwYB BQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzaHZzbWltZWNhMS5j cnQwHQYDVR0OBBYEFIMwgx+nNfYP3NyOZfiHYydFyNdQMB8GA1UdIwQYMBaAFMs4ErDHmcB4koyz IZXm9CZiwOA/MEwGA1UdIARFMEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9j cmwuZ2xvYmFsc2lnbi5jb20vZ3NodnNtaW1lY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAO0J2vGX8ye90RegS3 HS+OE2hGEdDYJlR+S9ZSpla5AC9eejUKUc9JZR3y0ocGeQ3FQyXjM5/azBblqz/ajAbj2Fxuge45 SdRXrItDhAGWtQNl3utu2Uhf4y3re4ZRjApnhEBBX1l0E2BJuHf8MmqMhVU70Ko6Lk3lyPxnBeWo Q3tG2He3CNCkq/SDImq9vf8CNoxKxEkCP+kI+/NaCh5peLygU1h7Dc0ryWAcrxRWn8GUeEOg28MI vpwttw54cNR4YJYJVuiXCNc6PqkT/JxCiMvHS1woXJuET6QZSPtpNtvhNu90sV68Q7b2m6Vp8QTn xbzoEIHhiQWIcfphXjbeMYICXjCCAloCAQEwXDBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEiMCAGA1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMQIMZN1N4N3K NCF5ZBTQMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCDucoCg2mAHUjW8QL32iTlK qhZKh1ves6b/n0L4358RYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjEwMzExMzAyMzRaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB FjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzALBglg hkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEATkPyec0attCdsYo7bEWxeFpcTrw5kHcDLaHxBRWB jL/SQMJX8xTRJ/yjhz2q3jRxtl59YV+goXBwi7dLJ+w/x676h/G0u+DcFGq1Q3wIX9FwqYCoV9Lt Ix3B2YMW7ATEDj+DhE6jpjbtgj6OT4Yl9ZGd7HAmqy04Ai67Nd6w/Ohu9fHV/PwZz86vJXEjeKGo AGWp3+HSEBDQMhUC/I8zkj002d1HyA6xQ50sx3tr1yMluFvTs8fUiPxoA/OJ1OjpNZxr27pUeaJB LNDgOquVHAdkBVoscwVhvaRE+6xg1g88w48QUYAvCf0EqdeA9ar1QOW6vTOmQBH4L5duY1ijtg== --001a113d0a905023c6054028d27c-- From nobody Mon Oct 31 06:40:55 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 927A6129437 for ; Mon, 31 Oct 2016 06:40:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.197 X-Spam-Level: X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7zdIwrnZcr64 for ; Mon, 31 Oct 2016 06:40:43 -0700 (PDT) Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E799C1294DA for ; Mon, 31 Oct 2016 06:40:42 -0700 (PDT) Received: by mail-oi0-x235.google.com with SMTP id 62so108876439oif.1 for ; Mon, 31 Oct 2016 06:40:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ULuNlvnsk+eCQXmD6RRxp1jD/lX6pTDkQ58foyvIa3Q=; b=HwVdWJjNQmKkmvmszLCruZqnDIDPltzwQHBcaU8VVqXLDuCFW9AVjKZjzJx/BQUZP5 /bG7OHZ1B5hWfjX1HfJeqfMNt495tdR3aVA1FVfC0eXeSjXGJHBnUlq61gK4yZGaUMqJ os3lkIVqe4oRnW7wLcB8JTGg/Wl2Hb/KtnINvzcf3g7NEU3dJAcnYxlkF7YlOBYlvl5f cAmr4ozArZ9qeba2REhHSqCVwlU4hkNe0lnKZDDh4pkbeHteCyqXAzBFP5x3sKMds4KP HJag+Uh4ZYJ8nwgE0Jp7VWevSkuGcMKJaCTJWWJe92AiUTPW2VIjMMaV6ilCYwkkTDOo 1wlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ULuNlvnsk+eCQXmD6RRxp1jD/lX6pTDkQ58foyvIa3Q=; b=Wc/Hm8Hn7IfAq9581sRFP5Ifz06G3qP7NDCtUSuAtPQ6BKwuH6mWbT6khTC+7un/El XJ3lilqle9HP+Jm/iCI8sE7R1jX7n5pKxcKsJS/eh9I6Jg+71IC8z4FTwtIBWkfWmKOj AA5muRNwpn5cxIroQD7t/VUU2BkTp1tM0FsW0aikZ7VqYpsJrSSMpndDBVUjNk8he2wV rsYfjkXB6Dah6D7P3QNdYsOCREkJXSA7VWEqyiJomv5C2Kt/BAKQpO2yKHyNiKA8Uc00 75SbJG57G788hpr/UFyAenh82RzuFwIX7oyIUM8bCk8CMwHMHax3BWYLF6kD16g4TRDM HWBg== X-Gm-Message-State: ABUngvdX0T41d6HcdL4yDQMhsOpVcxjKDWpudtS2wf2RSTQ+9i0S083Pq930ztuHAWzwcO3Qm1hDwjIgs58gLBs+ X-Received: by 10.157.4.84 with SMTP id 78mr14370774otc.205.1477921242142; Mon, 31 Oct 2016 06:40:42 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.14.226 with HTTP; Mon, 31 Oct 2016 06:40:41 -0700 (PDT) In-Reply-To: References: From: Wei Chuang Date: Mon, 31 Oct 2016 06:40:41 -0700 Message-ID: To: Phillip Hallam-Baker Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a113f14d2a9c7be0540295a76" Archived-At: Cc: SPASM Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 13:40:52 -0000 --001a113f14d2a9c7be0540295a76 Content-Type: multipart/alternative; boundary=001a113f14d2a53bd80540295a69 --001a113f14d2a53bd80540295a69 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [Usual caveat about not speaking on behalf of the employer] I've also been wondering if EV like guidelines with S/MIME in certain use cases could help users better understand identity. I think having additional discussion about enhanced identity would be very helpful and agree the timing is right. Now just to clarify my understanding, is the CABForum specifically looking at this as well? -Wei On Fri, Oct 28, 2016 at 7:12 AM, Phillip Hallam-Baker wrote: > Just a heads up for people in this group that there is a working group > starting in CABForum looking at client certificate validation processes. > > One point that it might be useful to work on jointly would be ways of > making use of organization level certificates in S/MIME systems. The WebPKI > works well at what it is designed to do. The problem with the WebPKI is > that is a subset of people want it to do. > > > By 2030 I would love to see secure email to have got to the point where > there is something like 'booths in shopping malls' where professionals, > doctors, lawyers, etc. go to get their credentials notarized. But we aren't > close to that yet and we won't ever get there unless we have another way to > get to critical mass. > > Making use of EV guidelines or some variant thereof to jumpstart the > process of issue seems like it could be a way to get to deployment of > S/MIME in the public space. > > > Right now we have a perfect storm as far as end to end email security is > concerned. Snowden has got the tech community worked up on the issue. And > email security is currently the top issue in the US Presidential election. > I think that is a ludicrous situation but whoever wins is very likely to > make fixing email insecurity a priority. > > And no, I don't think the opponents of strong crypto are going to stand in > the way this time. In fact I think they will soon be looking for new jobs. > Yes, even the one who thinks he has tenure. > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > > --001a113f14d2a53bd80540295a69 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
[Usual caveat about not speaking on behalf of the employer]

I've also been wondering if EV like guidelines with S/MIME in certain use cases could help users better understand identity. I think having additional discussion about enhanced identity would be very helpful and agree the timing is right. Now just to clarify my understanding, is the CABForum specifically looking at this as well? 

-Wei



On Fri, Oct 28, 2016 at 7:12 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
Just a heads up for people in this group that there is a working group starting in CABForum looking at client certificate validation processes.

One point that it might be useful to work on jointly would be ways of making use of organization level certificates in S/MIME systems. The WebPKI works well at what it is designed to do. The problem with the WebPKI is that is a subset of people want it to do.


By 2030 I would love to see secure email to have got to the point where there is something like 'booths in shopping malls' where professionals, doctors, lawyers, etc. go to get their credentials notarized. But we aren't close to that yet and we won't ever get there unless we have another way to get to critical mass.

Making use of EV guidelines or some variant thereof to jumpstart the process of issue seems like it could be a way to get to deployment of S/MIME in the public space.


Right now we have a perfect storm as far as end to end email security is concerned. Snowden has got the tech community worked up on the issue. And email security is currently the top issue in the US Presidential election. I think that is a ludicrous situation but whoever wins is very likely to make fixing email insecurity a priority.

And no, I don't think the opponents of strong crypto are going to stand in the way this time. In fact I think they will soon be looking for new jobs. Yes, even the one who thinks he has tenure.

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm


--001a113f14d2a53bd80540295a69-- --001a113f14d2a9c7be0540295a76 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIS5wYJKoZIhvcNAQcCoIIS2DCCEtQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghBNMIIEXDCCA0SgAwIBAgIOSBtqDm4P/739RPqw/wcwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UE BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVy c29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hBMjU2IC0gRzIwHhcNMTYwNjE1MDAwMDAwWhcNMjEw NjE1MDAwMDAwWjBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEiMCAG A1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALR23lKtjlZW/17kthzYcMHHKFgywfc4vLIjfq42NmMWbXkNUabIgS8KX4PnIFsTlD6F GO2fqnsTygvYPFBSMX4OCFtJXoikP2CQlEvO7WooyE94tqmqD+w0YtyP2IB5j4KvOIeNv1Gbnnes BIUWLFxs1ERvYDhmk+OrvW7Vd8ZfpRJj71Rb+QQsUpkyTySaqALXnyztTDp1L5d1bABJN/bJbEU3 Hf5FLrANmognIu+Npty6GrA6p3yKELzTsilOFmYNWg7L838NS2JbFOndl+ce89gM36CW7vyhszi6 6LqqzJL8MsmkP53GGhf11YMP9EkmawYouMDP/PwQYhIiUO0CAwEAAaOCASIwggEeMA4GA1UdDwEB /wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIB ADAdBgNVHQ4EFgQUyzgSsMeZwHiSjLMhleb0JmLA4D8wHwYDVR0jBBgwFoAUJiSSix/TRK+xsBtt r+500ox4AAMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n c3BlcnNvbmFsc2lnbnB0bnJzc2hhMmcyLmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG 9w0BAQsFAAOCAQEACskdySGYIOi63wgeTmljjA5BHHN9uLuAMHotXgbYeGVrz7+DkFNgWRQ/dNse Qa4e+FeHWq2fu73SamhAQyLigNKZF7ZzHPUkSpSTjQqVzbyDaFHtRBAwuACuymaOWOWPePZXOH9x t4HPwRQuur57RKiEm1F6/YJVQ5UTkzAyPoeND/y1GzXS4kjhVuoOQX3GfXDZdwoN8jMYBZTO0H5h isymlIl6aot0E5KIKqosW6mhupdkS1ZZPp4WXR4frybSkLejjmkTYCTUmh9DuvKEQ1Ge7siwsWgA NS1Ln+uvIuObpbNaeAyMZY0U5R/OyIDaq+m9KXPYvrCZ0TCLbcKuRzCCBB4wggMGoAMCAQICCwQA AAAAATGJxkCyMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAt IFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTExMDgwMjEw MDAwMFoXDTI5MDMyOTEwMDAwMFowZDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24g bnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hB MjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hRKosYAGP+P7mIdq5NB Kr3J0tg+8lPATlgp+F6W9CeIvnXRGUvdniO+BQnKxnX6RsC3AnE0hUUKRaM9/RDDWldYw35K+sge C8fWXvIbcYLXxWkXz+Hbxh0GXG61Evqux6i2sKeKvMr4s9BaN09cqJ/wF6KuP9jSyWcyY+IgL6u2 52my5UzYhnbf7D7IcC372bfhwM92n6r5hJx3r++rQEMHXlp/G9J3fftgsD1bzS7J/uHMFpr4MXua eoiMLV5gdmo0sQg23j4pihyFlAkkHHn4usPJ3EePw7ewQT6BUTFyvmEB+KDoi7T4RCAZDstgfpzD rR/TNwrK8/FXoqnFAgMBAAGjgegwgeUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C AQEwHQYDVR0OBBYEFCYkkosf00SvsbAbba/udNKMeAADMEcGA1UdIARAMD4wPAYEVR0gADA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMB8GA1UdIwQY MBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQACAFVjHihZCV/IqJYt 7Nig/xek+9g0dmv1oQNGYI1WWeqHcMAV1h7cheKNr4EOANNvJWtAkoQz+076Sqnq0Puxwymj0/+e oQJ8GRODG9pxlSn3kysh7f+kotX7pYX5moUa0xq3TCjjYsF3G17E27qvn8SJwDsgEImnhXVT5vb7 qBYKadFizPzKPmwsJQDPKX58XmPxMcZ1tG77xCQEXrtABhYC3NBhu8+c5UoinLpBQC1iBnNpNwXT Lmd4nQdf9HCijG1e8myt78VP+QSwsaDT7LVcLT2oDPVggjhVcwljw3ePDwfGP9kNrR+lc8XrfClk WbrdhC2o4Ui28dtIVHd3MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAw TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24x EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEG A1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X 17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hp sk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7 DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBL QNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV 3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyr VQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E 7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fMIIEZDCCA0ygAwIBAgIMZN1N4N3KNCF5ZBTQMA0G CSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw IAYDVQQDExlHbG9iYWxTaWduIEhWIFMvTUlNRSBDQSAxMB4XDTE2MTAyNjE4NDI0NVoXDTE3MDQy NDE4NDI0NVowIjEgMB4GCSqGSIb3DQEJAQwRd2VpaGF3QGdvb2dsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDiNpZ5E2IqcxktrcD1X5jWksphe1Ur882fsZM99Y4hiVugSVOb zIZIxoh3ckmGpUFyK1un6AU9Rxq9GSSkRskGAaSGrGcy7ncPi7Z1NlOJN25oXFmzituZsZeYIs0S QqT9hlDpLGc95r1CpsuTlaIB8m9Uvi+H6sGecVb2TOuGbRViQIWWf5GWk2AlJYhBFyJv7regqVa8 v3fx6SLkn/hIzBQf7xpVJzG6kAa09ZE0LoPdp5YV+Hv38EqDOWjm+g6Qbh1NADhdGpbmQDp9kdlm 6WZjCMwryQukdCypLKI2BPa08F18LZktaQNlJ2s7VxDJj2ozxomeBpSK6rxSxLAjAgMBAAGjggFu MIIBajAcBgNVHREEFTATgRF3ZWloYXdAZ29vZ2xlLmNvbTBQBggrBgEFBQcBAQREMEIwQAYIKwYB BQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzaHZzbWltZWNhMS5j cnQwHQYDVR0OBBYEFIMwgx+nNfYP3NyOZfiHYydFyNdQMB8GA1UdIwQYMBaAFMs4ErDHmcB4koyz IZXm9CZiwOA/MEwGA1UdIARFMEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9j cmwuZ2xvYmFsc2lnbi5jb20vZ3NodnNtaW1lY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAO0J2vGX8ye90RegS3 HS+OE2hGEdDYJlR+S9ZSpla5AC9eejUKUc9JZR3y0ocGeQ3FQyXjM5/azBblqz/ajAbj2Fxuge45 SdRXrItDhAGWtQNl3utu2Uhf4y3re4ZRjApnhEBBX1l0E2BJuHf8MmqMhVU70Ko6Lk3lyPxnBeWo Q3tG2He3CNCkq/SDImq9vf8CNoxKxEkCP+kI+/NaCh5peLygU1h7Dc0ryWAcrxRWn8GUeEOg28MI vpwttw54cNR4YJYJVuiXCNc6PqkT/JxCiMvHS1woXJuET6QZSPtpNtvhNu90sV68Q7b2m6Vp8QTn xbzoEIHhiQWIcfphXjbeMYICXjCCAloCAQEwXDBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEiMCAGA1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMQIMZN1N4N3K NCF5ZBTQMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCDmKGj8krnQeGjNSNFVrAZ3 zmqACI4Nc85DqNI7PmVbHzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjEwMzExMzQwNDJaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB FjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzALBglg hkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAI13Yp40/UJ+SdnDX21SWEfAIxpVv+lMiJzBx/gxU kCW84+giBumtee5XtFTtPUf+tnt5PL8ni1/0pbwFz8rg+tcJxPt8RHYCxML1gNqOyEY4EHEpsWxW w2WAjyq4AdlJboI9T0iT7elTTHMN2zwfBcSZfdkBwvsBVtSaKgisDO+6vg5fkgEyqD1BSmuLoO/6 EFLboSSUnT5ByLD/NHjf8H9gpJ5Ino9jSuQ0k8kWTVKa20efNbdBE0U9jVGJHWd+pnW5rt6rTEho pol1rBYDKsyuI/T5xDY7lRG+ROsTILD6Vt6Xq9BzIjIyYlfOcbSGTFPSoMxukeJqRj3JvJGSKw== --001a113f14d2a9c7be0540295a76-- From nobody Mon Oct 31 07:20:19 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4554129801 for ; Mon, 31 Oct 2016 07:20:17 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SeLSHzjBXMjZ for ; Mon, 31 Oct 2016 07:20:16 -0700 (PDT) Received: from mail-yw0-x22e.google.com (mail-yw0-x22e.google.com [IPv6:2607:f8b0:4002:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 369511297C9 for ; Mon, 31 Oct 2016 07:20:16 -0700 (PDT) Received: by mail-yw0-x22e.google.com with SMTP id w3so138352022ywg.1 for ; Mon, 31 Oct 2016 07:20:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gPOIDhv81DnARTlkZRoJvG9qwW1Ua5ZHD50DedyRZ84=; b=KTIQyu3vlgGQXpmQHxiwNlltv6LfCGk88ul2TaKHVJk7lfRSjYw1h0EW4Kxsy7QslW vqvW2sMUSVxL3v3sz3KNn80OXdXVHXS2yw+w3SXgaeA9QggRT+vpfvsvxnCAKUjRHcJh i1ETtdciYFk+Yjz5C/r3rxuD9782XegkL/npLiF25Ygemj1BirF+1ku7Be/+TkR9b+hC OZ1geTftkDF/2WlSmuIKVc2hec/jGHZJEMKGRFA6Hvrxi7FjM1o8lAMVMmA+pSigJ55w dAvPD4PQYr7Lu+VVb4il903mypGtIwfCOYFbMVPfC7Mz1PdurHBpcyRcNtnCF3i6NcRS kyCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gPOIDhv81DnARTlkZRoJvG9qwW1Ua5ZHD50DedyRZ84=; b=iGt3tXRJBhs2+YzITWYdz7YuWWCJTLy3CeTJzP8KyeWOUiLO+xU7yvhxKZO3LFpFsP V/4qSVnLzEgHq3B7OPbN5Sgtj3o4M32CZtxcANtMBtHAa3ohWQw16DmVgcGUrU8SLrTU 7tYbVMtvr5rKZKY0JrDX07jzW/DOVesVZGvOLJ/omA8WvfXutuaud6CcUxg9DBhwCFWp ITGOvMljP9MRpVTbv0hzJEmO0Q4F259xVNahrdk1fwwu4wN92LePewk41wIZ1q7O0Ra7 Zb1/uwDptCLtvAVkrSGR/3rt/LIDoXl1NH1d/TyM3HSz6uWaoKAj78PZLWDUhukDf82T +jpw== X-Gm-Message-State: ABUngvchFQQThfHoImLHtw01LHU3mr+SNYgPNbv7SUhBygCYeXBD7EwhitiBBXaNO2nl6Jkzm8kEPwuVCwjO8Q== X-Received: by 10.36.93.83 with SMTP id w80mr8734645ita.90.1477923614906; Mon, 31 Oct 2016 07:20:14 -0700 (PDT) MIME-Version: 1.0 Received: by 10.64.39.68 with HTTP; Mon, 31 Oct 2016 07:20:14 -0700 (PDT) In-Reply-To: References: From: Peter Bowen Date: Mon, 31 Oct 2016 07:20:14 -0700 Message-ID: To: Wei Chuang Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: SPASM , Phillip Hallam-Baker Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 14:20:18 -0000 The CABForum is in the process of updating its bylaws and IPR agreement to to allow it to expand scope. One of the things members have suggested discussing is S/MIME certificates, but a working group has not yet been started. It is worth noting that anyone can join CABForum working group discussions as long as they agree to the IPR agreement. In CABF parlance, these are "Interested Parties". I will make sure there is a call for participation on this list when the CABF WG is created. Thanks, Peter On Mon, Oct 31, 2016 at 6:40 AM, Wei Chuang wrote: > [Usual caveat about not speaking on behalf of the employer] > > I've also been wondering if EV like guidelines with S/MIME in certain use > cases could help users better understand identity. I think having additional > discussion about enhanced identity would be very helpful and agree the > timing is right. Now just to clarify my understanding, is the CABForum > specifically looking at this as well? > > -Wei > > > > On Fri, Oct 28, 2016 at 7:12 AM, Phillip Hallam-Baker > wrote: >> >> Just a heads up for people in this group that there is a working group >> starting in CABForum looking at client certificate validation processes. >> >> One point that it might be useful to work on jointly would be ways of >> making use of organization level certificates in S/MIME systems. The WebPKI >> works well at what it is designed to do. The problem with the WebPKI is that >> is a subset of people want it to do. >> >> >> By 2030 I would love to see secure email to have got to the point where >> there is something like 'booths in shopping malls' where professionals, >> doctors, lawyers, etc. go to get their credentials notarized. But we aren't >> close to that yet and we won't ever get there unless we have another way to >> get to critical mass. >> >> Making use of EV guidelines or some variant thereof to jumpstart the >> process of issue seems like it could be a way to get to deployment of S/MIME >> in the public space. >> >> >> Right now we have a perfect storm as far as end to end email security is >> concerned. Snowden has got the tech community worked up on the issue. And >> email security is currently the top issue in the US Presidential election. I >> think that is a ludicrous situation but whoever wins is very likely to make >> fixing email insecurity a priority. >> >> And no, I don't think the opponents of strong crypto are going to stand in >> the way this time. In fact I think they will soon be looking for new jobs. >> Yes, even the one who thinks he has tenure. >> >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >> > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > From nobody Mon Oct 31 07:50:40 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50F271295B8 for ; Mon, 31 Oct 2016 07:50:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.198 X-Spam-Level: X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qiOGQ4RUAq1Z for ; Mon, 31 Oct 2016 07:50:36 -0700 (PDT) Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id EA3C91295A8 for ; Mon, 31 Oct 2016 07:50:35 -0700 (PDT) Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 792E3200056; Mon, 31 Oct 2016 14:50:35 +0000 (GMT) Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id 608D7200052; Mon, 31 Oct 2016 14:50:35 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1477925435; bh=GVOkegobi9v0kTcPsx5VTOuf29Iat9M5LenndltKP+s=; l=292; h=From:To:CC:Date:References:In-Reply-To:From; b=O42nJPrn0FffLmf/pL9Pb4gsproBL8dtvblrrkskZH7+pBJEcKsaoInkM/KUeCvYc 0MWJIWJLnByQ4e79YkwmFtGwcrOLocLcUzhcSojTOkCy4FrRkzqQW8sUz+jz2Fd3wB xXHfDuL8XsFTmPUGcND6JK2yNhoby+IsOF+J2ta8= Received: from email.msg.corp.akamai.com (usma1ex-cas2.msg.corp.akamai.com [172.27.123.31]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id 47EA31E08C; Mon, 31 Oct 2016 14:50:35 +0000 (GMT) Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 31 Oct 2016 07:50:34 -0700 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1178.000; Mon, 31 Oct 2016 10:50:34 -0400 From: "Salz, Rich" To: Peter Bowen , Wei Chuang Thread-Topic: [Spasm] CAB Forum efforts on S/MIME and client certs Thread-Index: AQHSMSVL0XPSzyzJEk2VtE1WRV4zYqDC2YGAgAALDQD//8VD4A== Date: Mon, 31 Oct 2016 14:50:34 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.42.7] Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: SPASM , Phillip Hallam-Baker Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 14:50:38 -0000 > It is worth noting that anyone can join CABForum working group discussion= s > as long as they agree to the IPR agreement. Can interested parties vote on the ballots? -- =20 Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richsalz@jabber.at Twitter: RichSalz From nobody Mon Oct 31 08:08:15 2016 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 29AB4129405; Mon, 31 Oct 2016 08:08:09 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 6.36.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <147792648906.32501.12580430991660740969.idtracker@ietfa.amsl.com> Date: Mon, 31 Oct 2016 08:08:09 -0700 Archived-At: Cc: spasm@ietf.org Subject: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-02.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 15:08:10 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF. Title : Internationalized Email Addresses in X.509 certificates Authors : Alexey Melnikov Weihaw Chuang Filename : draft-ietf-lamps-eai-addresses-02.txt Pages : 10 Date : 2016-10-31 Abstract: This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name extension that allows a certificate subject to be associated with an Internationalized Email Address. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-02 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Oct 31 08:08:37 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38E91129558 for ; Mon, 31 Oct 2016 08:08:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hjcu0kvA3fkY for ; Mon, 31 Oct 2016 08:08:35 -0700 (PDT) Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D8F4129528 for ; Mon, 31 Oct 2016 08:08:29 -0700 (PDT) Received: by mail-yw0-x22d.google.com with SMTP id l124so2743000ywb.3 for ; Mon, 31 Oct 2016 08:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=v8Kb4A0DdH7dPcdFsxZWbZ0WqhGSyAOgSN28jfz5bF0=; b=Rr4Inr4MZyGtHIM+pYCgyTKq8+7fdF10rOrUXqkvBciMX4IZF1c0dfzLOYpjPA68Mj goQc9it/q8ts21aTwPl3J1n9kLieS109EPCYQOl/9TEcz90PMSNbmCwMNTk2zeuA6YKr jdjwBYMMfkvGSiIuvG3Oxmam+2ULBzEHZCzAe2ikTghYsCEAA3gnD2nIib7Z4JpGRpOb Y7P0uJgSm5Eaiwzav2N4Mruf5aWp3IvzW9/F175Dwe+49bjMtRIHdlxVCxbMBu++gGPc YPHPm4BA1UR+H+ixJJlXPqrIHvwh3lbRr/LnX4PJDlfbcnPrcCeq3ebs23jsoMWi7HyP Kf9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=v8Kb4A0DdH7dPcdFsxZWbZ0WqhGSyAOgSN28jfz5bF0=; b=QgoCi5QzAf0oicAyAKNhfl/ENbXAph1gKwziYkqi8060PMN2jB/jtCTTw/2NZMKwOV oB3xes+AieghA6NJhZNB19iB3vqnUVq665Iui9eNUdDdXm2ZXcH28qg5Hmb0WwxZ2g1s hoO2dVjVdAegpo3f/nX8UPKP7d3qUnK119Y/yENfQ+V93kOr7QaEhGLjQNwUysZmm/DY 5pdkOQSnePTowEbceqjSXqNMrfPLamuDu7lOKQms4FIPW5as9jlD9Maqu00AIVPnjw7E PokSx4dC+J/2zjajO20QeOfBCCGjZX+CC26mhPykXCtPtdmI6GcjzVyd5Mi1isbQRhLa KpXg== X-Gm-Message-State: ABUngvdZIosgOXMYwtc07TnlN8Ya1jeIBcD5CmKinrcjxBYj74HcbuTA6xbAndPnDampunhQ4OxWSI3WewJ4aA== X-Received: by 10.36.22.67 with SMTP id a64mr7890241ita.58.1477926507740; Mon, 31 Oct 2016 08:08:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.64.39.68 with HTTP; Mon, 31 Oct 2016 08:08:26 -0700 (PDT) In-Reply-To: References: From: Peter Bowen Date: Mon, 31 Oct 2016 08:08:26 -0700 Message-ID: To: "Salz, Rich" Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: Wei Chuang , SPASM , Phillip Hallam-Baker Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 15:08:37 -0000 On Mon, Oct 31, 2016 at 7:50 AM, Salz, Rich wrote: >> It is worth noting that anyone can join CABForum working group discussions >> as long as they agree to the IPR agreement. > > Can interested parties vote on the ballots? In the new model, each working group will have its own voting rules. However, as it is currently, we expect that: 1) the general object is to achieve consensus and make voting more of a formality and 2) any guidelines published by a CABForum working group (like those published by the Forum itself today) are not binding. They simply provide a common set of rules that trust anchor list maintainers may adopt in full or in part as conditions for entry into and retention in the trust anchor list. Thanks, Peter From nobody Mon Oct 31 08:10:47 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A5FE128B37 for ; Mon, 31 Oct 2016 08:10:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.937 X-Spam-Level: X-Spam-Status: No, score=-3.937 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MV8zJpAlv49D for ; Mon, 31 Oct 2016 08:10:44 -0700 (PDT) Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 477CB129466 for ; Mon, 31 Oct 2016 08:10:44 -0700 (PDT) Received: by mail-oi0-x22e.google.com with SMTP id 128so36293157oih.0 for ; Mon, 31 Oct 2016 08:10:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vXglPANo4W+Yk7HkCP5VEZrult1Quxx+zEDAe8B85FE=; b=Ym7wZ51FJlzmczVh5aZQIOLnu1fX2iLWZRNeasRemhOWW/h4Ocb38qyDlew1hKGnjm urafV4/2mWDUhuMu7w7eWDCU1LfuaVZMm3MpTOjwyOa+5U2U8lf5XHETUSNAcuHFfQ9g I0OJOV6PAaDPF6FMhO+m3DwDU7LHHtiP6v0vNs/mWH7faFZ4bRaTF5mwm/swtKWBhldn uEa78RuDC2xOaTikVNn5GWZUTlJD+5FGVENa3Qw/jwBqcu3qltQwUw7W25Gjl3CTPbhH 1HWaomZ5jihBsHWLg53gJUo051ytn3ld1t5EUx/aOjtjnfmW787kjtYcuHUTfkfEBJTW 1crA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vXglPANo4W+Yk7HkCP5VEZrult1Quxx+zEDAe8B85FE=; b=ffDY/7wVuWJ6TrqXSptEVFunnOm96XtHK4CV2Q1kteHbhnare5WI5K54lLswygHHQ5 E8TMavx+40idxjQxz2aXi6cAHOZfmXPvy6a0KJr6VVJZu1bCdCyZVjkRpn8BVBgNdalr RWIovKWoE6HhRaIl0TiYJnfnmfgP7Nhy2QkC9ECfdAnaEq+GC0MGohd4BDKQ6QuAuzc2 Ayrg6y/t1eSdeQ9zoO+jMoVLrEPosbi4O+WViK2XzbYx59blrJXeZctbaRQqvHFVkhyq hDC3bKb+rn505/blGPMLrMnr8yhLjE6Dp7mLW0heba0li3WP1awYRkWTLnGjGDK/9YXM aKpQ== X-Gm-Message-State: ABUngvdXMNSrwJmW1VW3mbVMkJqQ9ymgl0LtvRBH9fr/oa1NIg1yDV/35TQpdbggt2Pfp1P+MfgDpwqvnWNqPN0X X-Received: by 10.202.61.2 with SMTP id k2mr15709296oia.44.1477926643274; Mon, 31 Oct 2016 08:10:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.157.14.226 with HTTP; Mon, 31 Oct 2016 08:10:42 -0700 (PDT) In-Reply-To: References: From: Wei Chuang Date: Mon, 31 Oct 2016 08:10:42 -0700 Message-ID: To: SPASM Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="001a113cd6a6986dc805402a9c7d" Archived-At: Subject: Re: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 15:10:46 -0000 --001a113cd6a6986dc805402a9c7d Content-Type: multipart/alternative; boundary=001a113cd6a69415eb05402a9c3c --001a113cd6a69415eb05402a9c3c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit And the document has been updated to 02 to change the example IANA numbers to TBD. -Wei On Mon, Oct 31, 2016 at 6:02 AM, Wei Chuang wrote: > This update includes changes for various comments: > From the SPASM list > * Adding language for issuerAltName > * ASN.1 Module (or rather an attempt at it. The hypothetical IANA numbers > are for example only) > * Disallowing wildcards > > I asked my co-worker Laetitia Baudoin to take a look. She mentions that > Byte Order Marks BOM are problematic in practice (despite being discouraged > in RFC3629), and mentions that an encoding example would be useful. > * Disallowing BOM language added. > The encoding example will have to come later. > > -Wei > > ---------- Forwarded message ---------- > From: > Date: Mon, Oct 31, 2016 at 2:53 AM > Subject: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-01.txt > To: i-d-announce@ietf.org > Cc: spasm@ietf.org > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Limited Additional Mechanisms for PKIX > and SMIME of the IETF. > > Title : Internationalized Email Addresses in X.509 > certificates > Authors : Alexey Melnikov > Weihaw Chuang > Filename : draft-ietf-lamps-eai-addresses-01.txt > Pages : 10 > Date : 2016-10-30 > > Abstract: > This document defines a new name form for inclusion in the otherName > field of an X.509 Subject Alternative Name extension that allows a > certificate subject to be associated with an Internationalized Email > Address. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-01 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > > --001a113cd6a69415eb05402a9c3c Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
And the document has been updated to 02 to change the example IANA numbers to TBD.

-Wei

On Mon, Oct 31, 2016 at 6:02 AM, Wei Chuang <weihaw@google.com> wrote:
This update includes changes for various comments:
From the SPASM list
* Adding language for issuerAltName
* ASN.1 Module (or rather an attempt at it.  The hypothetical IANA numbers are for example only)
* Disallowing wildcards

I asked my co-worker Laetitia Baudoin to take a look.  She mentions that Byte Order Marks BOM are problematic in practice (despite being discouraged in RFC3629), and mentions that an encoding example would be useful.
* Disallowing BOM language added.
The encoding example will have to come later.

-Wei

---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Mon, Oct 31, 2016 at 2:53 AM
Subject: [Spasm] I-D Action: draft-ietf-lamps-eai-addresses-01.txt
To: i-d-announce@ietf.org
Cc: spasm@ietf.org



A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME of the IETF.

        Title           : Internationalized Email Addresses in X.509 certificates
        Authors         : Alexey Melnikov
                          Weihaw Chuang
        Filename        : draft-ietf-lamps-eai-addresses-01.txt
        Pages           : 10
        Date            : 2016-10-30

Abstract:
   This document defines a new name form for inclusion in the otherName
   field of an X.509 Subject Alternative Name extension that allows a
   certificate subject to be associated with an Internationalized Email
   Address.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-01

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm


--001a113cd6a69415eb05402a9c3c-- --001a113cd6a6986dc805402a9c7d Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIS5wYJKoZIhvcNAQcCoIIS2DCCEtQCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg ghBNMIIEXDCCA0SgAwIBAgIOSBtqDm4P/739RPqw/wcwDQYJKoZIhvcNAQELBQAwZDELMAkGA1UE BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVy c29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hBMjU2IC0gRzIwHhcNMTYwNjE1MDAwMDAwWhcNMjEw NjE1MDAwMDAwWjBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEiMCAG A1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALR23lKtjlZW/17kthzYcMHHKFgywfc4vLIjfq42NmMWbXkNUabIgS8KX4PnIFsTlD6F GO2fqnsTygvYPFBSMX4OCFtJXoikP2CQlEvO7WooyE94tqmqD+w0YtyP2IB5j4KvOIeNv1Gbnnes BIUWLFxs1ERvYDhmk+OrvW7Vd8ZfpRJj71Rb+QQsUpkyTySaqALXnyztTDp1L5d1bABJN/bJbEU3 Hf5FLrANmognIu+Npty6GrA6p3yKELzTsilOFmYNWg7L838NS2JbFOndl+ce89gM36CW7vyhszi6 6LqqzJL8MsmkP53GGhf11YMP9EkmawYouMDP/PwQYhIiUO0CAwEAAaOCASIwggEeMA4GA1UdDwEB /wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB/wIB ADAdBgNVHQ4EFgQUyzgSsMeZwHiSjLMhleb0JmLA4D8wHwYDVR0jBBgwFoAUJiSSix/TRK+xsBtt r+500ox4AAMwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9n c3BlcnNvbmFsc2lnbnB0bnJzc2hhMmcyLmNybDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBKDA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG 9w0BAQsFAAOCAQEACskdySGYIOi63wgeTmljjA5BHHN9uLuAMHotXgbYeGVrz7+DkFNgWRQ/dNse Qa4e+FeHWq2fu73SamhAQyLigNKZF7ZzHPUkSpSTjQqVzbyDaFHtRBAwuACuymaOWOWPePZXOH9x t4HPwRQuur57RKiEm1F6/YJVQ5UTkzAyPoeND/y1GzXS4kjhVuoOQX3GfXDZdwoN8jMYBZTO0H5h isymlIl6aot0E5KIKqosW6mhupdkS1ZZPp4WXR4frybSkLejjmkTYCTUmh9DuvKEQ1Ge7siwsWgA NS1Ln+uvIuObpbNaeAyMZY0U5R/OyIDaq+m9KXPYvrCZ0TCLbcKuRzCCBB4wggMGoAMCAQICCwQA AAAAATGJxkCyMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAt IFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTExMDgwMjEw MDAwMFoXDTI5MDMyOTEwMDAwMFowZDELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24g bnYtc2ExOjA4BgNVBAMTMUdsb2JhbFNpZ24gUGVyc29uYWxTaWduIFBhcnRuZXJzIENBIC0gU0hB MjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg/hRKosYAGP+P7mIdq5NB Kr3J0tg+8lPATlgp+F6W9CeIvnXRGUvdniO+BQnKxnX6RsC3AnE0hUUKRaM9/RDDWldYw35K+sge C8fWXvIbcYLXxWkXz+Hbxh0GXG61Evqux6i2sKeKvMr4s9BaN09cqJ/wF6KuP9jSyWcyY+IgL6u2 52my5UzYhnbf7D7IcC372bfhwM92n6r5hJx3r++rQEMHXlp/G9J3fftgsD1bzS7J/uHMFpr4MXua eoiMLV5gdmo0sQg23j4pihyFlAkkHHn4usPJ3EePw7ewQT6BUTFyvmEB+KDoi7T4RCAZDstgfpzD rR/TNwrK8/FXoqnFAgMBAAGjgegwgeUwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C AQEwHQYDVR0OBBYEFCYkkosf00SvsbAbba/udNKMeAADMEcGA1UdIARAMD4wPAYEVR0gADA0MDIG CCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjMuY3JsMB8GA1UdIwQY MBaAFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQACAFVjHihZCV/IqJYt 7Nig/xek+9g0dmv1oQNGYI1WWeqHcMAV1h7cheKNr4EOANNvJWtAkoQz+076Sqnq0Puxwymj0/+e oQJ8GRODG9pxlSn3kysh7f+kotX7pYX5moUa0xq3TCjjYsF3G17E27qvn8SJwDsgEImnhXVT5vb7 qBYKadFizPzKPmwsJQDPKX58XmPxMcZ1tG77xCQEXrtABhYC3NBhu8+c5UoinLpBQC1iBnNpNwXT Lmd4nQdf9HCijG1e8myt78VP+QSwsaDT7LVcLT2oDPVggjhVcwljw3ePDwfGP9kNrR+lc8XrfClk WbrdhC2o4Ui28dtIVHd3MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAw TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24x EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAw HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEG A1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5Bngi FvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X 17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hp sk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7 DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBL QNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV 3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyr VQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E 7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fMIIEZDCCA0ygAwIBAgIMZN1N4N3KNCF5ZBTQMA0G CSqGSIb3DQEBCwUAMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIw IAYDVQQDExlHbG9iYWxTaWduIEhWIFMvTUlNRSBDQSAxMB4XDTE2MTAyNjE4NDI0NVoXDTE3MDQy NDE4NDI0NVowIjEgMB4GCSqGSIb3DQEJAQwRd2VpaGF3QGdvb2dsZS5jb20wggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDiNpZ5E2IqcxktrcD1X5jWksphe1Ur882fsZM99Y4hiVugSVOb zIZIxoh3ckmGpUFyK1un6AU9Rxq9GSSkRskGAaSGrGcy7ncPi7Z1NlOJN25oXFmzituZsZeYIs0S QqT9hlDpLGc95r1CpsuTlaIB8m9Uvi+H6sGecVb2TOuGbRViQIWWf5GWk2AlJYhBFyJv7regqVa8 v3fx6SLkn/hIzBQf7xpVJzG6kAa09ZE0LoPdp5YV+Hv38EqDOWjm+g6Qbh1NADhdGpbmQDp9kdlm 6WZjCMwryQukdCypLKI2BPa08F18LZktaQNlJ2s7VxDJj2ozxomeBpSK6rxSxLAjAgMBAAGjggFu MIIBajAcBgNVHREEFTATgRF3ZWloYXdAZ29vZ2xlLmNvbTBQBggrBgEFBQcBAQREMEIwQAYIKwYB BQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzaHZzbWltZWNhMS5j cnQwHQYDVR0OBBYEFIMwgx+nNfYP3NyOZfiHYydFyNdQMB8GA1UdIwQYMBaAFMs4ErDHmcB4koyz IZXm9CZiwOA/MEwGA1UdIARFMEMwQQYJKwYBBAGgMgEoMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDsGA1UdHwQ0MDIwMKAuoCyGKmh0dHA6Ly9j cmwuZ2xvYmFsc2lnbi5jb20vZ3NodnNtaW1lY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAO0J2vGX8ye90RegS3 HS+OE2hGEdDYJlR+S9ZSpla5AC9eejUKUc9JZR3y0ocGeQ3FQyXjM5/azBblqz/ajAbj2Fxuge45 SdRXrItDhAGWtQNl3utu2Uhf4y3re4ZRjApnhEBBX1l0E2BJuHf8MmqMhVU70Ko6Lk3lyPxnBeWo Q3tG2He3CNCkq/SDImq9vf8CNoxKxEkCP+kI+/NaCh5peLygU1h7Dc0ryWAcrxRWn8GUeEOg28MI vpwttw54cNR4YJYJVuiXCNc6PqkT/JxCiMvHS1woXJuET6QZSPtpNtvhNu90sV68Q7b2m6Vp8QTn xbzoEIHhiQWIcfphXjbeMYICXjCCAloCAQEwXDBMMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEiMCAGA1UEAxMZR2xvYmFsU2lnbiBIViBTL01JTUUgQ0EgMQIMZN1N4N3K NCF5ZBTQMA0GCWCGSAFlAwQCAQUAoIHUMC8GCSqGSIb3DQEJBDEiBCBSqiz2anIpurarT3X4snW3 EF9H1F+198KlLmnPdYoYAjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP Fw0xNjEwMzExNTEwNDNaMGkGCSqGSIb3DQEJDzFcMFowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQB FjALBglghkgBZQMEAQIwCgYIKoZIhvcNAwcwCwYJKoZIhvcNAQEKMAsGCSqGSIb3DQEBBzALBglg hkgBZQMEAgEwDQYJKoZIhvcNAQEBBQAEggEAgla8IwooIYpKzJ7OqxZd6sJs1Zlzew2t/Aaxmd8u oJE2XTsxhhKV7PJ45ovXTqS/pW0/qWozMhCGSKytCDAt+xEfVQ7bq6Nmk9klEURy9l94OKxr0J8V 5sReXZWDxUOkjUeHbXhQouuxwL+seQoJPav62nx5sdyQC2X0yntlSFvCh1Hf+TYR8X0HuKCvGuSq 5gIeVKynl6IEAcJAlY/6BEGctlcLlt2ft8cTX/lkN3MVINeD/hiN+BebmYB+VF/vYbaJcE1xGPJo xXalEkg1onLYzloLi18v2M/dC9U+zmcE3/H6Q/UZCBclnKcYz8M6lGrUKIWi7RGfUspqsF+dCA== --001a113cd6a6986dc805402a9c7d-- From nobody Mon Oct 31 09:41:25 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59DC012966E for ; Mon, 31 Oct 2016 09:41:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.198 X-Spam-Level: X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3nAnRokld-R for ; Mon, 31 Oct 2016 09:41:22 -0700 (PDT) Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [23.79.238.175]) by ietfa.amsl.com (Postfix) with ESMTP id 4514B1298BD for ; Mon, 31 Oct 2016 09:41:18 -0700 (PDT) Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 903C2433413; Mon, 31 Oct 2016 16:41:17 +0000 (GMT) Received: from prod-mail-relay11.akamai.com (prod-mail-relay11.akamai.com [172.27.118.250]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id 71CE5433406; Mon, 31 Oct 2016 16:41:17 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1477932077; bh=DMVODB5yEDm2RIbyYWneAJpN4zTfegodc9DjGQJsYjI=; l=798; h=From:To:CC:Date:References:In-Reply-To:From; b=G4SH8p2Kwkeh8Qfrk4M6AhGtKmwvbzrIMde8m19P8+hCtFpN2Z1jU7soBftuyVmQT Pxkq3HSC7wVvFDUte+6rdUY1+ricd2naRRpAadjgXpfiDRuxXdXGhgQse2Fnfayf1h RX6qNSoBzLIG6yAg11CJOmhXPyf2D6HZAIHn89Gw= Received: from email.msg.corp.akamai.com (ecp.msg.corp.akamai.com [172.27.123.33]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 6E2C01FC8B; Mon, 31 Oct 2016 16:41:17 +0000 (GMT) Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 31 Oct 2016 12:41:16 -0400 Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1178.000; Mon, 31 Oct 2016 12:41:16 -0400 From: "Salz, Rich" To: Peter Bowen Thread-Topic: [Spasm] CAB Forum efforts on S/MIME and client certs Thread-Index: AQHSMSVL0XPSzyzJEk2VtE1WRV4zYqDC2YGAgAALDQD//8VD4IAASDQA///Wg3A= Date: Mon, 31 Oct 2016 16:41:16 +0000 Message-ID: <9a6eca55f2614d3d9436755160f25406@usma1ex-dag1mb1.msg.corp.akamai.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.40.209] Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: Wei Chuang , SPASM , Phillip Hallam-Baker Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 16:41:24 -0000 PiAyKSBhbnkgZ3VpZGVsaW5lcyBwdWJsaXNoZWQgYnkgYSBDQUJGb3J1bSB3b3JraW5nIGdyb3Vw IChsaWtlIHRob3NlDQo+IHB1Ymxpc2hlZCBieSB0aGUgRm9ydW0gaXRzZWxmIHRvZGF5KSBhcmUg bm90IGJpbmRpbmcuICBUaGV5IHNpbXBseSBwcm92aWRlIGENCj4gY29tbW9uIHNldCBvZiBydWxl cyB0aGF0IHRydXN0IGFuY2hvciBsaXN0IG1haW50YWluZXJzIG1heSBhZG9wdCBpbiBmdWxsIG9y IGluDQo+IHBhcnQgYXMgY29uZGl0aW9ucyBmb3IgZW50cnkgaW50byBhbmQgcmV0ZW50aW9uIGlu IHRoZSB0cnVzdCBhbmNob3IgbGlzdC4NCg0KVGhleSdyZSBub3Q/ICBIbW0sIG9rYXkuICBTbyBD QS9CIGhhZCBubyBpbnZvbHZlbWVudCBpbiBTSEExPyAgSW50ZXJlc3RpbmcuDQoNCkF0IGFueSBy YXRlLCBnbGFkIHRvIHNlZSBpdCdzIG9wZW5pbmcgdXAgbW9yZS4gIENvbWUgdG8gdGhlIElFVEYs IGZvbGtzLg0KDQoNCi0tICANClNlbmlvciBBcmNoaXRlY3QsIEFrYW1haSBUZWNobm9sb2dpZXMN Ck1lbWJlciwgT3BlblNTTCBEZXYgVGVhbQ0KSU06IHJpY2hzYWx6QGphYmJlci5hdCBUd2l0dGVy OiBSaWNoU2Fseg0K From nobody Mon Oct 31 10:37:44 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 248C7129965 for ; Mon, 31 Oct 2016 10:37:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82utRz9F7AxK for ; Mon, 31 Oct 2016 10:37:41 -0700 (PDT) Received: from mail-yb0-x22f.google.com (mail-yb0-x22f.google.com [IPv6:2607:f8b0:4002:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BC3912996D for ; Mon, 31 Oct 2016 10:37:41 -0700 (PDT) Received: by mail-yb0-x22f.google.com with SMTP id f97so64699553ybi.1 for ; Mon, 31 Oct 2016 10:37:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K7zng6x8/gJVWj7VET/NeCo15rYtHFOmR6sm0IbgOJ0=; b=vcc/OeWNOHjJgey0yFcjhsWzDEdzUqiGLxhLr/2V35zUS1Qd1q2baN5c/7lbCsFewn N9AHb2uq/y3jncTc0l8gDhQMH7C+HelDlv3OseBxeR1qFln89nxEtjPLPZTNFqxYlOro EVWXyqd+8UIcrmSToVyD0OD3apLjMJtRMtQJugnJlSIXMFgOVKczxWQdygAbA1KGaSaF kk+iGDG2jkdLtBKDy+PyK/h6no9YjxGQn+8+5+ss7H0xosGzLFteTmdLfyYasNkXJRSd WZivXG+dVYELTDwnGocsPWSzV7vUqrRNmmmdxxVvAffLOeyUCrNsxg1loN9rR6TwZyNs hBxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K7zng6x8/gJVWj7VET/NeCo15rYtHFOmR6sm0IbgOJ0=; b=GWv80osbBxms4EcCp5FPG0/r3vUesJgPcXvoDYzJwKXsRdtjbHJ1UzehkignfMhzn2 H1q56cEpBvld5DvT3w+cvdQnL/9EZIv//7nRokEb8QuIJ0sxWEym4Y5NfWQZp6rEE9A8 cy9XQIdIt8msIHvBzA9eq8OVteY+zzkb7zfxIjd76BN4r+wenp+Pph0yAaPxABcV5TLe GOZQ9DOkSk1WNwwAYgDSRlgZlYx2/PO86JU/adQ7YgfrAOAOBuoksQ5SL3RhMiic/JvV BICPRZUJWCi6c3upmJuYgH5Q5/OqTczsXuBidtkday6ixZyc9ILujzN+wGvW2nop0Xal 9eFw== X-Gm-Message-State: ABUngvd3zXUjnPEgmeM9VbgadoY7DUuzsl6RFQSoFSLwZbstdRpS0zMrPNJql9gWExZkXtqkDF+VoFipRL6BqQ== X-Received: by 10.36.238.131 with SMTP id b125mr8457478iti.4.1477935460301; Mon, 31 Oct 2016 10:37:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.64.39.68 with HTTP; Mon, 31 Oct 2016 10:37:39 -0700 (PDT) In-Reply-To: <9a6eca55f2614d3d9436755160f25406@usma1ex-dag1mb1.msg.corp.akamai.com> References: <9a6eca55f2614d3d9436755160f25406@usma1ex-dag1mb1.msg.corp.akamai.com> From: Peter Bowen Date: Mon, 31 Oct 2016 10:37:39 -0700 Message-ID: To: "Salz, Rich" Content-Type: text/plain; charset=UTF-8 Archived-At: Cc: Wei Chuang , SPASM , Phillip Hallam-Baker Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 17:37:43 -0000 On Mon, Oct 31, 2016 at 9:41 AM, Salz, Rich wrote: >> 2) any guidelines published by a CABForum working group (like those >> published by the Forum itself today) are not binding. They simply provide a >> common set of rules that trust anchor list maintainers may adopt in full or in >> part as conditions for entry into and retention in the trust anchor list. > > They're not? Hmm, okay. So CA/B had no involvement in SHA1? Microsoft set the SHA-1 policy in November 2013 (https://blogs.technet.microsoft.com/srd/2013/11/12/security-advisory-2880823-recommendation-to-discontinue-use-of-sha-1/, http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/). Google announced they would make updates in early 2014 and followed it up in August 2014 with an Intent to Deprecate (https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2-R4XziFc7A/YO0ZSrX_X4wJ). Mozilla published their update on SHA-1 in September 2014 (https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/). The CA/Browser Forum didn't ballot anything about SHA-1 until October 2014 (https://cabforum.org/2014/10/16/ballot-118-sha-1-sunset/). So I would say that SHA-1 is a perfect example of ballots being a formalization of consensus (or maybe acceptance of the inevitable), not where the CA/Browser Forum is making decisions. Thanks, Peter From nobody Mon Oct 31 14:37:28 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6283A129979 for ; Mon, 31 Oct 2016 14:37:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.399 X-Spam-Level: X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pEcSnQNzU-Wm for ; Mon, 31 Oct 2016 14:37:25 -0700 (PDT) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 293B8129A97 for ; Mon, 31 Oct 2016 14:37:25 -0700 (PDT) Received: by mail-wm0-x22d.google.com with SMTP id 79so33525026wmy.0 for ; Mon, 31 Oct 2016 14:37:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=tff6lhn4hd/cMVrGTHbeTXKPYArTEu4DFFjPRtWcR50=; b=fliwduimRDF0hVtT67tyzqC2E5Gz8vbbf2GYTeRX4HB5JCXbFIJo8ywc19ECxarzuY +t9PYOaBgI8y51Ew7n1l7o1iXrQPeXI2VjhulxZhT0eEduu66gIkPQTsr3X9xA30AU1d wAZuiSmNoRQ1k02fi3cUt3CvoOBikB7vdkBQvCAyLLZfreLoKdKLKV+pnLyMEkiDike/ sIre5YAZRNRLR9+juaNjhIAbdfuMUs2kFwKoncEdeiLoiy9a8BSQjzDPMn3vjrEKzC8C UlIiC6zH2UQ9VcpUZnj76KaCOQOMGlQjlnyfpcx8vyDiV8r6lrB3XzxDypXcG2zBdqGi S8/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=tff6lhn4hd/cMVrGTHbeTXKPYArTEu4DFFjPRtWcR50=; b=SScNO8GEf/dQHogCaOTdVbpp5Od3Yd7Kshhd0gLO+X2oQ5xuN+Oe8o++wvna7Xo9HT SSSIpk49ozp63pw5Uc5SEPXfef9fCUvsO7yymTvTZ5xjQFDIsTou/sUDFgYPJA6fQeFN aFJKxkUhuLbVWwgWrmw4E1kTH0rivUC4bVyiwe1puOWHbA0bAMJ4KIOgsIId3IKKPcD8 zJkvUH8Sjgxlf60wkkpVcqa0E9N0dfZ2sq8gzWxIFW8mwfObLl/pgI7nRVl/WPwwrLxU IThwLgBMYTOr5kRI05L0AmMZ4UK77Bx41RPJqn2csI/WHAIMe4Jfmtr1KoINC9ovvDOF jBxg== X-Gm-Message-State: ABUngvcRxnaF0ydFbAPdNpMnSgQxHvsIE0aUm++bL3ixukAgfRloa9Hb0yaOO7aM/ikda/CnsIhljv3J0zvumA== X-Received: by 10.28.167.14 with SMTP id q14mr12038852wme.21.1477949843722; Mon, 31 Oct 2016 14:37:23 -0700 (PDT) MIME-Version: 1.0 Sender: hallam@gmail.com Received: by 10.194.227.170 with HTTP; Mon, 31 Oct 2016 14:37:22 -0700 (PDT) In-Reply-To: <9a6eca55f2614d3d9436755160f25406@usma1ex-dag1mb1.msg.corp.akamai.com> References: <9a6eca55f2614d3d9436755160f25406@usma1ex-dag1mb1.msg.corp.akamai.com> From: Phillip Hallam-Baker Date: Mon, 31 Oct 2016 17:37:22 -0400 X-Google-Sender-Auth: Ajq4asEbhlRDz8i-qyBldqlZrC8 Message-ID: To: "Salz, Rich" Content-Type: multipart/alternative; boundary=001a114b40ac6e556a0540300372 Archived-At: Cc: Wei Chuang , SPASM , Peter Bowen Subject: Re: [Spasm] CAB Forum efforts on S/MIME and client certs X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 21:37:27 -0000 --001a114b40ac6e556a0540300372 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, Oct 31, 2016 at 12:41 PM, Salz, Rich wrote: > > 2) any guidelines published by a CABForum working group (like those > > published by the Forum itself today) are not binding. They simply > provide a > > common set of rules that trust anchor list maintainers may adopt in ful= l > or in > > part as conditions for entry into and retention in the trust anchor lis= t. > > They're not? Hmm, okay. So CA/B had no involvement in SHA1? Interestin= g. > > At any rate, glad to see it's opening up more. Come to the IETF, folks. =E2=80=8BCA/Forum did not make the decision to kill SHA-1=E2=80=8B. However= it did several important things 1) It established a date when every CA would stop issue across the industry =E2=80=8B2)=E2=80=8B Provided a reference point for the change being certai= n 3) Provided a forum in which to discuss necessary exceptions If IETF had proposed a sunset date with a 5 year due date it might have stuck but it probably wouldn't have. The problem with SHA-1 was that no CA could afford to stop issue unless they were sure that the browsers really were going to shut the certs down and vice versa. It is a different set of concerns to the ones that IETF discusses and not a set of concerns that lends itself to consensus. These are practical issues where the people making the decisions are the people with skin in the game. --001a114b40ac6e556a0540300372 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On Mon, Oc= t 31, 2016 at 12:41 PM, Salz, Rich <rsalz@akamai.com> wrote:<= br>
> 2) any guidelines p= ublished by a CABForum working group (like those
> published by the Forum itself today) are not binding.=C2=A0 They simpl= y provide a
> common set of rules that trust anchor list maintainers may adopt in fu= ll or in
> part as conditions for entry into and retention in the trust anchor li= st.

They're not?=C2=A0 Hmm, okay.=C2=A0 So CA/B had no involvement i= n SHA1?=C2=A0 Interesting.

At any rate, glad to see it's opening up more.=C2=A0 Come to the IETF, = folks.

=E2=80=8BCA/Forum did not make the deci= sion to kill SHA-1=E2=80=8B. However it did several important things
<= /div>

1) It established a date when every CA would stop issu= e across the industry

=E2=80=8B2)=E2=80=8B Provided a reference= point for the change being certain

3) Provided a forum in which to discuss necessary exceptions

If IETF had proposed a sunse= t date with a 5 year due date it might have stuck but it probably wouldn= 9;t have. The problem with SHA-1 was that no CA could afford to stop issue = unless they were sure that the browsers really were going to shut the certs= down and vice versa.

It is a different set of concerns to the ones that IETF discusses and no= t a set of concerns that lends itself to consensus. These are practical iss= ues where the people making the decisions are the people with skin in the g= ame.
--001a114b40ac6e556a0540300372-- From nobody Mon Oct 31 21:22:58 2016 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 465D0129494; Mon, 31 Oct 2016 21:22:53 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DRPGi0FEoaGC; Mon, 31 Oct 2016 21:22:51 -0700 (PDT) Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51F491294A9; Mon, 31 Oct 2016 21:22:51 -0700 (PDT) Received: from [192.168.123.7] (unknown [76.90.60.238]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 3866D22E255; Tue, 1 Nov 2016 00:22:45 -0400 (EDT) References: <147794015424.23173.4304361037067280443.idtracker@ietfa.amsl.com> To: "pkix@ietf.org" , spasm@ietf.org From: Sean Leonard X-Forwarded-Message-Id: <147794015424.23173.4304361037067280443.idtracker@ietfa.amsl.com> Message-ID: <5108f5d1-adb0-e86f-0bf4-6815cc6e6a45@seantek.com> Date: Mon, 31 Oct 2016 21:23:00 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <147794015424.23173.4304361037067280443.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Archived-At: Subject: [Spasm] New Version Notification for draft-seantek-certspec-10.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2016 04:22:53 -0000 A new version of certspec (draft-10) has been posted. This version removes some proposals that do not appear to be as useful as originally intended (subjectexp: and holderexp:); it also removes paragraphs about URNs and URIs that are no longer relevant since certspecs are neither URNs nor URIs. There are also various editorial fixes. Regards, Sean -------- Forwarded Message -------- Subject: New Version Notification for draft-seantek-certspec-10.txt Date: Mon, 31 Oct 2016 11:55:54 -0700 From: internet-drafts@ietf.org A new version of I-D, draft-seantek-certspec-10.txt has been successfully submitted by Sean Leonard and posted to the IETF repository. Name: draft-seantek-certspec Revision: 10 Title: Textual Specification for Certificates and Attributes Document date: 2016-10-30 Group: Individual Submission Pages: 35 URL: https://www.ietf.org/internet-drafts/draft-seantek-certspec-10.txt Status: https://datatracker.ietf.org/doc/draft-seantek-certspec/ Htmlized: https://tools.ietf.org/html/draft-seantek-certspec-10 Diff: https://www.ietf.org/rfcdiff?url2=draft-seantek-certspec-10 Abstract: Digital certificates are used in many systems and protocols to identify and authenticate parties. This document describes a string format that identifies certificates, along with optional attributes. This string format has been engineered to work without re-encoding in a variety of protocol slots.