From nobody Fri Feb 2 16:39:46 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27494120726 for ; Fri, 2 Feb 2018 16:39:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2LAxIivypIV for ; Fri, 2 Feb 2018 16:39:42 -0800 (PST) Received: from homiemail-a103.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C1F21200C1 for ; Fri, 2 Feb 2018 16:39:42 -0800 (PST) Received: from homiemail-a103.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTP id 5238830002B26 for ; Fri, 2 Feb 2018 16:39:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=VCVz3YFoxGUX5leEaUanaW7OD+I=; b= fdAbJIvGslMMJS6NNkgzeryUui06gofTwFiWcs2ZB3ct1VdN3Mx8VTf0Ep6ZJx3M 0r7uD7VECtERiITKLGP1KKaedhx33NIuZX+5iwZWSrsKD10B/xaWxTneadCYKmSe KltogmzbGdd17UWEzw6l5ygyN24ZmpIE7Rf8xwKFoIs= Received: from mail-io0-f179.google.com (mail-io0-f179.google.com [209.85.223.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTPSA id 3933830002B25 for ; Fri, 2 Feb 2018 16:39:42 -0800 (PST) Received: by mail-io0-f179.google.com with SMTP id f34so24746171ioi.13 for ; Fri, 02 Feb 2018 16:39:42 -0800 (PST) X-Gm-Message-State: APf1xPDYOH5kihmjHNm6UY3qQigKd25yXjiU+p2M2PSUkRv9MVV7PhJ+ FQk5ORmdD/iwVN6DweVgDv6RBa0B9lXzU/xkFM4= X-Google-Smtp-Source: AH8x2246Pf6xcjCGEaAYqqAVtwXi0CC2ND17Rt+zOSguajouhpx4aIHL8NUNiQ8miFR86Uy2bLhlFNJ52MK+SsDHVE0= X-Received: by 10.107.129.12 with SMTP id c12mr282820iod.303.1517618381575; Fri, 02 Feb 2018 16:39:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.37.202 with HTTP; Fri, 2 Feb 2018 16:39:41 -0800 (PST) In-Reply-To: <878C91A0-6875-47A4-872F-F5D1F7F7AE7E@trustwave.com> References: <878C91A0-6875-47A4-872F-F5D1F7F7AE7E@trustwave.com> From: Ryan Sleevi Date: Fri, 2 Feb 2018 19:39:41 -0500 X-Gmail-Original-Message-ID: Message-ID: To: Corey Bonnell Cc: "spasm@ietf.org" Content-Type: multipart/alternative; boundary="001a113f64e689dcb8056444103e" Archived-At: Subject: Re: [lamps] Ambiguities in RFC 6844 regarding CAA resource record sets with no "issue" property tags X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Feb 2018 00:39:45 -0000 --001a113f64e689dcb8056444103e Content-Type: text/plain; charset="UTF-8" On Fri, Jan 12, 2018 at 4:41 PM, Corey Bonnell wrote: > Hello, > > I believe that there are several ambiguities in RFC 6844 in regard to > processing CAA resource record sets that do not contain "issue" records. > > > > Section 3 of RFC 6844 (http://www.rfcreader.com/#rfc6844_line196) defines > the "issue" property tag to authorize "the holder of the domain name > or a party acting under the explicit authority of the > holder of that domain name to issue certificates for the domain in which > the property is published". Based on my interpretation, the definition > given here is suggesting that CAA issue restriction processing is done > regardless of whether or not there is an "issue" record(s) present to > specify the set of permitted Issuer Domain Names. In other words, the lack > of "issue" records in a CAA resource record set indicates that no CA may > issue for that domain, since no CA has been authorized to issue. > > > > However, section 5.2 (http://www.rfcreader.com/#rfc6844_line447) defines > the "issue" property tag to "request that certificate issuers perform CAA > issue restriction processing for the domain and to grant authorization to > specific certificate issuers". Based on this definition, it sounds as if > CAA issue restriction processing is "opt-in". In other words, the absence > of "issue" records in a CAA record set indicate that any CA may issue for > that domain (since there was no "opt-in" into CAA restriction processing). > > > > Section 4 (http://www.rfcreader.com/#rfc6844_line288) states that, > "before issuing a certificate, a compliant CA MUST check for publication of > a relevant CAA Resource Record set." Unfortunately, the term "relevant" is > not defined by the RFC, which, compounded with the ambiguity highlighted > above in regard to the definition of the "issue" property tag in sections 3 > and 5.2, leads to ambiguity in the handling following scenarios: > > > > - A CAA resource record set consisting solely of unknown non-critical > property tags (including misspellings of "issue", such as "iisue", etc.) > > - A CAA resource record set consisting solely of "iodef" property tags > > - A CAA resource record set that contains both of the above > > > > For each of these cases above, it is unclear which of the following three > actions a CA should take: > > - Fail issuance (since the CAA resource record set did not authorize any > CA to issue, given the definition of the "issue" property tag in Section 3) > > - Continue the tree-climbing search for records (since the resource record > sets above could conceivably be considered as "not relevant") > > - Allow issuance (since the resource record sets above could conceivably > be considered as "relevant" and any CA may issue, given the definition of > the "issue" property tag in section 5.2) > > > > At Trustwave, we have taken the conservative approach and will not issue > certificates if we encounter CAA resource record sets matching the > descriptions of the three above. However, given that we may be overly > restrictive by doing this, as well as for a desire for CAA record sets to > be processed uniformly regardless of the CA, we would like to see these > ambiguities resolved. > > > > If others agree that the current wording of the RFC is ambiguous, I would > be happy to present changes to relevant sections to clear up the ambiguity, > but for now I wanted to send this along to see if others share our > interpretation of the RFC. > > > It's not clear to me that "relevant" is not defined by the RFC, given the following: "Given a request for a specific domain X, or a request for a wildcard domain *.X, the relevant record set R(X) is determined as follows:" combined with "Let CAA(X) be the record set returned in response to performing a CAA record query on the label X," The natural consequence of this is a hierarchy such that subdomain1.subdomain2.example.com. IN CAA 0 iodef "mailto: subdomainadmin@example.com" subdomain2.example.com. IN CAA 0 issuewild ";" example.com. IN CAA 0 issue "ca.example.com" Means that subdomain1.subdomain2.example.com. is unrestricted by issuance (i.e. the parent's restrictions do not apply) because the relevant record set does not contain an issue field. Similarly, subdomain2.example.com is prohibited from wildcards, but otherwise, any CA can issue (e.g. example.com's restrictions do not apply) However, example.com, and all subdomains *other than* subdomain1.subdomain2.example.com, subdomain2.example.com, and *. subdomain2.example.com are otherwise restricted --001a113f64e689dcb8056444103e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Fri, Jan 12, 2018 at 4:41 PM, Corey Bonnell <CBonnell@trustwav= e.com> wrote:

Hello,<= /span>

I believe that there = are several ambiguities in RFC 6844 in regard to processing CAA resource re= cord sets that do not contain "issue" records.

=C2=A0<= /span>

Section 3 of RFC 6844= (h= ttp://www.rfcreader.com/#rfc6844_line196) defines the "issue&= quot; property tag to authorize "the holder of the domain name <Iss= uer Domain Name> or a party acting under the explicit authority of the holder of that domain name to issue certificates for the domain in = which the property is published". Based on my interpretation, the defi= nition given here is suggesting that CAA issue restriction processing is do= ne regardless of whether or not there is an "issue" record(s) present to specify the set of permitted = Issuer Domain Names. In other words, the lack of "issue" records = in a CAA resource record set indicates that no CA may issue for that domain= , since no CA has been authorized to issue.

=C2=A0<= /span>

However, section 5.2 = (ht= tp://www.rfcreader.com/#rfc6844_line447) defines the "issue&q= uot; property tag to "request that certificate issuers perform CAA iss= ue restriction processing for the domain and to grant authorization to specific certificate issuers". Based on this definition, it sounds= as if CAA issue restriction processing is "opt-in". In other wor= ds, the absence of "issue" records in a CAA record set indicate t= hat any CA may issue for that domain (since there was no "opt-in" into CAA restriction processing).<= /p>

=C2=A0<= /span>

Section 4 (http://www.rf= creader.com/#rfc6844_line288) states that, "before issuing a = certificate, a compliant CA MUST check for publication of a relevant CAA Re= source Record set." Unfortunately, the term "relevant" is not defined by the RFC, which, compounded with the ambiguity highlighte= d above in regard to the definition of the "issue" property tag i= n sections 3 and 5.2, leads to ambiguity in the handling following scenario= s:

=C2=A0<= /span>

- A CAA resource reco= rd set consisting solely of unknown non-critical property tags (including m= isspellings of "issue", such as "iisue", etc.)

- A CAA resource reco= rd set consisting solely of "iodef" property tags

- A CAA resource reco= rd set that contains both of the above

=C2=A0<= /span>

For each of these cas= es above, it is unclear which of the following three actions a CA should ta= ke:

- Fail issuance (sinc= e the CAA resource record set did not authorize any CA to issue, given the = definition of the "issue" property tag in Section 3)

- Continue the tree-c= limbing search for records (since the resource record sets above could conc= eivably be considered as "not relevant")

- Allow issuance (sin= ce the resource record sets above could conceivably be considered as "= relevant" and any CA may issue, given the definition of the "issu= e" property tag in section 5.2)

=C2=A0<= /span>

At Trustwave, we have= taken the conservative approach and will not issue certificates if we enco= unter CAA resource record sets matching the descriptions of the three above= . However, given that we may be overly restrictive by doing this, as well as for a desire for CAA record sets to = be processed uniformly regardless of the CA, we would like to see these amb= iguities resolved.

=C2=A0<= /span>

If others agree that = the current wording of the RFC is ambiguous, I would be happy to present ch= anges to relevant sections to clear up the ambiguity, but for now I wanted = to send this along to see if others share our interpretation of the RFC.



It's not clear to me that "relevant" is not defined by the R= FC, given the following:
=C2=A0 "Given a request for a = specific domain X, or a request for a wildcard
=C2=A0 =C2=A0domai= n *.X, the relevant record set R(X) is determined as follows:"
combined with
=C2=A0 "Let CAA(X) be the record= set returned in response to performing a CAA
=C2=A0 =C2=A0record= query on the label X,"

The natural con= sequence of this is a hierarchy such that
subdomain2.example.com= .=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0IN=C2=A0 =C2=A0 CAA 0 issuewild ";&q= uot;
example.com.=C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 IN=C2=A0 =C2=A0 CAA 0 issue "ca.example.com"

Means that subdomain1.subdomain2.example= .com. is unrestricted by issuance (i.e. the parent's restrictions d= o not apply) because the relevant record set does not contain an issue fiel= d.

Similarly, subdomain2.example.com is prohibited from wildcards, but otherwis= e, any CA can issue (e.g. example.com= 9;s restrictions do not apply)

However, example.com, and all subdomains *other than* subdomain1.subdomain2.examp= le.com, subdomain2.example.co= m, and *.subdomain2.example.c= om are otherwise restricted

--001a113f64e689dcb8056444103e-- From nobody Fri Feb 2 16:55:33 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5875B124234 for ; Fri, 2 Feb 2018 16:55:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WrE4P6BSvwyM for ; Fri, 2 Feb 2018 16:55:29 -0800 (PST) Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E78DE1200C1 for ; Fri, 2 Feb 2018 16:55:28 -0800 (PST) Received: from [216.82.242.46] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-13.bemta-8.messagelabs.com id AF/CB-03109-F78057A5; Sat, 03 Feb 2018 00:55:27 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphl+JIrShJLcpLzFFi42K5obB1h249R2m UwYpF7BYfP65jsZh0fy6jxbxryQ7MHkuW/GTyaN69m8Xj1M1OlgDmKNbMvKT8igTWjCsPPzEX /G1hrLg1dy9bA+PT6i5GLg4WgfdMEs27W9hBHCGBqUwSv2f+Y+pi5ARyjjJKfL6fDWKzCRhIX Nt7HCjOwSEi4CdxZI4QSJhZQFVibt8cFhBbWCBP4vjX/WwgtohAvsScq9ehbCuJWx1TwWpYBF QkmhuWsYPYvAIxEjubzkHtbWOUmDBlNzNIglMgUGLO8qNgNzAKiEl8P7WGCWKZuMStJ/PBbAk BEYmHF0+zQdiiEi8f/2OFqI+RmPv5EFRcSeL22h+MELasxKX53YwgyyQEtjBJnJg/hxUioSex deJbqCJfiY0n/rNCFHUySayZdpsZ5GMJAS2JQ9s5IWqyJSZ8Ow1V7yXx/0w/M0T9cyaJc7ePs 0MkZCTW9m5lgki0s0mcmD6BGRKkKRJTVsGcVy2xY/F29gmMWrOQfDcLqIdZYD6jxJYJF9hngc NJUOLkzCcsEEVREq0TjrFD2FoSU9e+goprSyxb+Jp5FtCxzAKaEscuK6EKg9jWEjN+HWSDsBU lpnQ/hBpjKvH66EfGBYzcqxg1ilOLylKLdA1N9ZKKMtMzSnITM3N0DQ0s9HJTi4sT01NzEpOK 9ZLzczcxAtNhPQMD4w7GA8/dDzFKcjApifLu/FkSJcSXlJ9SmZFYnBFfVJqTWnyIUYaDQ0mCd wt7aZSQYFFqempFWmYOMDHDpCU4eJREeO1B0rzFBYm5xZnpEKlTjPYcV6Y/b2Pm2PLoJZA8AC ZvvHjdxizEkpeflyolzpsC0iYA0pZRmgc3FJZJLjHKSgnzMjIwMAjxFKQW5WaWoMq/YhTnYFQ S5k0DmcKTmVcCt/sV0FlMQGf9zC4EOaskESEl1cDoGHfx6KeqOZGGXXvFRWbrT17WLXsoeM4R AR5NP9mQS2Khm8QVZB8WqjYe2xuoXHzt/C4WNZZ9CTMYn77Mfb+rS03F5qWPw95e7Rzd01PvG Jum2wp/WWzO+VjmafCFy9Iqm9X8Xx9nfxL+fpWRwG7v+Jy8+ed+z7jqddl5grSo3701RdPlN5 xRYinOSDTUYi4qTgQAdhTQvh8EAAA= X-Env-Sender: tim.hollebeek@digicert.com X-Msg-Ref: server-14.tower-96.messagelabs.com!1517619326!100468172!1 X-Originating-IP: [216.32.181.184] X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 30220 invoked from network); 3 Feb 2018 00:55:26 -0000 Received: from mail-by2nam01lp0184.outbound.protection.outlook.com (HELO NAM01-BY2-obe.outbound.protection.outlook.com) (216.32.181.184) by server-14.tower-96.messagelabs.com with AES256-SHA256 encrypted SMTP; 3 Feb 2018 00:55:26 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CYAPL2S0A72V3OCmNvHFSH0y2OghmW5LThKPqaTdSQE=; b=itWnLbaMLYm74tedRZczl9vCWLo/+y20g3Wcd80gItl3t0L9bINTq3LuiV+UWQbe7s+qbSq2Y6Ls8hL+LCj328nMLHieQo3T1TqgNAnq645TrgDdNPcH/Nf/gqqUQfNpPgjrZ9IglozII7v25sZ1mrFWEC3ybjwtQbX+inczf0Q= Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1392.namprd14.prod.outlook.com (10.173.232.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Sat, 3 Feb 2018 00:55:23 +0000 Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([10.173.232.139]) by MWHPR14MB1376.namprd14.prod.outlook.com ([10.173.232.139]) with mapi id 15.20.0444.023; Sat, 3 Feb 2018 00:55:23 +0000 From: Tim Hollebeek To: Ryan Sleevi , Corey Bonnell CC: "spasm@ietf.org" Thread-Topic: [lamps] Ambiguities in RFC 6844 regarding CAA resource record sets with no "issue" property tags Thread-Index: AQHTi+4QDmko90Ob9kiZJwieEDaNDqOR9xiAgAACFtA= Date: Sat, 3 Feb 2018 00:55:22 +0000 Message-ID: References: <878C91A0-6875-47A4-872F-F5D1F7F7AE7E@trustwave.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [74.111.107.128] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR14MB1392; 7:84rfjC0Udt42tZUaWWxMVvJsiBNJbqxhjZJdvalezC2SfHELzAattu8BUO71Wdmff+tf+DQhB7D/1bhU8fOGwKpZiFH66NoCUiPaT7vAaIGvSVpZc1HEOg1Ril+ZgJ+ZL95DIhCLwXnmPPtG5sSvk5GSFUGrU8q9m/bxwetbdoWaXqTwtVvlWnuSDONR8IobFxREv/LwDlUt5Zq1Eom0BEqE7xki/kaN83L7ahICd7QuXCsQpNnrnkgHao9i7zny x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: d4d0cadc-f623-4ba0-29eb-08d56aa0ce6f x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7026125)(7027125)(7023125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1392; x-ms-traffictypediagnostic: MWHPR14MB1392: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(8121501046)(5005006)(3231101)(2400082)(944501161)(93006095)(93001095)(10201501046)(3002001)(6041288)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:MWHPR14MB1392; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1392; x-forefront-prvs: 05724A8921 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7966004)(39380400002)(346002)(376002)(366004)(39860400002)(396003)(51444003)(199004)(189003)(14454004)(76176011)(7696005)(77096007)(316002)(86362001)(790700001)(3846002)(6116002)(186003)(2906002)(110136005)(81156014)(81166006)(508600001)(8676002)(68736007)(97736004)(8936002)(606006)(6506007)(26005)(102836004)(66066001)(3280700002)(236005)(3660700001)(25786009)(2950100002)(4326008)(106356001)(53386004)(99286004)(105586002)(6246003)(229853002)(6306002)(6436002)(53936002)(74316002)(1680700002)(7736002)(9686003)(55016002)(2900100001)(54896002)(33656002)(5660300001)(99936001)(336705003); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1392; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: l/f/FEcb638M6vpwdHXcJvOl/XA7YLTKsQWc2MGAD7aehLkJOQ12NAkeizLbJkr/ITODs7tCFm8dnGKNaKzlJw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_020B_01D39C4E.FB8ED3A0" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4d0cadc-f623-4ba0-29eb-08d56aa0ce6f X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2018 00:55:22.9121 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1392 Archived-At: Subject: Re: [lamps] Ambiguities in RFC 6844 regarding CAA resource record sets with no "issue" property tags X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Feb 2018 00:55:31 -0000 ------=_NextPart_000_020B_01D39C4E.FB8ED3A0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_020C_01D39C4E.FB8ED3A0" ------=_NextPart_001_020C_01D39C4E.FB8ED3A0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > It's not clear to me that "relevant" is not defined by the RFC, given = the following: =20 I agree, and in my response I made it clear that = =E2=80=9Crelevant=E2=80=9D clearly indicates the record set retrieved = via the described algorithm. The wording isn=E2=80=99t the best, but I = think that part is clear. =20 > Means that subdomain1.subdomain2.example.com = . is unrestricted by issuance = (i.e. the parent's restrictions do not apply) because the relevant = record set does not contain an issue field. =20 Unfortunately, I do not believe this is clear, despite it being clear = that this was the intent. There=E2=80=99s explicit text that says that = if there=E2=80=99s no record set is returned issuance is allowed. =20 There is also text that states that if an issue record includes the CA, = issuance is allowed. =20 An overly literal reading of the text would indicate that in the absence = of either of those two conditions (the record set is non empty and there = is no issue tag that allows issuance), then issuance is not allowed. As I pointed out in my analysis, this = reading of the text is inconsistent with text elsewhere in the RFC, and = that your analysis correctly identifies what the RFC *intended* to say. =20 Therefore I support Corey=E2=80=99s errata to make it clear that the RFC = says what we all seem to agree it was intended to say. Just to avoid = any unnecessary compliance silliness. =20 -Tim =20 ------=_NextPart_001_020C_01D39C4E.FB8ED3A0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

> It's = not clear to me that "relevant" is not defined by the RFC, = given the following:

 

I agree, and = in my response I made it clear that =E2=80=9Crelevant=E2=80=9D clearly = indicates the record set retrieved via the described algorithm.=C2=A0 = The wording isn=E2=80=99t the best, but I think that part is = clear.

 

> Means that subdomain1.subdomain2.e= xample.com. is unrestricted by issuance (i.e. the parent's = restrictions do not apply) because the relevant record set does not = contain an issue field.

 

Unfortunately, I do not believe this is clear, despite = it being clear that this was the intent.=C2=A0 There=E2=80=99s explicit = text that says that if there=E2=80=99s no record set is returned = issuance is allowed.

 

There is = also text that states that if an issue record includes the CA, issuance = is allowed.

 

An overly literal reading of the text would indicate = that in the absence of either of those two conditions (the record set is = non empty and there is no issue tag that allows = issuance),

then issuance is not = allowed.=C2=A0 As I pointed out in my analysis, this reading of the text = is inconsistent with text elsewhere in the RFC, and that your analysis = correctly identifies what the

RFC = *intended* to say.

 

Therefore I = support Corey=E2=80=99s errata to make it clear that the RFC says what = we all seem to agree it was intended to say.=C2=A0 Just to avoid any = unnecessary compliance silliness.

 

-Tim

 

------=_NextPart_001_020C_01D39C4E.FB8ED3A0-- ------=_NextPart_000_020B_01D39C4E.FB8ED3A0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTgwMjAzMDA1NTE2WjAvBgkqhkiG9w0BCQQxIgQg7CCyuhhpFBDlvFDTgR0kJN3sCR21 Lv/5NDi/7e9T474wgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAMNa0vj5JhS2CAC2DnZL3DYXuN7gYKWtKS1PMRMGCnRQdts/LreJ900mFeq7azciq8FgWBN3 3uKN93IfoabyN6SxcYBF7F0y+X2MyvwjOjd5sn02j05nvVk6D8GZLk3a+WA1Z24oGnFPO/kzY02f GXwBUVA+aLe//M0E6UQ9B7h/VvC0QEu97HQrUVHxS0ei7qdIhDGY2QQ0yAyjOSU6EuObuWODw51R oDpXyh9V6RezBOLjmw7Gpf66ozQTy6HKZdNiKg2cmbSzr+0bXn8+YKHgoXL6x9+c2oZqaUhNhtW9 8EHIqMI2pO0kb2ZEHLJuMkS11S0XSH9d/eSOSNjAh5YAAAAAAAA= ------=_NextPart_000_020B_01D39C4E.FB8ED3A0-- From nobody Wed Feb 7 10:14:12 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 01ED9124F57; Wed, 7 Feb 2018 10:14:07 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Spencer Dawkins To: "The IESG" Cc: lamps-chairs@ietf.org, spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151802724697.4759.5326501296981118086.idtracker@ietfa.amsl.com> Date: Wed, 07 Feb 2018 10:14:06 -0800 Archived-At: Subject: [lamps] Spencer Dawkins' No Objection on charter-ietf-lamps-01-00: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2018 18:14:07 -0000 Spencer Dawkins has entered the following ballot position for charter-ietf-lamps-01-00: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-lamps/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Nice work on this one. This is very nit-picky, but perhaps placing the explanation of each topic immediately following the list item naming the topic would be clearer? Like, so: Having completed the S/MIME 4.0 specifications and updates to support i18n email addresses in PKIX certificates, the LAMPS WG is now tackling these topics: 1. Specify a discovery mechanism for CAA records to replace the one described in RFC 6844. RFC 6844 describes the mechanism by which CAA records relating to a domain are discovered. Implementation experience has demonstrated an ambiguity in the current processing of CNAME and DNAME records during discovery. Subsequent discussion has suggested that a different discovery approach would resolve limitations inherent in the current approach. 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME. Unlike the previous hashing standards, the SHA-3 family of functions are the outcome of an open competition. They have a clear design rationale and have received a lot of public analysis, which gives great confidence that the SHA-3 family of functions are secure. Also, since SHA-3 uses a very different construction from SHA-2, the SHA-3 family of functions offers an excellent alternative. In particular, SHAKE128/256 and SHAKE256/512 offer security and performance benefits. From nobody Wed Feb 7 20:39:47 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F49E12D84E; Wed, 7 Feb 2018 20:39:42 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Adam Roach To: "The IESG" Cc: lamps-chairs@ietf.org, spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151806478242.17065.9285357666214614716.idtracker@ietfa.amsl.com> Date: Wed, 07 Feb 2018 20:39:42 -0800 Archived-At: Subject: [lamps] Adam Roach's No Objection on charter-ietf-lamps-01-00: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 04:39:42 -0000 Adam Roach has entered the following ballot position for charter-ietf-lamps-01-00: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-lamps/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- It's probably a good idea to adjust the milestones so that they all have future dates on them. From nobody Thu Feb 8 11:27:15 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4F21270AE for ; Thu, 8 Feb 2018 11:27:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMgYExiNpa4A for ; Thu, 8 Feb 2018 11:27:11 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3534E12706D for ; Thu, 8 Feb 2018 11:27:11 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 294E3300A0D for ; Thu, 8 Feb 2018 14:27:09 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id kcP0i1w1C2Ee for ; Thu, 8 Feb 2018 14:27:07 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 78E35300418; Thu, 8 Feb 2018 14:27:07 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) From: Russ Housley In-Reply-To: <151806478242.17065.9285357666214614716.idtracker@ietfa.amsl.com> Date: Thu, 8 Feb 2018 14:27:08 -0500 Cc: IESG , SPASM Content-Transfer-Encoding: quoted-printable Message-Id: References: <151806478242.17065.9285357666214614716.idtracker@ietfa.amsl.com> To: Adam Roach X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [lamps] Adam Roach's No Objection on charter-ietf-lamps-01-00: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Feb 2018 19:27:13 -0000 I suggest the following updated milestones... Mar 2018: Adopt a draft for rfc6844bis Apr 2018: Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512 Apr 2018: Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512 Jul 2018: rfc6844bis sent to IESG for standards track publication Sep 2018: SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for standards track publication Sep 2018: SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for standards track publication Russ > On Feb 7, 2018, at 11:39 PM, Adam Roach wrote: >=20 > Adam Roach has entered the following ballot position for > charter-ietf-lamps-01-00: No Objection >=20 > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut = this > introductory paragraph, however.) >=20 >=20 >=20 > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-lamps/ >=20 >=20 >=20 > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >=20 > It's probably a good idea to adjust the milestones so that they all = have future dates on them. >=20 >=20 From nobody Fri Feb 9 08:58:51 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6461C1200FC; Fri, 9 Feb 2018 08:58:49 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.72.0 Auto-Submitted: auto-generated Precedence: bulk Cc: spasm@ietf.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <151819552936.1301.2604488310643481748.idtracker@ietfa.amsl.com> Date: Fri, 09 Feb 2018 08:58:49 -0800 Archived-At: Subject: [lamps] WG Review: Limited Additional Mechanisms for PKIX and SMIME (lamps) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2018 16:58:49 -0000 The Limited Additional Mechanisms for PKIX and SMIME (lamps) WG in the Security Area of the IETF is undergoing rechartering. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2018-02-19. Limited Additional Mechanisms for PKIX and SMIME (lamps) ----------------------------------------------------------------------- Current status: Active WG Chairs: Russ Housley Assigned Area Director: Eric Rescorla Security Area Directors: Kathleen Moriarty Eric Rescorla Mailing list: Address: spasm@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/spasm Archive: https://mailarchive.ietf.org/arch/browse/spasm/ Group page: https://datatracker.ietf.org/group/lamps/ Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/ The PKIX and S/MIME Working Groups have been closed for some time. Some updates have been proposed to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group. The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working Group is chartered to make updates where there is a known constituency interested in real deployment and there is at least one sufficiently well specified approach to the update so that the working group can sensibly evaluate whether to adopt a proposal. Having completed the S/MIME 4.0 specifications and updates to support i18n email addresses in PKIX certificates, the LAMPS WG is now tackling these topics: 1. Specify a discovery mechanism for CAA records to replace the one described in RFC 6844. 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME. RFC 6844 describes the mechanism by which CAA records relating to a domain are discovered. Implementation experience has demonstrated an ambiguity in the current processing of CNAME and DNAME records during discovery. Subsequent discussion has suggested that a different discovery approach would resolve limitations inherent in the current approach. Unlike the previous hashing standards, the SHA-3 family of functions are the outcome of an open competition. They have a clear design rationale and have received a lot of public analysis, which gives great confidence that the SHA-3 family of functions are secure. Also, since SHA-3 uses a very different construction from SHA-2, the SHA-3 family of functions offers an excellent alternative. In particular, SHAKE128/256 and SHAKE256/512 offer security and performance benefits. In addition, the LAMPS Working Group may investigate other updates to the documents produced by the PKIX and S/MIME Working Groups, but the LAMPS Working Group shall not adopt any of these potential work items without rechartering. Milestones: Apr 2018 - Adopt a draft for rfc6844bis Apr 2018 - Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512 Apr 2018 - Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512 Apr 2018 - rfc6844bis sent to IESG for standards track publication Sep 2018 - SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for standards track publication Sep 2018 - SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for standards track publication From nobody Sat Feb 10 15:57:24 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CA911270FC for ; Sat, 10 Feb 2018 15:57:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mWzQTTA4xchj for ; Sat, 10 Feb 2018 15:57:21 -0800 (PST) Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8603A1242F7 for ; Sat, 10 Feb 2018 15:57:21 -0800 (PST) Received: by mail-yw0-x233.google.com with SMTP id x193so19625ywg.0 for ; Sat, 10 Feb 2018 15:57:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Iq+fhDd/2NLB4EfR9NLVAr8PD/OEzKTdQvTqO+tf630=; b=KEdnar2Q8d/3LgxYnYH0f7fcPFEOD1hrO7zDZDDrOnLkP9mqUD/sJoBYmDVRr0JFAN euYw2C6/T2M4vRDAWZUKe+Su0z8p2BzOcn603kg95YTtn0a+yftA4ob6AOEDuEM7ee48 Ubzvd6m7C0UIWqUqbcZrUYHUTuB3yTxeYUukf7CulIjd2zEF58Ks8RfRBzluNRJf2Mkm KEIOYQWEgzkTSiDBO+uApTPZ4P1X/m6ZaGMTlF/Mew4sWYYXXsqyuYvsl9Wk6VRGy2EN obnP2HnJgKKyzgeYSYLTtUrFCYvU3bR0rz4fpYXAodhrPauADpIPPDsAxiQbNrLTwDc6 Z2eQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Iq+fhDd/2NLB4EfR9NLVAr8PD/OEzKTdQvTqO+tf630=; b=Mk6FUJ7m4WY2dmwooKpcpwkIC5YIJy/3d4dEFQ+eWBkNWgQGNAFKqhJAweWtLSD8oN ocRaLlpD23v5swjFXaqtubl7R8R47yOLprzJMwMCmiP0cDrVkA/P0NM1A/JREDMsLMmQ UgDNMC29C1K9sO4UUG2t/2E/9G1RtuHFor3PfYcmV+wFZlQu9yqVweCsJiVcpEQJM3Zq OgRWMU6a1uNQ3gsxkLxhmKODMiumR43Askt/0mPqu6EHeIV3VyiB08j7Y2tQZzS/BuKz O7mUxDbTNQHWN2fQ3IXbGfQt3K2Tz3Dn7UMpd661OW40cQxs0sCY1Ij3EARJQL4TWaQF 5xEw== X-Gm-Message-State: APf1xPB6ZLfnzZ+1QEUas/AL522blUULrcWojHGi4camOKPBdCcjQXo5 AzZyATFB63wZF/S9IXVBlVSe8/yLTYk9KaZKj7/+Sg== X-Google-Smtp-Source: AH8x226rBp59HzfHvfmN9WWIONm841XwGFehkcx1VLpNK7TrM56HC0y/Bw0CFDOKvZqKOiWS4vY28/32L4tJOwYISWI= X-Received: by 10.129.153.201 with SMTP id q192mr5004725ywg.504.1518307040690; Sat, 10 Feb 2018 15:57:20 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.160.201 with HTTP; Sat, 10 Feb 2018 15:56:40 -0800 (PST) In-Reply-To: <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> From: Eric Rescorla Date: Sat, 10 Feb 2018 15:56:40 -0800 Message-ID: To: Alexey Melnikov Cc: Suresh Krishnan , The IESG , SPASM , lamps-chairs@ietf.org, draft-ietf-lamps-eai-addresses@ietf.org, Russ Housley Content-Type: multipart/alternative; boundary="94eb2c0b7332d22f880564e46720" Archived-At: Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Feb 2018 23:57:23 -0000 --94eb2c0b7332d22f880564e46720 Content-Type: text/plain; charset="UTF-8" Suresh: ping? On Thu, Jan 11, 2018 at 8:11 AM, Alexey Melnikov wrote: > Hi Suresh, > > On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote: > > Suresh Krishnan has entered the following ballot position for > > draft-ietf-lamps-eai-addresses-15: No Objection > > > > I think some of the comparison issues brought up in RFC6943 might be > relevant > > in the Security Considerations here. > > Can you be more specific? Are you thinking about confusable characters or > about something else? > > Thank you, > Alexey > > --94eb2c0b7332d22f880564e46720 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Suresh: ping?

On Thu, Jan 11, 2018 at 8:11 AM, Alexey Melnikov <= aamelnikov@fastmail.fm> wrote:
Hi Suresh,

On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote:
> Suresh Krishnan has entered the following ballot position for
> draft-ietf-lamps-eai-addresses-15: No Objection
>
> I think some of the comparison issues brought = up in RFC6943 might be relevant
> in the Security Considerations here.

Can you be more specific? Are you thinking about confusable characte= rs or about something else?

Thank you,
Alexey


--94eb2c0b7332d22f880564e46720-- From nobody Sun Feb 11 23:18:00 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A97A0126CF6; Sun, 11 Feb 2018 23:17:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.901 X-Spam-Level: X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AW_jFiVvsWIc; Sun, 11 Feb 2018 23:17:57 -0800 (PST) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660092.outbound.protection.outlook.com [40.107.66.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B652D1201F8; Sun, 11 Feb 2018 23:17:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.onmicrosoft.com; s=selector1-kaloom-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qNtIWvY8D6C7oZLWJrUaxvsV6cjPA2ryikYKIn168sA=; b=feUy//iWXdENmMJ37u3PLfs4l8fle7iBfaTZGn+HcrcRBdVn8i0jP8A1g+p1TjkGF+8x0MqRDpCNcGIB7Fq8uRJ5zicCuqjZLgX0XVsdEsO33V+9lCOtlJE4jFYUGCEq9HOogRjYy9k4g6rptR+nyYhBRZXnZ6ZbmG2HZqmyb/k= Received: from YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM (52.132.77.143) by YQXPR0101MB1894.CANPRD01.PROD.OUTLOOK.COM (52.132.75.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Mon, 12 Feb 2018 07:17:52 +0000 Received: from YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM ([fe80::2903:f315:10e0:c9c9]) by YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM ([fe80::2903:f315:10e0:c9c9%13]) with mapi id 15.20.0485.015; Mon, 12 Feb 2018 07:17:52 +0000 From: Suresh Krishnan To: Alexey Melnikov CC: The IESG , "spasm@ietf.org" , "lamps-chairs@ietf.org" , "draft-ietf-lamps-eai-addresses@ietf.org" , "housley@vigilsec.com" Thread-Topic: Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) Thread-Index: AQHTivbpv1XskNCM9kSVrS36C/KQcaOgjUIA Date: Mon, 12 Feb 2018 07:17:52 +0000 Message-ID: <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> In-Reply-To: <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com; x-originating-ip: [45.19.110.76] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YQXPR0101MB1894; 6:nVZgrcpjWrppp/I+wF92+gZrrkxJmFPNty0QTGTkmSZaqbkpenug05Q0yonQTavrKJ+qcl7Ue2G/ijkjBl1jSHVI0om0/Ee8ENRTKEB+GgvWD1UUOguH69zsDaphenWEicAd3cNJDNPlxiYFDx9SlGsQZ1t8BaxHHItcFhKBb5ZCcKJ7ZWAL0qb4z4/x4B/SG7+zKx9B/RSLIhg5SYjekFVvEDT3dFC/T+NuPdg7iLb8ZMpIePbIHHUN957p87LGqCAeY7qzVgThz/n10LVVMdgviXb7WyCJnc2DzZWh4rqpNLFynxLKN7Xvw4S8hQBQ82UyGHaW67x+O4BGn0KYHMgKsGGvttUdc4ErcLYxPxaDhfkLZH1rwWnbiyeFVzqW; 5:YvEdCLx+ssFcOg7j0B1OSbt7wT9xFdKmIWqa6XK8a32Hh5/ovY3u3+UBjvhVKbcj7TTvigj5Q5szq6ne8YQGSaEoInv9y0JhQ+bQRy+3SHy0ZdwB6yCQCnadhuWhWNvUAMRL7Ouu8VJj+nK/MqFQNnadswYiXuGjW4/IKifY4e8=; 24:f10MC4XW0Tlb0uVKCzEZwTZR9xo7/0/fySTcoybqRtI6VUKc73avoL+SDTI1Ycqfnmm6W53uGDc+aip2D4GmZCYfvdjEpDRUiTFVHxcZav0=; 7:Nta36KGCg14bJTLK/cfjPKAJjh0o0A0D7V4OXsM/BP8YaUszl8JabbAggspOasaYvGKeaNjvXEH4z1ZU45K85/dWumB6HLNi7wiMrsGM/Revt0u62Y2FJhgkU+OXAf+cUExQWMfu63jv1QgYjaBiHmoXwo5lsbdopUBo1PtZ4C9tJjxAO+svByT7XOK10C3l/r/Sk7557FquD8N3zsbokD/+k9XB8C/AVtJ5r4lHNzfU+ZhpuL7YDMZb+t9SrsVx x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 30b5cab9-4125-431f-2e01-08d571e8bb08 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603307)(7153060)(7193020); SRVR:YQXPR0101MB1894; x-ms-traffictypediagnostic: YQXPR0101MB1894: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3002001)(3231101)(2400082)(944501161)(6041288)(20161123562045)(20161123560045)(20161123558120)(20161123564045)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:YQXPR0101MB1894; BCL:0; PCL:0; RULEID:; SRVR:YQXPR0101MB1894; x-forefront-prvs: 0581B5AB35 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(346002)(366004)(396003)(376002)(39830400003)(199004)(189003)(105586002)(6916009)(6116002)(4326008)(3660700001)(305945005)(102836004)(6506007)(26005)(316002)(5660300001)(53546011)(59450400001)(2906002)(6486002)(25786009)(6436002)(229853002)(6512007)(186003)(68736007)(7736002)(53936002)(3280700002)(2950100002)(3846002)(6246003)(33656002)(99286004)(82746002)(8666007)(80792005)(97736004)(2900100001)(66066001)(72206003)(81166006)(86362001)(478600001)(83716003)(54906003)(14454004)(8936002)(81156014)(106356001)(5250100002)(8676002)(76176011)(36756003); DIR:OUT; SFP:1102; SCL:1; SRVR:YQXPR0101MB1894; H:YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: asMko3LbYXXfo1wwLootiw4TbjU2T+EtcOMnpK3wIxQMxWq/RoUsLfCFnQ8n1JhbNpc1q8jcKaULwIJwgo1uRw== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <3A599660F67F5749BF73C6283550C997@CANPRD01.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: kaloom.com X-MS-Exchange-CrossTenant-Network-Message-Id: 30b5cab9-4125-431f-2e01-08d571e8bb08 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2018 07:17:52.6395 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513 X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR0101MB1894 Archived-At: Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 07:17:59 -0000 Hi Alexey, > On Jan 11, 2018, at 11:11 AM, Alexey Melnikov wr= ote: >=20 > Hi Suresh, >=20 > On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote: >> Suresh Krishnan has entered the following ballot position for >> draft-ietf-lamps-eai-addresses-15: No Objection >>=20 >> I think some of the comparison issues brought up in RFC6943 might be rel= evant >> in the Security Considerations here. >=20 > Can you be more specific? Are you thinking about confusable characters or= about something else? Yep. Exactly about visually confusable characters. Thanks Suresh From nobody Mon Feb 12 02:39:52 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E7891273E2; Mon, 12 Feb 2018 02:39:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.72 X-Spam-Level: X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=xiHcE8AF; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=NDBJEBBm Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hTsPSNZk9mWV; Mon, 12 Feb 2018 02:39:48 -0800 (PST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A329E127369; Mon, 12 Feb 2018 02:39:48 -0800 (PST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A20E020C68; Mon, 12 Feb 2018 05:39:47 -0500 (EST) Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Mon, 12 Feb 2018 05:39:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=DRAGM+Z3dqnFnueeIlCEG+2BFx9Iw WSgiX/cBitmf3Y=; b=xiHcE8AFBsbCGS27CXW6scPyS79FsH3kbOaOtVYCXgir/ W0tpnoZ/+tvI6w5Z/acVE8ZwoZPm/W5F0IGFsSBVrEETVeeCq7Vb2I9TO5PeVBh7 04HiCciBwr3rKVc4OEQZU/3iCzmohSbi8QYnDR4YwZyVzsQU1NRtKUmcC0eao96Z m0gFQHhiuxdYZwKiRVCvJHZHASHp9BqSzYT3BhI32jpYEpY6sSOpUHIoB76X+y/I 6n4DLvzw4NF5NbZGFOVeoyXMEd6Z4tkbm8xNxsCE6iE0x2JHZXMtSzWiplkWJPUr AExtaqme+wrYygzbykUC8Hi7ioWz1qkKerQ9Mm/Ew== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=DRAGM+ Z3dqnFnueeIlCEG+2BFx9IwWSgiX/cBitmf3Y=; b=NDBJEBBmEQqtwL4yelfeVv 1hR6k2MJAS/STJMt5NVLT/aRcz2AjkEWgiWv+6iuLPOwfLzj0lsrrxOka1scKXgB 7zNikd7SSE046cPGRbx96+wNvLmMN9yEx+XUoYjEQlJfR47MvomSrk0PGhuBGjwk mTiJSLSEFuniv6FTFPlbvoUk+TOmUFLpcAW1Ue6ECxs2Of5l5ytGeRM0wDwyY0Ak 7latuj2hRK913wrxZutN7ZN5WNre7pt9IxISrxtq21MPWyofKfEyJJAq0ij6AXUF j/jYyehnjFo3CJSsYPjMTCRmSxybOJFTi1c8NV5IYER+yVRnVkQlmmpm/igU9AoA == X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id 74CC69E0EF; Mon, 12 Feb 2018 05:39:47 -0500 (EST) Message-Id: <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com> From: Alexey Melnikov To: Suresh Krishnan Cc: The IESG , spasm@ietf.org, lamps-chairs@ietf.org, draft-ietf-lamps-eai-addresses@ietf.org, housley@vigilsec.com MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-fde26eb3 In-Reply-To: <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> Date: Mon, 12 Feb 2018 10:39:47 +0000 Archived-At: Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 10:39:50 -0000 Hi Suresh, On Mon, Feb 12, 2018, at 7:17 AM, Suresh Krishnan wrote: > Hi Alexey, > > > On Jan 11, 2018, at 11:11 AM, Alexey Melnikov wrote: > > > > Hi Suresh, > > > > On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote: > >> Suresh Krishnan has entered the following ballot position for > >> draft-ietf-lamps-eai-addresses-15: No Objection > >> > >> I think some of the comparison issues brought up in RFC6943 might be relevant > >> in the Security Considerations here. > > > > Can you be more specific? Are you thinking about confusable characters or about something else? > > Yep. Exactly about visually confusable characters. The document already covers that: 7. Security Considerations Use of SmtpUTF8Mailbox for certificate subjectAltName (and issuerAltName) will incur many of the same security considerations as in Section 8 in [RFC5280], but introduces a new issue by permitting non-ASCII characters in the email address local-part. This issue, as mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], is that use of Unicode introduces the risk of visually similar and identical characters which can be exploited to deceive the recipient. The former document references some means to mitigate against these attacks. I looked at RFC 6943. While it is a good document, I don't see an obvious way of referencing it. There is so much material there unrelated to Internationalization, so it is difficult to find a useful way of referencing it. If you have some specific suggestions, please let me know. Thank you, Alexey From nobody Mon Feb 12 02:47:46 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ACCC120454; Mon, 12 Feb 2018 02:47:39 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151843245906.8018.5145711174951452139@ietfa.amsl.com> Date: Mon, 12 Feb 2018 02:47:39 -0800 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-eai-addresses-17.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 10:47:39 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internationalized Email Addresses in X.509 certificates Authors : Alexey Melnikov Weihaw Chuang Filename : draft-ietf-lamps-eai-addresses-17.txt Pages : 11 Date : 2018-02-12 Abstract: This document defines a new name form for inclusion in the otherName field of an X.509 Subject Alternative Name and Issuer Alternative Name extension that allows a certificate subject to be associated with an Internationalized Email Address. This document updates RFC 5280. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-eai-addresses/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-eai-addresses-17 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-eai-addresses-17 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-eai-addresses-17 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Mon Feb 12 19:53:31 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D7D8126C89; Mon, 12 Feb 2018 19:53:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kaloom.onmicrosoft.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3tmvbIyGWYNo; Mon, 12 Feb 2018 19:53:22 -0800 (PST) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670131.outbound.protection.outlook.com [40.107.67.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A671120227; Mon, 12 Feb 2018 19:53:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kaloom.onmicrosoft.com; s=selector1-kaloom-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Vx4eu2VG8DBuOkQCc53ZE6gF8Y5rtO+4oTTM6YqO5O4=; b=I1gqnKsnM+SRw+TAbupT0ZS02OCCbe7RJzNHaZAx8eSJu/66oN1n622tavjZZObTO2Xc0kuBDF0bNPDKRAK9BZ7uLpR543zBphTP9y5Z+MLfWOMbd/nvNyy4zveBIgpGYN3ium9RhkooDkCmAngCBlX6YW82L8Tb2Cb7Su/c7qA= Received: from YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM (52.132.77.143) by YQXPR0101MB2152.CANPRD01.PROD.OUTLOOK.COM (52.132.79.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Tue, 13 Feb 2018 03:53:20 +0000 Received: from YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM ([fe80::2903:f315:10e0:c9c9]) by YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM ([fe80::2903:f315:10e0:c9c9%13]) with mapi id 15.20.0485.016; Tue, 13 Feb 2018 03:53:20 +0000 From: Suresh Krishnan To: Alexey Melnikov CC: "spasm@ietf.org" , "lamps-chairs@ietf.org" , "draft-ietf-lamps-eai-addresses@ietf.org" , "housley@vigilsec.com" , The IESG Thread-Topic: Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) Thread-Index: AQHTivbpv1XskNCM9kSVrS36C/KQcaOgjUIAgAA4aoCAASDEgA== Date: Tue, 13 Feb 2018 03:53:20 +0000 Message-ID: <31F17EFC-2DE2-4614-BAC7-6822E7C152C5@kaloom.com> References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com> In-Reply-To: <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [45.19.110.76] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YQXPR0101MB2152; 7:V9Es0SrsBT7S9WOrwOXUIrHt90aYJIMl4hyd5GcvJsQ63pTljdGGQDBsAceFwKYTGNr6uQSwX7yJZE+dObsfB1vdjfM6SkanDkvEloCU+sXAuaoK2yCLPaNKkqz1iGX9m/nWAnC615o/j26qOwrR3mdFaDfsstBxVM24tisWFSz/qR/fTp+jma9bO2ynLnLVmTl40bo97qUdpmg6UJmOUk560TLU/5ILb/FB/9ROvAsl56OKdSqo/aaXw+hqenNT x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: ee7bfd74-9e3c-4507-c3e4-08d5729552b2 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(5600026)(4604075)(3008032)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(2017052603307)(7153060)(7193020); SRVR:YQXPR0101MB2152; x-ms-traffictypediagnostic: YQXPR0101MB2152: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(192374486261705); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231101)(944501161)(6041288)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(2016111802025)(6043046)(6072148)(201708071742011); SRVR:YQXPR0101MB2152; BCL:0; PCL:0; RULEID:; SRVR:YQXPR0101MB2152; x-forefront-prvs: 0582641F53 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(346002)(366004)(376002)(39380400002)(396003)(189003)(199004)(31014005)(80792005)(229853002)(36756003)(2900100001)(99286004)(68736007)(2906002)(97736004)(54906003)(316002)(5660300001)(3660700001)(3280700002)(7736002)(26005)(5250100002)(3846002)(186003)(6116002)(6346003)(82746002)(83716003)(102836004)(76176011)(93886005)(53546011)(6506007)(59450400001)(86362001)(14454004)(53936002)(33656002)(8666007)(25786009)(6486002)(72206003)(81156014)(8676002)(81166006)(106356001)(4326008)(6436002)(6916009)(2950100002)(236005)(54896002)(6246003)(478600001)(8936002)(66066001)(105586002)(6512007); DIR:OUT; SFP:1102; SCL:1; SRVR:YQXPR0101MB2152; H:YQXPR0101MB2054.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: kaloom.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Suresh@kaloom.com; x-microsoft-antispam-message-info: 5DdhL4gnnWxd1GEvtith/Eyuhf/mqbhWd28bq8E+RI2ECsrzY0odUZ0utSG2w/ez18/AbXYr/ZnCi3z/HtiLMQ== spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_31F17EFC2DE24614BAC76822E7C152C5kaloomcom_" MIME-Version: 1.0 X-OriginatorOrg: kaloom.com X-MS-Exchange-CrossTenant-Network-Message-Id: ee7bfd74-9e3c-4507-c3e4-08d5729552b2 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2018 03:53:20.4684 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 47d58e26-f796-48e8-ac40-1c365c204513 X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR0101MB2152 Archived-At: Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2018 03:53:25 -0000 --_000_31F17EFC2DE24614BAC76822E7C152C5kaloomcom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Alexey, On Feb 12, 2018, at 5:39 AM, Alexey Melnikov > wrote: Hi Suresh, On Mon, Feb 12, 2018, at 7:17 AM, Suresh Krishnan wrote: Hi Alexey, On Jan 11, 2018, at 11:11 AM, Alexey Melnikov > wrote: Hi Suresh, On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote: Suresh Krishnan has entered the following ballot position for draft-ietf-lamps-eai-addresses-15: No Objection I think some of the comparison issues brought up in RFC6943 might be releva= nt in the Security Considerations here. Can you be more specific? Are you thinking about confusable characters or a= bout something else? Yep. Exactly about visually confusable characters. The document already covers that: 7. Security Considerations Use of SmtpUTF8Mailbox for certificate subjectAltName (and issuerAltName) will incur many of the same security considerations as in Section 8 in [RFC5280], but introduces a new issue by permitting non-ASCII characters in the email address local-part. This issue, as mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], is that use of Unicode introduces the risk of visually similar and identical characters which can be exploited to deceive the recipient. The former document references some means to mitigate against these attacks. I looked at RFC 6943. While it is a good document, I don't see an obvious w= ay of referencing it. There is so much material there unrelated to Internat= ionalization, so it is difficult to find a useful way of referencing it. If= you have some specific suggestions, please let me know. I thought of putting in a reference to Section 4.2. of RFC6943 could be use= ful especially since I personally found the reference to [WEBER] there very= useful to understand the potential attacks. That said, maybe that is only = because I am a total outsider to this space and these could be well underst= ood attacks in the community that is the target of the draft. I am fine to = proceed without adding a reference. Thanks for checking to see if this is c= overed. Regards Suresh --_000_31F17EFC2DE24614BAC76822E7C152C5kaloomcom_ Content-Type: text/html; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable Hi Alexey,

On Feb 12, 2018, at 5:39 AM, Alexey Melnikov <aamelnikov@fastmail.fm> w= rote:

Hi Suresh,

On Mon, Feb 12, 2018, at 7:17 AM, Suresh Krishnan wrote:
Hi Alexey,

On Jan 11, 2018, at 11:11 AM, Alexey M= elnikov <aamelnikov= @fastmail.fm> wrote:

Hi Suresh,

On Thu, Jan 11, 2018, at 3:11 AM, Suresh Krishnan wrote:
Suresh Krishnan has entered the follow= ing ballot position for
draft-ietf-lamps-eai-addresses-15: No Objection

I think some of the comparison issues brought up in RFC6943 might be releva= nt
in the Security Considerations here.

Can you be more specific? Are you thinking about confusable characters or a= bout something else?

Yep. Exactly about visually confusable characters.

The document already covers that:

7.  Security Considerations

  Use of SmtpUTF8Mailbox for certificate subjectAltName (and
  issuerAltName) will incur many of the same security considerations as
  in Section 8 in [RFC5280], but introduces a new issue by permitting   non-ASCII characters in the email address local-part.  This issue, as   mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532],
  is that use of Unicode introduces the risk of visually similar and
  identical characters which can be exploited to deceive the recipient.
  The former document references some means to mitigate against these
  attacks.

I looked at RFC 6943. While it is a good document, I don't see an obvious wa= y of referencing it. There is so much material there unrelated to Internati= onalization, so it is difficult to find a useful way of referencing it. If = you have some specific suggestions, please let me know.

I thought of putting in a reference to Section 4.2. of RFC6943 could be use= ful especially since I personally found the reference to [WEBER] there very= useful to understand the potential attacks. That said, maybe that is only = because I am a total outsider to this space and these could be well understood attacks in the community tha= t is the target of the draft. I am fine to proceed without adding a referen= ce. Thanks for checking to see if this is covered.

Regards
Suresh

--_000_31F17EFC2DE24614BAC76822E7C152C5kaloomcom_-- From nobody Fri Feb 16 06:54:12 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C0B411273B1; Fri, 16 Feb 2018 06:54:04 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151879284474.4997.2807454511049646217@ietfa.amsl.com> Date: Fri, 16 Feb 2018 06:54:04 -0800 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 14:54:05 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional SHAKE Algorithms and Identifiers for RSA and ECDSA Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-01.txt Pages : 10 Date : 2018-02-16 Abstract: This document describes the conventions for using the SHAKE family of hash functions in the Internet X.509 as one-way hash functions with the RSA and ECDSA signature algorithms; the conventions for the associated subject public keys are also described. Digital signatures are used to sign messages, certificates and CRLs (Certificate Revocation Lists). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-01 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Feb 16 06:57:17 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CFF9128954 for ; Fri, 16 Feb 2018 06:57:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.531 X-Spam-Level: X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8sKjzKUmfs3 for ; Fri, 16 Feb 2018 06:57:13 -0800 (PST) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31015127869 for ; Fri, 16 Feb 2018 06:57:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2402; q=dns/txt; s=iport; t=1518793033; x=1520002633; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=IsD22V+2M6bTqs9+UW3FWyyb6kzNk6+5//Feg/rEsgY=; b=Xvm2b3p93SPvxoxml81FWecPei2Geo40/plORA5Ge2Qf9Rr56WhcA8qb iRAbmHHPl0TRM85GTBxsmEqvXh4xd+dhHmDrfB5zqvwweXjbawWySW4UJ Vlp0TsNxo1qcGJPTP/ZKklIJEDyG7I15XUVkYF+cRXnXHg5ZrN7w2exBU 0=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BBAQA58IZa/4sNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNPZnAoCo1vjgKCAoEXlkkUggIKGAuFGAKCRlQYAQIBAQEBAQE?= =?us-ascii?q?Cax0LhSMBAQEBAwEBODQXBAIBCBEEAQEfCQcnCxQJCAIEEwiKGRCwAoh7ghMBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEdhQSCKIFXgWiDLoMwAQECAQEXgS8PhhQFpDU?= =?us-ascii?q?JAogijV2CKWeFQ4t+jgaJbAIRGQGBOwEfOYFRcBUZIYJDCYJKARyCBniLMoE0g?= =?us-ascii?q?RkBAQE?= X-IronPort-AV: E=Sophos;i="5.46,519,1511827200"; d="scan'208";a="71896292" Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 14:57:12 +0000 Received: from XCH-ALN-009.cisco.com (xch-aln-009.cisco.com [173.36.7.19]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w1GEvCJ6030163 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 16 Feb 2018 14:57:12 GMT Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-009.cisco.com (173.36.7.19) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 16 Feb 2018 08:57:11 -0600 Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1320.000; Fri, 16 Feb 2018 08:57:11 -0600 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt Thread-Index: AQHTpzYMv5CxAuA6J0+txyXuSFu9BaOnHf6g Date: Fri, 16 Feb 2018 14:57:11 +0000 Message-ID: References: <151879284474.4997.2807454511049646217@ietfa.amsl.com> In-Reply-To: <151879284474.4997.2807454511049646217@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.116.108.3] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 14:57:16 -0000 Hello all,=20 This draft updates the previous -00 version, based on group feedback. The u= pdates include=20 * Removed DSA after WG discussions. * Updated shake OID names and parameters, added MGF1 section. * Changed titles and section names. * Updated RSASSA-PSS section. * Added Public key algorithm OIDs. * Populated Introduction and IANA sections. Rgs, Panos -----Original Message----- From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of internet-drafts@ie= tf.org Sent: Friday, February 16, 2018 9:54 AM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additio= nal SHAKE Algorithms and Identifiers for RSA and ECDSA Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-01.txt Pages : 10 Date : 2018-02-16 Abstract: This document describes the conventions for using the SHAKE family of hash functions in the Internet X.509 as one-way hash functions with the RSA and ECDSA signature algorithms; the conventions for the associated subject public keys are also described. Digital signatures are used to sign messages, certificates and CRLs (Certificate Revocation Lists). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-01 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-01 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Fri Feb 16 08:52:29 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD65128959; Fri, 16 Feb 2018 08:52:21 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.72.2 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151879994128.1361.3716893145282339191@ietfa.amsl.com> Date: Fri, 16 Feb 2018 08:52:21 -0800 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 16:52:21 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) Authors : Quynh Dang Panos Kampanakis Filename : draft-ietf-lamps-cms-shakes-00.txt Pages : 9 Date : 2018-02-16 Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-00 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Fri Feb 16 08:59:07 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56A71126BFD for ; Fri, 16 Feb 2018 08:59:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgpo9CVPv05n for ; Fri, 16 Feb 2018 08:59:04 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9E63126579 for ; Fri, 16 Feb 2018 08:59:03 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CA96830063A for ; Fri, 16 Feb 2018 11:59:01 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 1_LhhVDvtqiN for ; Fri, 16 Feb 2018 11:59:00 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 8CC453002AD for ; Fri, 16 Feb 2018 11:59:00 -0500 (EST) From: Russ Housley Content-Type: multipart/alternative; boundary="Apple-Mail=_16412A47-CE3D-4C7A-A111-20CD6939D9B8" Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Fri, 16 Feb 2018 11:59:04 -0500 References: <151879284474.4997.2807454511049646217@ietfa.amsl.com> To: SPASM In-Reply-To: <151879284474.4997.2807454511049646217@ietfa.amsl.com> Message-Id: X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 16:59:06 -0000 --Apple-Mail=_16412A47-CE3D-4C7A-A111-20CD6939D9B8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii In Section 5, the closing curly brace in the ASN.1 fragment is part of = the comment. OLD ECParameters ::=3D CHOICE {=09 namedCurve OBJECT IDENTIFIER=09 -- implicitCurve NULL=09 -- specifiedCurve SpecifiedECDomain } NEW ECParameters ::=3D CHOICE {=09 namedCurve OBJECT IDENTIFIER=09 -- implicitCurve NULL=09 -- specifiedCurve SpecifiedECDomain -- } Russ > On Feb 16, 2018, at 9:54 AM, internet-drafts@ietf.org wrote: >=20 >=20 > A New Internet-Draft is available from the on-line Internet-Drafts = directories. > This draft is a work item of the Limited Additional Mechanisms for = PKIX and SMIME WG of the IETF. >=20 > Title : Internet X.509 Public Key Infrastructure: = Additional SHAKE Algorithms and Identifiers for RSA and ECDSA > Authors : Panos Kampanakis > Quynh Dang > Filename : draft-ietf-lamps-pkix-shake-01.txt > Pages : 10 > Date : 2018-02-16 >=20 > Abstract: > This document describes the conventions for using the SHAKE family = of > hash functions in the Internet X.509 as one-way hash functions with > the RSA and ECDSA signature algorithms; the conventions for the > associated subject public keys are also described. Digital > signatures are used to sign messages, certificates and CRLs > (Certificate Revocation Lists). >=20 >=20 > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ >=20 > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-01 > https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-01 >=20 > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-01 >=20 >=20 > Please note that it may take a couple of minutes from the time of = submission > until the htmlized version and diff are available at tools.ietf.org. >=20 > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --Apple-Mail=_16412A47-CE3D-4C7A-A111-20CD6939D9B8 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii In Section 5, the closing curly brace in the ASN.1 fragment = is part of the comment.

OLD

  =  ECParameters ::=3D CHOICE {
      namedCurve OBJECT = IDENTIFIER =
  =     -- implicitCurve NULL
      -- specifiedCurve = SpecifiedECDomain }

NEW

  =  ECParameters ::=3D CHOICE {
      namedCurve OBJECT = IDENTIFIER =
  =     -- implicitCurve NULL
      -- specifiedCurve = SpecifiedECDomain -- }

Russ


On Feb 16, 2018, at 9:54 AM, internet-drafts@ietf.org wrote:


A New Internet-Draft is available from the on-line = Internet-Drafts directories.
This draft is a work item of = the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF.

=        Title =           : Internet = X.509 Public Key Infrastructure: Additional SHAKE Algorithms and = Identifiers for RSA and ECDSA
=        Authors =         : Panos Kampanakis
=             &n= bsp;           &nbs= p;Quynh Dang
Filename =        : = draft-ietf-lamps-pkix-shake-01.txt
Pages =           : 10
= Date =            : = 2018-02-16

Abstract:
=   This document describes the conventions for using the SHAKE = family of
  hash functions in the Internet = X.509 as one-way hash functions with
  the RSA = and ECDSA signature algorithms; the conventions for the
=   associated subject public keys are also described. =  Digital
  signatures are used to sign = messages, certificates and CRLs
  (Certificate = Revocation Lists).


The IETF = datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/

There are also htmlized versions = available at:
https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-01
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-sha= ke-01

A diff from the previous version is = available at:
https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake= -01


Please note that it may = take a couple of minutes from the time of submission
until = the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by = anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

= --Apple-Mail=_16412A47-CE3D-4C7A-A111-20CD6939D9B8-- From nobody Fri Feb 16 09:05:15 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AE341270FC for ; Fri, 16 Feb 2018 09:05:13 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.531 X-Spam-Level: X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47LmUpszBkVC for ; Fri, 16 Feb 2018 09:05:11 -0800 (PST) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F371126BFD for ; Fri, 16 Feb 2018 09:05:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1973; q=dns/txt; s=iport; t=1518800711; x=1520010311; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=hidkqdq5UfttWv1Yv+uEx0OG8pMLuaJ7xxjSzO7BBuo=; b=Ayv1H0KmSGGNTYx8igAuk52wb0OhTRRCOypbCDxO2suApJng25UyRiD/ p4L8GEthNV+Oprb8AGaVHTrdJIwgbnAfGba4ylxrtMsEfjRjN4YO5yhSc dwh4z29A5Zct2L2E819l1o+LGZlhb7PJldFvzecf9ScvoSqAAOvyvKGAx I=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A3AQDVDoda/4sNJK1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYNPZnAoCo1vjgWCAoEXlkmCFgoYC4UYAoJGVBgBAgEBAQEBAQJ?= =?us-ascii?q?rHQuFIwEBAQEDAQE4NBcEAgEIEQQBAR8JBycLFAkIAgQTCIoZEK9giH+CEwEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAR2FB4IogVeBaIMugzABAQIBAYFGhiMFmiyKCQk?= =?us-ascii?q?CiCKNXYIpZ4VDi36OBolsAhEZAYE7AR85gVFwFRkhgkMJgkodggZ4i1mBNIEZA?= =?us-ascii?q?QEB?= X-IronPort-AV: E=Sophos;i="5.46,520,1511827200"; d="scan'208";a="71267757" Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 17:05:09 +0000 Received: from XCH-RCD-008.cisco.com (xch-rcd-008.cisco.com [173.37.102.18]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id w1GH59Jl025648 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 16 Feb 2018 17:05:09 GMT Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-008.cisco.com (173.37.102.18) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 16 Feb 2018 11:05:08 -0600 Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1320.000; Fri, 16 Feb 2018 11:05:08 -0600 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-00.txt Thread-Index: AQHTp0aUudIBBlZ9lUSwH7BE5pGCg6OnQPsg Date: Fri, 16 Feb 2018 17:05:08 +0000 Message-ID: <952a7b7caa0d4b06a516e7da1c33ced6@XCH-ALN-010.cisco.com> References: <151879994128.1361.3716893145282339191@ietfa.amsl.com> In-Reply-To: <151879994128.1361.3716893145282339191@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.116.108.3] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-00.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 17:05:13 -0000 Hi all, This is the next iteration of draft-dang-lamps-cms-shakes-hash-00 after the= discussions in IETF 100. Basically, the changes are=20 * Various updates to title and section names. * Content changes filling in text and references. * Updates in the OIDS to reflect already allocated Identifiers.=20 More feedback is welcome. Rgs, Panos -----Original Message----- From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of internet-drafts@ie= tf.org Sent: Friday, February 16, 2018 11:52 AM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-00.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cr= yptographic Message Syntax (CMS) Authors : Quynh Dang Panos Kampanakis Filename : draft-ietf-lamps-cms-shakes-00.txt Pages : 9 Date : 2018-02-16 Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-00 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-00 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Fri Feb 16 09:14:58 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 108DC124C27 for ; Fri, 16 Feb 2018 09:14:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.53 X-Spam-Level: X-Spam-Status: No, score=-14.53 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-J01gN2EwXV for ; Fri, 16 Feb 2018 09:14:55 -0800 (PST) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46F481205F0 for ; Fri, 16 Feb 2018 09:14:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11502; q=dns/txt; s=iport; t=1518801295; x=1520010895; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=CHSgJIuvgUmTNsnuBYjI08bj6qXwjB5FdCvyWCyaUrI=; b=Q2ZN2B5BNS7dr6nIWu4FKh7kdBiVd5k38AA1F3NzdQzwKi0+toh5kyxY vII8cLUSQzcMAzNdF2uNzJXdJVqQWTWZYqaVysbR6L4Y5sJlbD1Ri1b8i NkDVo+sJVx6Te/0kOuO7H6mu84MToXGjwwvbg1BXJVdoopdzPAEED/GdE k=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ALAwAZEYda/4UNJK1cGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAYJadWZwKAqbdIICgReQbYVcghYKGAEKhRgCgkZVFwECAQE?= =?us-ascii?q?BAQEBAmsohSMBAQEBAwEBK0EbAgEIEQQBASgHJwsUCQgCBAESCIk1ZBCvToh?= =?us-ascii?q?/ghMBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhQeCKIFXgWiDLoMwAQECAQEXgS9?= =?us-ascii?q?dhUYFpDUJAogijV2CKWeFQ4t+jgaJbAIRGQGBOwEgATeBUXAVGSGCQwmCSh2?= =?us-ascii?q?CBniLWYE0gRkBAQE?= X-IronPort-AV: E=Sophos;i="5.46,520,1511827200"; d="scan'208,217";a="349954248" Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 17:14:54 +0000 Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id w1GHEs1I026088 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 16 Feb 2018 17:14:54 GMT Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 16 Feb 2018 11:14:53 -0600 Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1320.000; Fri, 16 Feb 2018 11:14:53 -0600 From: "Panos Kampanakis (pkampana)" To: Russ Housley , SPASM Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt Thread-Index: AQHTpzYMv5CxAuA6J0+txyXuSFu9BaOnpQ8A//+fikA= Date: Fri, 16 Feb 2018 17:14:53 +0000 Message-ID: <80a66d8b2f4545a0a2678c2722fe2fa2@XCH-ALN-010.cisco.com> References: <151879284474.4997.2807454511049646217@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.116.108.3] Content-Type: multipart/alternative; boundary="_000_80a66d8b2f4545a0a2678c2722fe2fa2XCHALN010ciscocom_" MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 17:14:58 -0000 --_000_80a66d8b2f4545a0a2678c2722fe2fa2XCHALN010ciscocom_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Ah right, good catch Russ. I updated the xml and it will be fixed in the ne= xt iteration. Thank you From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Russ Housley Sent: Friday, February 16, 2018 11:59 AM To: SPASM Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt In Section 5, the closing curly brace in the ASN.1 fragment is part of the = comment. OLD ECParameters ::=3D CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain } NEW ECParameters ::=3D CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain -- } Russ On Feb 16, 2018, at 9:54 AM, internet-drafts@ietf.org wrote: A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Addition= al SHAKE Algorithms and Identifiers for RSA and ECDSA Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-01.txt Pages : 10 Date : 2018-02-16 Abstract: This document describes the conventions for using the SHAKE family of hash functions in the Internet X.509 as one-way hash functions with the RSA and ECDSA signature algorithms; the conventions for the associated subject public keys are also described. Digital signatures are used to sign messages, certificates and CRLs (Certificate Revocation Lists). The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-01 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-01 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm --_000_80a66d8b2f4545a0a2678c2722fe2fa2XCHALN010ciscocom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Ah right, good catch Russ. I updated = the xml and it will be fixed in the next iteration.

Thank you

 

From: Spasm [mailto:spasm-bounces@ie= tf.org] On Behalf Of Russ Housley
Sent: Friday, February 16, 2018 11:59 AM
To: SPASM <spasm@ietf.org>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-01.txt<= o:p>

 

In Section 5, the closing curly brace in the ASN.1 f= ragment is part of the comment.

 

OLD

 

   ECParameters ::=3D CHOICE {         

      namedCurve OBJECT IDENTIFIER       

      -- implicitCurve NULL   

      -- specifiedCurve SpecifiedECDo= main }

 

NEW

 

   ECParameters ::=3D CHOICE {         

      namedCurve OBJECT IDENTIFIER       

      -- implicitCurve NULL   

      -- specifiedCurve SpecifiedECDo= main -- }

 

Russ

 

 

 


A New Internet-Draft is available from the on-line Internet-Drafts director= ies.
This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF.

       Title     &nb= sp;     : Internet X.509 Public Key Infrastructure= : Additional SHAKE Algorithms and Identifiers for RSA and ECDSA
       Authors     &= nbsp;   : Panos Kampanakis
            &nb= sp;            = Quynh Dang
       &n= bsp;    Filename       =  : draft-ietf-lamps-pkix-shake-01.txt
       &n= bsp;    Pages       &nb= sp;   : 10
       &n= bsp;    Date       &nbs= p;    : 2018-02-16

Abstract:
  This document describes the conventions for using the SHAKE fam= ily of
  hash functions in the Internet X.509 as one-way hash functions = with
  the RSA and ECDSA signature algorithms; the conventions for the=
  associated subject public keys are also described.  Digita= l
  signatures are used to sign messages, certificates and CRLs
  (Certificate Revocation Lists).


The IETF datatracker status page for this draft is:
h= ttps://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/

There are also htmlized versions available at:
http= s://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-01
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-01<= /a>

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-01<= br>

Please note that it may take a couple of minutes from the time of submissio= n
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet= -drafts/

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.or= g/mailman/listinfo/spasm

 

--_000_80a66d8b2f4545a0a2678c2722fe2fa2XCHALN010ciscocom_-- From nobody Fri Feb 16 09:24:52 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FBD3128C0A for ; Fri, 16 Feb 2018 09:24:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vs-1C_DmN9XL for ; Fri, 16 Feb 2018 09:24:49 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EC16124C27 for ; Fri, 16 Feb 2018 09:24:49 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 0A95430063B for ; Fri, 16 Feb 2018 12:24:47 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EPPUbhWuUZwe for ; Fri, 16 Feb 2018 12:24:44 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id AB75C3002AD; Fri, 16 Feb 2018 12:24:44 -0500 (EST) From: Russ Housley Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_A8B91E4D-8A1D-4DCD-A094-7F7AC2DBEA6F" Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Fri, 16 Feb 2018 12:24:45 -0500 In-Reply-To: <31F17EFC-2DE2-4614-BAC7-6822E7C152C5@kaloom.com> Cc: "spasm@ietf.org" To: Suresh Krishnan , Alexey Melnikov , Wei Chuang , Eric Rescorla References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com> <31F17EFC-2DE2-4614-BAC7-6822E7C152C5@kaloom.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 17:24:51 -0000 --Apple-Mail=_A8B91E4D-8A1D-4DCD-A094-7F7AC2DBEA6F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii >> The document already covers that: >>=20 >> 7. Security Considerations >>=20 >> Use of SmtpUTF8Mailbox for certificate subjectAltName (and >> issuerAltName) will incur many of the same security considerations = as >> in Section 8 in [RFC5280], but introduces a new issue by permitting >> non-ASCII characters in the email address local-part. This issue, = as >> mentioned in Section 4.4 of [RFC5890] and in Section 4 of = [RFC6532], >> is that use of Unicode introduces the risk of visually similar and >> identical characters which can be exploited to deceive the = recipient. >> The former document references some means to mitigate against these >> attacks. >>=20 >> I looked at RFC 6943. While it is a good document, I don't see an = obvious way of referencing it. There is so much material there unrelated = to Internationalization, so it is difficult to find a useful way of = referencing it. If you have some specific suggestions, please let me = know. >=20 > I thought of putting in a reference to Section 4.2. of RFC6943 could = be useful especially since I personally found the reference to [WEBER] = there very useful to understand the potential attacks. That said, maybe = that is only because I am a total outsider to this space and these could = be well understood attacks in the community that is the target of the = draft. I am fine to proceed without adding a reference. Thanks for = checking to see if this is covered. Where are we in resolving this comment. It seems to be the only thing = keeping this document from the RFC Editor Queue. Russ --Apple-Mail=_A8B91E4D-8A1D-4DCD-A094-7F7AC2DBEA6F Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii
The document already covers that:

7.  Security Considerations

  Use of SmtpUTF8Mailbox for certificate subjectAltName (and
  issuerAltName) will incur many of the same security considerations as
  in Section 8 in [RFC5280], but introduces a new issue by permitting
  non-ASCII characters in the email address local-part.  This issue, as
  mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532],
  is that use of Unicode introduces the risk of visually similar and
  identical characters which can be exploited to deceive the recipient.
  The former document references some means to mitigate against these
  attacks.

I looked at RFC 6943. While it is a good document, I don't see an obvious way of referencing it. There is so much material there unrelated to Internationalization, so it is difficult to find a useful way of referencing it. If you have some specific suggestions, please let me know.

I thought of putting in a reference to Section 4.2. of RFC6943 could be useful especially since I personally found the reference to [WEBER] there very useful to understand the potential attacks. That said, maybe that is only because I am a total outsider to this space and these could be well understood attacks in the community that is the target of the draft. I am fine to proceed without adding a reference. Thanks for checking to see if this is covered.

Where are we in resolving this comment.  It seems to be the only thing keeping this document from the RFC Editor Queue.

Russ

--Apple-Mail=_A8B91E4D-8A1D-4DCD-A094-7F7AC2DBEA6F-- From nobody Fri Feb 16 09:27:50 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95CEF1270FC for ; Fri, 16 Feb 2018 09:27:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIBxeA4p7VA9 for ; Fri, 16 Feb 2018 09:27:48 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71E2C124C27 for ; Fri, 16 Feb 2018 09:27:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 69BE630063A for ; Fri, 16 Feb 2018 12:27:46 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2rI03hcMGe0F for ; Fri, 16 Feb 2018 12:27:45 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 7F1EF3002AD; Fri, 16 Feb 2018 12:27:45 -0500 (EST) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: <37C69F85-C4F2-417C-A34D-4AFF1AE5F87D@vigilsec.com> Date: Fri, 16 Feb 2018 12:27:46 -0500 Cc: Eric Rescorla , SPASM To: Jim Schaad X-Mailer: Apple Mail (2.3273) Archived-At: Subject: [lamps] draft-ietf-lamps-rfc5750 and draft-ietf-lamps-rfc5751 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 17:27:50 -0000 Jim: These two documents are both waiting on updates to resolve comments from = the AD Review. Can this happen before the end of February? Russ From nobody Tue Feb 20 18:48:11 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B617127023 for ; Tue, 20 Feb 2018 18:48:09 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nqqvTGkoQU8 for ; Tue, 20 Feb 2018 18:48:07 -0800 (PST) Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBD551241F3 for ; Tue, 20 Feb 2018 18:48:07 -0800 (PST) Received: from [10.32.60.171] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id w1L2lewD048890 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 20 Feb 2018 19:47:43 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.171] From: "Paul Hoffman" To: "Michael Jenkins" Cc: spasm@ietf.org Date: Tue, 20 Feb 2018 18:48:02 -0800 X-Mailer: MailMate (1.10r5443) Message-ID: In-Reply-To: <863b6e71-c179-3856-9edf-28e8306031e4@tycho.ncsc.mil> References: <863b6e71-c179-3856-9edf-28e8306031e4@tycho.ncsc.mil> MIME-Version: 1.0 Content-Type: text/plain; format=flowed Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [lamps] Request for review of revised RFC 5759 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 02:48:09 -0000 On 31 Jan 2018, at 12:59, Michael Jenkins wrote: > The first draft updates RFC 5759, and addresses requirements for RFC = > 5280 compliant public-key certificates and CRLs that contain or = > reference algorithms in the CNSA suite. It is available at = > . = > We would appreciate any comments you might have regarding the draft, = > either via the mail-list or via direct reply. This looks good on its face. However, I would argue that the reference = [CNSA] is a normative reference: one cannot evaluate whether the = requirements in the draft match the requirements in [CNSA] without = reading and understanding [CNSA]. A big issue, however, is that [CNSA] points to: https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm I cannot read that document on any of my browsers because the = certificate used for TLS is invalid in current browsers, and attempting = to switch to the HTTP version redirects to the insecure HTTPS version. I know that this is not something that the authors can fix on their own, = but I would strongly object to the IETF moving this document forwards as = an RFC with a normative reference that no one can read without making = TLS changes in their browsers. Lots of US federal agencies have HTTPS = web sites that are readable by the general public; this should be no = different. --Paul Hoffman From nobody Wed Feb 21 07:45:04 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0252212D82F for ; Wed, 21 Feb 2018 07:45:02 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZxAJlYZGN-HX for ; Wed, 21 Feb 2018 07:44:58 -0800 (PST) Received: from upbd19pa08.eemsg.mail.mil (upbd19pa08.eemsg.mail.mil [214.24.27.83]) by ietfa.amsl.com (Postfix) with ESMTP id 530E012D7F5 for ; Wed, 21 Feb 2018 07:44:56 -0800 (PST) Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by upbd19pa08.eemsg.mail.mil with ESMTP/TLS/AES256-SHA; 21 Feb 2018 15:44:54 +0000 X-IronPort-AV: E=Sophos;i="5.46,543,1511827200"; d="scan'208";a="9613243" IronPort-PHdr: =?us-ascii?q?9a23=3ArNG5fhz+dzie7zTXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?2ukWIJqq85mqBkHD//Il1AaPAd2Araocw8Pt8InYEVQa5piAtH1QOLdtbDQizf?= =?us-ascii?q?ssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1?= =?us-ascii?q?JuPoEYLOksi7ze+/94HdbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeu?= =?us-ascii?q?BWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbO?= =?us-ascii?q?SxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiS?= =?us-ascii?q?cIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyaOuB+fqfAdt0EQ2RPUNtaWyhYDo6y?= =?us-ascii?q?a4YDCuwMNvtaoYbgvVsDtQawCxeiBO3vyTFGiHH50qI43Os9Hg/LxxAgEtEUvX?= =?us-ascii?q?jIsNn4OqUfXOaox6fI1zXDaPZW1C/65ojJbh8hoeuDUqx0ccHMzUcgCQXFjlaR?= =?us-ascii?q?qYzjJDOey+MAs22Z7+piS+2vjW0nqwBqrzizxsYjlonJhoUPxlDC6Sp525o6Kc?= =?us-ascii?q?e9SE56Zd6pCZ1dvDyUOYtxR8MtWWBouCAix70Hp5G7YCYKxI4gxx7FZPyLa4mI?= =?us-ascii?q?7Qj+W+qLLjd4g2xldKqiiBaz6kiv0PfwVsy10FZOqCdOj9rCtmgV2hDO5cWKRe?= =?us-ascii?q?Fx80e81TqVyQze5f9ILVopmafdNpUv2KQ/loAJvkTGBiL2nUL2g7KIeUg84eio?= =?us-ascii?q?7vjnYq3hpp+BK494kgH+Pboqmsy4Gek4LhIBX3Ka+eShz73v51H5QbVWgf02la?= =?us-ascii?q?nVqpbaKtgApqGlGQNV14cj6xKnAzen1tQXg2UHIUpYdB+IgIXlIVHDLO3iAfuh?= =?us-ascii?q?jFmgji1ny+3eMr3kGJrNL3zDkLn7fbZ67k5R0A8zzdJd551KDLEBI/PzV1TttN?= =?us-ascii?q?3YEhA5Mwu0z/zhCNphzYMRRXiDAqqYMKPWqVOI/P4gI/GQZI8JvzbwM+Al6OTz?= =?us-ascii?q?jX89g1Mdfa6p3ZUZaHC9BPtmJV6UYWT0gtcHDWgGpA0+TPbliFeaSz5ce26yX7?= =?us-ascii?q?4g5jE8EI+mFp/DSZq2gLyExyq7H4NZZnxIClyWFnfobYqECL8wb3eqK9Jl2hwD?= =?us-ascii?q?W7akQolpgQmnqQu8y71pIO/d/AUGrZTokt9v6LuAuws18GlRDs+d2myJB0N5mG?= =?us-ascii?q?AJQSR+iKV9o0F7yVarzblzg/seE9dI7LVMUwNsZs2U9PBzF92nAlGJRdyOUlvz?= =?us-ascii?q?B4z9UDw=3D?= X-IPAS-Result: =?us-ascii?q?A2CSAwBsk41a/wHyM5BdGgEBAQEBAgEBAQEIAQEBAYNPZnA?= =?us-ascii?q?og2iYHUIBAQEBAQEGgTSBF5hgL4UPAoJ4WBQBAgEBAQEBAQIBaiiCOCQBgkcBB?= =?us-ascii?q?SMPAQVBEAsYAgImAgJXBg0IAQGKEg0Qqh2CJ4UAg3uCEwEBAQEBAQEDAQEBAQE?= =?us-ascii?q?BAQEbBYEPhAKCJ4EPgi8pgwWBMIIAAQGBUQEBgzWCZQWTaoZFigwJiCeNZoIgi?= =?us-ascii?q?kCHZXCNGYtZNiKBUTMaCDA6gkOFFCM3AYpVgj4BAQE?= Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 21 Feb 2018 15:44:52 +0000 Received: from rd2ul-48143y.infosec.tycho.ncsc.mil (rd2ul-48143y [192.168.26.149]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id w1LFioB4012715; Wed, 21 Feb 2018 10:44:51 -0500 To: Paul Hoffman Cc: spasm@ietf.org References: <863b6e71-c179-3856-9edf-28e8306031e4@tycho.ncsc.mil> From: Michael Jenkins Message-ID: Date: Wed, 21 Feb 2018 10:44:50 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [lamps] [Non-DoD Source] Re: Request for review of revised RFC 5759 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 15:45:02 -0000 Paul, Good point. And... grr. This is a problem we stumble over infrequently but painfully. You can load the US DOD roots from to make it work, but we realize that's not acceptable. We're working this issue and will respond in the next few days (and bump the draft with a corrected reference). Thanks for the review. On 02/20/2018 09:48 PM, Paul Hoffman wrote: > On 31 Jan 2018, at 12:59, Michael Jenkins wrote: > >> The first draft updates RFC 5759, and addresses requirements for RFC >> 5280 compliant public-key certificates and CRLs that contain or >> reference algorithms in the CNSA suite. It is available at >> . >> We would appreciate any comments you might have regarding the draft, >> either via the mail-list or via direct reply. > > This looks good on its face. However, I would argue that the reference > [CNSA] is a normative reference: one cannot evaluate whether the > requirements in the draft match the requirements in [CNSA] without > reading and understanding [CNSA]. > > A big issue, however, is that [CNSA] points to: >    https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm > I cannot read that document on any of my browsers because the > certificate used for TLS is invalid in current browsers, and > attempting to switch to the HTTP version redirects to the insecure > HTTPS version. > > I know that this is not something that the authors can fix on their > own, but I would strongly object to the IETF moving this document > forwards as an RFC with a normative reference that no one can read > without making TLS changes in their browsers. Lots of US federal > agencies have HTTPS web sites that are readable by the general public; > this should be no different. > > --Paul Hoffman > From nobody Thu Feb 22 10:18:13 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C43F12D88F for ; Thu, 22 Feb 2018 10:18:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QpnfP_cmPhXn for ; Thu, 22 Feb 2018 10:18:10 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A951512D94C for ; Thu, 22 Feb 2018 10:18:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 9652F300A03 for ; Thu, 22 Feb 2018 13:18:07 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id n_0ifJFTgiOH for ; Thu, 22 Feb 2018 13:18:06 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id C6687300481 for ; Thu, 22 Feb 2018 13:18:06 -0500 (EST) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: Date: Thu, 22 Feb 2018 13:18:07 -0500 To: SPASM X-Mailer: Apple Mail (2.3273) Archived-At: Subject: [lamps] DRAFT Agenda for LAMPS Session at IETF 101 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 18:18:11 -0000 Please review and comment. The authors tell me that there will be an Internet-Draft for rfc6844bis = before the cut-off date for IETF 101. Russ =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D LAMPS WG Agenda 0) Minute Taker, Jabber Scribe, Bluesheets 1) Agenda Bash 2) Documents in the RFC Editor's Queue a) draft-ietf-lamps-rfc5280-i18n-update b) draft-ietf-lamps-eai-addresses 3) Documents that have been sent to the IESG a) draft-ietf-lamps-rfc5750-bis (Jim) b) draft-ietf-lamps-rfc5751-bis (Jim) 4) Active Working Group Documents a) rfc6844bis (Jacob and Phillip) b) draft-ietf-lamps-pkix-shake (Panos and Quynh) c) draft-ietf-lamps-cms-shakes (Quynh and Panos) 5) Wrap Up From nobody Thu Feb 22 10:19:32 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08715127876 for ; Thu, 22 Feb 2018 10:19:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfNd1LwQZbWu for ; Thu, 22 Feb 2018 10:19:29 -0800 (PST) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C0F0127871 for ; Thu, 22 Feb 2018 10:19:29 -0800 (PST) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1MIGhuF000984; Thu, 22 Feb 2018 18:19:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=ezrFtPbxfmf2jVoj+U7g3cn2FS+uFxtKmrfCqd73H+s=; b=kwXdrGQQY8pvQyN+lDGjSkUNmyL4gv6x7CqwManzQRamS9sxqE8SOrKr6wfNTCkj0F+p jSvCao+2qOMEQ5Kls2IVwn3KsV5mBM+Izas4UW1ny24yA05hFqXeEGjGU/XdHcqEhIf2 cFgNo1Sv6UaqTPEqhWq8aiBak7mIG8x0CvltPrrGOjAH/Y9FkHtEwfCkbmlGe4AJTGl1 kRn0+UUvdgqTh9FseTgGY174FNgvuZhKaZ6vULWgioCu+mOXgJyoLSt+fKVd70iIkLIj dEp3SBa6WFdQHWqT/hEwW48ltAAooOL677ox5VG0i8RBn58r4wCCQKuF6WEqzOhI2qX2 Ow== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050102.ppops.net-00190b01. with ESMTP id 2ga1fgr9ux-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 22 Feb 2018 18:19:27 +0000 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w1MIFXBs002500; Thu, 22 Feb 2018 13:19:27 -0500 Received: from email.msg.corp.akamai.com ([172.27.25.32]) by prod-mail-ppoint1.akamai.com with ESMTP id 2g6gkygpkc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Feb 2018 13:19:26 -0500 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb4.msg.corp.akamai.com (172.27.27.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 22 Feb 2018 12:19:24 -0600 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1263.000; Thu, 22 Feb 2018 12:19:23 -0600 From: "Salz, Rich" To: Russ Housley , SPASM Thread-Topic: [lamps] DRAFT Agenda for LAMPS Session at IETF 101 Thread-Index: AQHTrAmDmci6t79tLEGrl7tTveMH+aOwzASA Date: Thu, 22 Feb 2018 18:19:23 +0000 Message-ID: <1153EA1D-5A6C-4EFB-86F5-8DAD45D64909@akamai.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.a.0.180210 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.37.197] Content-Type: text/plain; charset="utf-8" Content-ID: <2CCE16A1A8D9E04FA2DAA43F7E290AA3@akamai.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-22_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=769 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802220229 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-22_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=722 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802220229 Archived-At: Subject: Re: [lamps] DRAFT Agenda for LAMPS Session at IETF 101 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 18:19:31 -0000 ICAgICAgICBiKSAgZHJhZnQtaWV0Zi1sYW1wcy1wa2l4LXNoYWtlIChQYW5vcyBhbmQgUXV5bmgp DQogICAgICAgIGMpICBkcmFmdC1pZXRmLWxhbXBzLWNtcy1zaGFrZXMgKFF1eW5oIGFuZCBQYW5v cykNCg0KRnJpY2sgYW5kIEZyYWNrLg0KRnJhY2sgYW5kIEZyaWNrLg0KDQpIYS4NCg0KDQo= From nobody Fri Feb 23 07:54:34 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5094512E85E; Fri, 23 Feb 2018 07:54:27 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.72.3 Auto-Submitted: auto-generated Precedence: bulk Cc: spasm@ietf.org, lamps-chairs@ietf.org, The IESG MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <151940126732.24047.14743796048638625633.idtracker@ietfa.amsl.com> Date: Fri, 23 Feb 2018 07:54:27 -0800 Archived-At: Subject: [lamps] WG Action: Rechartered Limited Additional Mechanisms for PKIX and SMIME (lamps) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 15:54:27 -0000 The Limited Additional Mechanisms for PKIX and SMIME (lamps) WG in the Security Area of the IETF has been rechartered. For additional information, please contact the Area Directors or the WG Chair. Limited Additional Mechanisms for PKIX and SMIME (lamps) ----------------------------------------------------------------------- Current status: Active WG Chairs: Russ Housley Assigned Area Director: Eric Rescorla Security Area Directors: Kathleen Moriarty Eric Rescorla Mailing list: Address: spasm@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/spasm Archive: https://mailarchive.ietf.org/arch/browse/spasm/ Group page: https://datatracker.ietf.org/group/lamps/ Charter: https://datatracker.ietf.org/doc/charter-ietf-lamps/ The PKIX and S/MIME Working Groups have been closed for some time. Some updates have been proposed to the X.509 certificate documents produced by the PKIX Working Group and the electronic mail security documents produced by the S/MIME Working Group. The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working Group is chartered to make updates where there is a known constituency interested in real deployment and there is at least one sufficiently well specified approach to the update so that the working group can sensibly evaluate whether to adopt a proposal. Having completed the S/MIME 4.0 specifications and updates to support i18n email addresses in PKIX certificates, the LAMPS WG is now tackling these topics: 1. Specify a discovery mechanism for CAA records to replace the one described in RFC 6844. 2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME. RFC 6844 describes the mechanism by which CAA records relating to a domain are discovered. Implementation experience has demonstrated an ambiguity in the current processing of CNAME and DNAME records during discovery. Subsequent discussion has suggested that a different discovery approach would resolve limitations inherent in the current approach. Unlike the previous hashing standards, the SHA-3 family of functions are the outcome of an open competition. They have a clear design rationale and have received a lot of public analysis, which gives great confidence that the SHA-3 family of functions are secure. Also, since SHA-3 uses a very different construction from SHA-2, the SHA-3 family of functions offers an excellent alternative. In particular, SHAKE128/256 and SHAKE256/512 offer security and performance benefits. In addition, the LAMPS Working Group may investigate other updates to the documents produced by the PKIX and S/MIME Working Groups, but the LAMPS Working Group shall not adopt any of these potential work items without rechartering. Milestones: Apr 2018 - Adopt a draft for rfc6844bis Apr 2018 - Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512 Apr 2018 - Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512 Apr 2018 - rfc6844bis sent to IESG for standards track publication Sep 2018 - SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for standards track publication Sep 2018 - SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for standards track publication From nobody Fri Feb 23 17:44:29 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 187AF1267BB for ; Fri, 23 Feb 2018 17:44:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.01 X-Spam-Level: X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPes9qx_ecj0 for ; Fri, 23 Feb 2018 17:44:26 -0800 (PST) Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 300C7124D37 for ; Fri, 23 Feb 2018 17:44:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Message-ID:Subject:From:To; bh=2UnM/sD3SoBpNrY84A8w6s/YeaMAruSehgaxZ/hL1TU=; b=aPP2mNKewy7dEfLx4ELntWXJhLRySlWl2tL0TU3cuV8eg9LmPkeTXPZtYmrqyYBoRL52cN4WOxuhDU1fxjoi7nvPgS1NDQuiyz4WO3gnj5lpbSC1thsfDfMhNIU35ne0tj/Zl2JEWioUYiP29d6R2RCkXyvJXpgjZQDkqVgbZpo=; Received: ; Fri, 23 Feb 2018 17:44:21 -0800 To: spasm@ietf.org, Russ Housley From: Jacob Hoffman-Andrews Message-ID: <8dada937-3c1f-5516-ca51-f37d40aee3d4@eff.org> Date: Fri, 23 Feb 2018 17:44:25 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: [lamps] New CAA draft and call for adoption X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 01:44:28 -0000 I've uploaded a new revision (-03) of my caa-simplification draft for 6844bis: https://datatracker.ietf.org/doc/draft-hoffman-andrews-caa-simplification/. This is just editorial fixes and tidying up of the references. Russ, could you do a Call for Adoption on this draft? Thanks, Jacob From nobody Sat Feb 24 11:26:38 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B05901200B9; Sat, 24 Feb 2018 11:26:36 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Secretariat To: , , , X-Test-IDTracker: no X-IETF-IDTracker: 6.72.4 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> Date: Sat, 24 Feb 2018 11:26:36 -0800 Archived-At: Subject: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 19:26:37 -0000 The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state Candidate for WG Adoption (entered by Russ Housley) The document is available at https://datatracker.ietf.org/doc/draft-hoffman-andrews-caa-simplification/ Comment: Should this document be adopted by the LAMPS WG as the starting point for rfc6844bis? From nobody Sat Feb 24 11:28:26 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9FB012D778 for ; Sat, 24 Feb 2018 11:28:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bDh8dy4f3Lkh for ; Sat, 24 Feb 2018 11:28:23 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8D431200B9 for ; Sat, 24 Feb 2018 11:28:23 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 83A53300A01 for ; Sat, 24 Feb 2018 14:28:21 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id r3tTo25geow1 for ; Sat, 24 Feb 2018 14:28:20 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id A3FDD30044B for ; Sat, 24 Feb 2018 14:28:20 -0500 (EST) From: Russ Housley Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Message-Id: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> Date: Sat, 24 Feb 2018 14:28:21 -0500 To: SPASM X-Mailer: Apple Mail (2.3273) Archived-At: Subject: [lamps] Adoption call for draft-hoffman-andrews-caa-simplification X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 19:28:25 -0000 Should draft-hoffman-andrews-caa-simplification be adopted by the LAMPS = WG as the starting point for rfc6844bis? Please voice you opinion by March 10th. Russ From nobody Sat Feb 24 12:13:44 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BFF21241F3 for ; Sat, 24 Feb 2018 12:13:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nj9LhcIO06rd for ; Sat, 24 Feb 2018 12:13:42 -0800 (PST) Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B73B120454 for ; Sat, 24 Feb 2018 12:13:42 -0800 (PST) Received: by mail-qk0-x22a.google.com with SMTP id y137so14817712qka.4 for ; Sat, 24 Feb 2018 12:13:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K6q7P2OyYlGWknTGsorvdTTStsJo5Xk1tuD03bDESwg=; b=Ai0TGEge+9hnFB94hCRcHrRTSLFwev9oOP3nJCvmzie+JTmGe248h/7KcvVa7hf/xO 93Y9Nz/2ZqHYu1lczyOENdeOnqb0Ea0uRIsHNrNaUB6tF7aVEbBCm4/mwtOOcBmhZtIK E+MPE59P1NLSObgYqPeO04sF+lHiMtet9lTNA5aZSk8VMDFBciyHlkL5iTd4gGvxmkAP MrVLf62uT4juOlWhwnoaRH5xefohwyw24mbHQVnzSJcPOOOT/5Zcsg3d17oM2wvNR9TZ LTOvp7kd2KKQYnEQvYNXwF6HQRZzyCzuiDdxtejgmA8ANuA30/Q2sCxIsT8xMoXKKYTc JocA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K6q7P2OyYlGWknTGsorvdTTStsJo5Xk1tuD03bDESwg=; b=GrkxBU/aijMl3S7SNvtBttwHZuAilIVW9yv70x3+y0tbLE6StGey/wizhlZYQB41tv uyyU2Pz+5B0PXZHxAiZKUSgQE+Snpb02PJz7k9PimlSDqem3kir3kBfa35X791vSEjtn xFDURIUZBBdOYnoinvqWpne4ewOy/2+sI6trVshN+wXpbiT7y6iT4G0s/MFh6hSp6Bpu tikhIyW2hz3Rgqk+6iZQzUD/d+QzrB+ImmAezFvNHeVS553yhrL682GsIfB/j7ggCOxH aGBwqDrpKtl2ix9HQfC7QatDx987wqPS+a0JLOP6H48766LRq7b3zzVp+ZjrD7oet1Nw w37Q== X-Gm-Message-State: APf1xPAfB0Xro+tBf8VOVmNcZ6HNx7PIFlL1GvflLKBALaEAsLKF0u5x tj3sSz7wUnSU+e9WTxal7h7F9X/bDmLyEg5NVA76LLqm X-Google-Smtp-Source: AG47ELv5VotfQfO3IGXbxh0CINkdrMxcuIeU+/dA7kXE/KoIKbdlghmJ/o7l52cmyJnzy7VxBaapmugfX0Qd1OsgwHM= X-Received: by 10.55.43.220 with SMTP id r89mr9266294qkr.152.1519503221132; Sat, 24 Feb 2018 12:13:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.37.176 with HTTP; Sat, 24 Feb 2018 12:13:00 -0800 (PST) In-Reply-To: References: <151564026499.22453.4457143592887035396.idtracker@ietfa.amsl.com> <1515687117.1257366.1232046744.30F6CC88@webmail.messagingengine.com> <39EBFE0E-F7D5-4257-9254-CEC8D15C4435@kaloom.com> <1518431987.1831236.1267758584.2A4EF883@webmail.messagingengine.com> <31F17EFC-2DE2-4614-BAC7-6822E7C152C5@kaloom.com> From: Eric Rescorla Date: Sat, 24 Feb 2018 12:13:00 -0800 Message-ID: To: Russ Housley Cc: Suresh Krishnan , Alexey Melnikov , Wei Chuang , "spasm@ietf.org" Content-Type: multipart/alternative; boundary="001a1149442cbb1aba0565fae96e" Archived-At: Subject: Re: [lamps] Suresh Krishnan's No Objection on draft-ietf-lamps-eai-addresses-15: (with COMMENT) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 20:13:43 -0000 --001a1149442cbb1aba0565fae96e Content-Type: text/plain; charset="UTF-8" I tend to agree with Suresh that a reference here would help. Could we just have something like "See [] for more on security issues with Unicode" On Fri, Feb 16, 2018 at 9:24 AM, Russ Housley wrote: > The document already covers that: > > 7. Security Considerations > > Use of SmtpUTF8Mailbox for certificate subjectAltName (and > issuerAltName) will incur many of the same security considerations as > in Section 8 in [RFC5280], but introduces a new issue by permitting > non-ASCII characters in the email address local-part. This issue, as > mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532], > is that use of Unicode introduces the risk of visually similar and > identical characters which can be exploited to deceive the recipient. > The former document references some means to mitigate against these > attacks. > > I looked at RFC 6943. While it is a good document, I don't see an obvious > way of referencing it. There is so much material there unrelated to > Internationalization, so it is difficult to find a useful way of > referencing it. If you have some specific suggestions, please let me know. > > > I thought of putting in a reference to Section 4.2. of RFC6943 could be > useful especially since I personally found the reference to [WEBER] there > very useful to understand the potential attacks. That said, maybe that is > only because I am a total outsider to this space and these could be well > understood attacks in the community that is the target of the draft. I am > fine to proceed without adding a reference. Thanks for checking to see if > this is covered. > > > Where are we in resolving this comment. It seems to be the only thing > keeping this document from the RFC Editor Queue. > > Russ > > --001a1149442cbb1aba0565fae96e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I tend to agree with Suresh that a reference here would he= lp. Could we just have something like=C2=A0
"See [] for more on se= curity issues with Unicode"


On Fri, Feb 16, 2018 at 9:24 AM, = Russ Housley <housley@vigilsec.com> wrote:
The document already covers that:

7. =C2=A0Security Considerations

=C2=A0=C2=A0Use of SmtpUTF8Mailbox for certificate subjectAltName (and
=C2=A0=C2=A0issuerAltName) will incur many of the same security considerations as
=C2=A0=C2=A0in Section 8 in [RFC5280], but introduces a new issue by permitting =C2=A0=C2=A0non-ASCII characters in the email address local-part.=C2=A0 This issue, as =C2=A0=C2=A0mentioned in Section 4.4 of [RFC5890] and in Section 4 of [RFC6532],
=C2=A0=C2=A0is that use of Unicode introduces the risk of visually similar and
=C2=A0=C2=A0identical characters which can be exploited to deceive the recipient.
=C2=A0=C2=A0The former document references some means to mitigate against these
=C2=A0=C2=A0attacks.

I looked at RFC 6943. While it is a good document, I don't see an obviou= s way of referencing it. There is so much material there unrelated to Inter= nationalization, so it is difficult to find a useful way of referencing it.= If you have some specific suggestions, please let me know.

I thought of putting in a reference to Section 4.2. of RFC6943 could be use= ful especially since I personally found the reference to [WEBER] there very= useful to understand the potential attacks. That said, maybe that is only = because I am a total outsider to this space and these could be well understood attacks in the community tha= t is the target of the draft. I am fine to proceed without adding a referen= ce. Thanks for checking to see if this is covered.

Where are we in resolving th= is comment.=C2=A0 It seems to be the only thing keeping this document from = the RFC Editor Queue.
<= div>
Russ


--001a1149442cbb1aba0565fae96e-- From nobody Sat Feb 24 13:25:19 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF003124B18 for ; Sat, 24 Feb 2018 13:25:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nomountain-net.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8F1S1pcff_I for ; Sat, 24 Feb 2018 13:25:16 -0800 (PST) Received: from mail-pl0-x236.google.com (mail-pl0-x236.google.com [IPv6:2607:f8b0:400e:c01::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1BB3124BE8 for ; Sat, 24 Feb 2018 13:25:16 -0800 (PST) Received: by mail-pl0-x236.google.com with SMTP id f23so6988171plr.10 for ; Sat, 24 Feb 2018 13:25:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nomountain-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=CFGPbRBZYaMlbLdNq0itySCmE49o0I86TNIhOHrnPis=; b=lvB7QGhi7qA/x0aV7OmDR0OFckUuYdIWSoPZV/Dx9nrdPT56KjVk6scSZ2OvL0UJ69 m7Tk/fmLiA+Br9gbyh3UGiCNMkG/iVirzissDIDvad9KOupbMlRx3vDWXVz4fatVV9YG dlX6XdqLYAn7LQTz4Soy0U7cPD+Nxr7gsNNxA9chUmExXsoSByJEvdN2Poi+mHJxd0Fh h/2sutBVHFHbLmHNLcBxwVJORgKvb1z4hIlglu3chV9g6kQiGxLOKjOIF0ItHko+C+jA bFkrDClfsYyYhd8FoSBDeToKsjYUjAotnJjPaee4V+vstkGcneS8X2OCacaH3LkiyWo5 8asA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=CFGPbRBZYaMlbLdNq0itySCmE49o0I86TNIhOHrnPis=; b=LSJa6p76yM9DGaZWI1Xr0o8tLEdSGMAyf5JskxfmlQSuarC1RWywl/I7Vb61oXdEs5 h2IP2NXijJ3czvCIrOqrH3rbnLntehfZeVIL0sSIahMYBW8KUgpJJWnMW05OZQMGJD9H h51OyxzcZM4cyTujqoBgTQKQ9OKpv6snJVEJ7suT059d5OiLniTvNp0KPhoNiCBCPNMV 7OjKAd6yH/iyEw1+j+CRPXwYXUHRd7YGYNdFSmbK5G3TanWSzPgw3LjEaPrMlgkIe9sg mshGyTm6fd0hDOlmSm7q92504DEHxyVsmB+nfpwbvkvz6dekaTibRU9vhX7ql2ICjBAz TWoQ== X-Gm-Message-State: APf1xPD+YPzrzFxn/XacV5mydfsTNYdODscg1hOv0La9HHNxNnsWZUIR xTrLrTaKlnSmAxCGGm84J0ApAK0= X-Google-Smtp-Source: AH8x224C/AiIJS2M4v6416l7iJAkt0h41WXbNiBpsYLhJRibpcWJfbAyxyFxn0r2s7sXnEspz3B90g== X-Received: by 2002:a17:902:a985:: with SMTP id bh5-v6mr5804255plb.230.1519507515839; Sat, 24 Feb 2018 13:25:15 -0800 (PST) Received: from aspen.local (216-67-74-230-radius.dynamic.acsalaska.net. [216.67.74.230]) by smtp.gmail.com with ESMTPSA id d12sm10125843pfn.42.2018.02.24.13.25.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Feb 2018 13:25:15 -0800 (PST) To: spasm@ietf.org References: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> From: Melinda Shore Message-ID: <3f2ebbf5-d9e0-50fc-96fe-5442cdf3b545@nomountain.net> Date: Sat, 24 Feb 2018 12:25:12 -0900 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Fc4nLrKJGeSemkthhcgIan6jhLn0XmWNV" Archived-At: Subject: Re: [lamps] Adoption call for draft-hoffman-andrews-caa-simplification X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2018 21:25:18 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Fc4nLrKJGeSemkthhcgIan6jhLn0XmWNV Content-Type: multipart/mixed; boundary="660cJ6SKKedCAcYCfqhsKYvI8slozq416"; protected-headers="v1" From: Melinda Shore To: spasm@ietf.org Message-ID: <3f2ebbf5-d9e0-50fc-96fe-5442cdf3b545@nomountain.net> Subject: Re: [lamps] Adoption call for draft-hoffman-andrews-caa-simplification References: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> In-Reply-To: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> --660cJ6SKKedCAcYCfqhsKYvI8slozq416 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2/24/18 10:28 AM, Russ Housley wrote: > Should draft-hoffman-andrews-caa-simplification be adopted by the > LAMPS WG as the starting point for rfc6844bis? Yes. Thanks to the authors for adding a deployment considerations section. Melinda --=20 Software longa, hardware brevis PGP fingerprint: 4F68 2D93 2A17 96F8 20F2 34C0 DFB8 9172 9A76 DB8F --660cJ6SKKedCAcYCfqhsKYvI8slozq416-- --Fc4nLrKJGeSemkthhcgIan6jhLn0XmWNV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJRBAEBCgA7FiEET2gtkyoXlvgg8jTA37iRcpp2248FAlqR2DgdHG1lbGluZGEu c2hvcmVAbm9tb3VudGFpbi5uZXQACgkQ37iRcpp2248Ubg//X/qvFhDL503DgwET rGSjUNEAa2P8zQdOLy6RVs9vMZggJ9xcsUj1dkpx8Lk/kp7ux4PoXzPJxxYeGMY/ CcwLDo6IIpVc+aPz9+H9wHzDZmIK7SEg9apR9lrzVR1WPd7aVgJC22gabqJ2FTtW wew6kjP1MYz3HxvBkbh2yAIEZnGHPLh5IlDlPhEMIxEEQK3nuwGQpGulgFbu98aW bBDP2wdvu4nAD0GRFDGk2dFKstgl6wLD6Wh/MnSTsbNs255vZV583/7Kla4rDDXL UrtwAUI9/jzoSJxaBc7WBVAyDLpGjqKNIlfGG5gHhKnhUjGZjEzvpoRIqdmadF2I Gs9OgwXwWK483p1lwnFCU5alom5yt/EjzBGt70Xs+EwrImfBibZg0EzrdvaCYbry se0TG/3PBKf6T9jiYqlGccDsHsUBN3mXLThGYbgikL61lU7aKHTzxa3IrF79Tm8Y 5Ju36nGiHs1fPN9KO51/nH1pmfT/A453Sfe5r87Foaiv2R8XZQTWo8T88Oo6w0IF Qg/mm3hRbVOjMccwABe4u+vqrULgs8UP+e+jiib8hcOTOSH161siXWiUNZ5quRPP 1eMlqMiD+r4WeixZLpyA8q6BiuMqLue7Zi+lGFVSQ9mp9WvT696sBJIGrdP8YpuK DD0EMegBwhsBlnHqDBMSTTS0yLA= =+jHV -----END PGP SIGNATURE----- --Fc4nLrKJGeSemkthhcgIan6jhLn0XmWNV-- From nobody Sat Feb 24 23:18:31 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F253D1267BB for ; Sat, 24 Feb 2018 23:18:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tzIYbjCeWZjK for ; Sat, 24 Feb 2018 23:18:28 -0800 (PST) Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30A631241FC for ; Sat, 24 Feb 2018 23:18:28 -0800 (PST) Received: by mail-qk0-x22e.google.com with SMTP id d206so15645011qkb.3 for ; Sat, 24 Feb 2018 23:18:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fK2JLhHHXtg1oPDd7fDicio1gqpJod5TPJ6/HyH/N8w=; b=rbW8XZbKogfgHfl812ArDcpfSPQgud7tc9owBih/1287ppeXfaUOF6wlGwyICHaZNg 7x/jgqorhkeukjtXoSZB+7AvmnJ0j4VOvGnfu9vxmXFPQhvsE3Y92XLwc5IIJ4cB8uC5 Fvtx6B8Yx7T20lq0GlcCEgG4rTP539LgWTBsRbHisWeKiQfQ8RMaE0qnMavOQQHJGHaH 4shM4Fs61jV/nDOtHbUsDcfLgLFCGDAwlyqDrrsUS+9H+sGrbrve4QkF7E6IvHNKgsop DXGzoGXBXy0SWYWEUpjmU7HOPOwu55n/doBUzHcHdKqSjJ0xLLBt7P8hnXl8NtHoSuSe O0uA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fK2JLhHHXtg1oPDd7fDicio1gqpJod5TPJ6/HyH/N8w=; b=Czb/gT+88+263f1FXF7TUTmPldpe80uPPtoAEPAXUuKm7L2M1rzIS6gJyHLHA7+2nE obujMVgUgmxSEDh+Gm+YYC9HCek0v6mwW7PBYKSuN1V5amhIq1L9te9E1rw9a+ISRoSw /khH0l83Kd/ZtcehdM+7NVbWZFSa85dcRE4YA9T0C90/1kx3mSSvIVyxaShN168/oHP2 hAwXo4bzzDY0SvQqhtSxmZ8c9JxVTKUwMWLSKCc5lM93QDnp4X1FpB4gYsPhxxGdJEoI qe5MviLHHNgiM4cfpm4Z5FNrQDDU9kSk0diXf/mp76kA7DCRgHDrwzJ2XejR+lfpo5CZ a8NQ== X-Gm-Message-State: APf1xPCBT3y1o7/VaNmKvdq1JrewF2Tha10jFejbE2a4j6gCb5XBg0Oo mgYBWADDGtVXL3XlSBeLzaloyS43 X-Google-Smtp-Source: AG47ELt4W8FQ4zzUaw5sJ9Ls/7yEIb5rqFo+SKosd1Q6rvx4gzSK9mMj1gptchGSrHFWssu4NX/RdQ== X-Received: by 10.55.160.129 with SMTP id j123mr10575211qke.319.1519543107375; Sat, 24 Feb 2018 23:18:27 -0800 (PST) Received: from [192.168.1.46] (184-15-230-94.dsl2.chtn.wv.frontiernet.net. [184.15.230.94]) by smtp.gmail.com with ESMTPSA id l10sm4029363qta.60.2018.02.24.23.18.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Feb 2018 23:18:26 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) From: Tim Wicinski X-Mailer: iPhone Mail (15D100) In-Reply-To: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> Date: Sun, 25 Feb 2018 02:18:24 -0500 Cc: SPASM Content-Transfer-Encoding: quoted-printable Message-Id: <36F44DDB-A9BA-4C01-A84C-99301274DF50@gmail.com> References: <588FD7CB-1D4D-4EBA-8CC0-B671BF871359@vigilsec.com> To: Russ Housley Archived-At: Subject: Re: [lamps] Adoption call for draft-hoffman-andrews-caa-simplification X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Feb 2018 07:18:30 -0000 Yes and am signing up for reviews etc.=20 Tim =46rom my high tech gadget > On Feb 24, 2018, at 14:28, Russ Housley wrote: >=20 > Should draft-hoffman-andrews-caa-simplification be adopted by the LAMPS WG= as the starting point for rfc6844bis? >=20 > Please voice you opinion by March 10th. >=20 > Russ >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Mon Feb 26 06:46:45 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6125E12D77C; Mon, 26 Feb 2018 06:46:44 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTfedB4YKBZB; Mon, 26 Feb 2018 06:46:37 -0800 (PST) Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 538A1120725; Mon, 26 Feb 2018 06:46:34 -0800 (PST) Received: from [216.82.241.100] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta-8.messagelabs.com id BF/73-00655-9CD149A5; Mon, 26 Feb 2018 14:46:33 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA1WSfUgTYRzHe+5u8wxXj3Pmr+EqR2FG8yUrZgOJCKygCPrHhmCnnm64Tdmt0pQIKvEtK5ReJDNKDNQKl5KJ72iaUqmFqSRpmunMJLWsBdXdbvZyfxyf5/f9/l6ehx9NykekSppNs7FWC2NSS1dSgxtqsaZLVaQPdXSrtBcGm6TaynM9SPuy5J5Ue3Mgfje1r6zsO3EY6SVGS1xK2jGJoaymWZI6HZX2MWeQOIPu781FK2kKzxFgd2ZJhIMcXyGgeukuEg+jCIpnqz1ykSctxaEw0NhJCIICf0UwMdrvEnxwBjx/PEkIrMCZMF13jRR5GyxevOqKU3gTfL99jhJYhmOgo/o676H5DgehoSRTCHviQzBXaXdZEF4DS91VrlQS+8HwRKmLAStgrK9HKrIvTI//lIj+GChZaHPHA2B6pocUWQX9pXmuywCuIaCmt4wShWCovTyLRD4I+X2vSdGUQ8Dl4bfuSlug6tsiJQwKOBl+lGMxrIOuO0OU6J8ioKfji7ubP7Q8KHfzNwncWvQVWI4ToKhCmE5IeIEgt7CTEF9OCSOvctAlFFT8z02LeR+JSxG8c7ZKil0v5g1Pr09QokkD9U0tpMjr4dHsDTfr4JqzVSpyABTljXmIvANmOj6jW4iuQIEcaz3BWjXhwXFWY5LBZmaMJk1YqDbYzHIck8SamDguOD7FbEf8eq3gvzrU/HNPG1pLE2pfmbq7UC9fFZeSkG5gOEOs9biJ5dqQP02rQTbvX6SXe1vZJDYt0Wjid3RZBtpLrZAVCLKMS2XMnDFJlLpRBP3q6ocskh6cmuH/TntjDimnLCkWVuknaxQSsJBgOG75U2556/uRSukjQ/yAcq9U1mo22v7XHciPRmof2ZxQxctosf3p6uAHIviBon5dEgayMX8l5Rm0rfZKdEih2mmyh9QPRW4ev0lGn7748M2u4ZFnvV89KsJDJp sKGoJidGFT5nXz5bE2nUSv3b/1du2T+j2Z6Yr1AVGwIrk/N1GZHe0fODn0fpeua7ttJ7lwcvWJ9JHkoxq/3dmrTzsWVI7soU8HwmPPt1dEl8e+jGzfeCTjbH71qYgsNcUZmLAtpJVjfgP+ovIi8AMAAA== X-Env-Sender: tim.hollebeek@digicert.com X-Msg-Ref: server-8.tower-220.messagelabs.com!1519656391!191729785!1 X-Originating-IP: [216.32.181.16] X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass X-StarScan-Received: X-StarScan-Version: 9.9.13; banners=-,-,- X-VirusChecked: Checked Received: (qmail 17046 invoked from network); 26 Feb 2018 14:46:32 -0000 Received: from mail-co1nam03lp0016.outbound.protection.outlook.com (HELO NAM03-CO1-obe.outbound.protection.outlook.com) (216.32.181.16) by server-8.tower-220.messagelabs.com with AES256-GCM-SHA384 encrypted SMTP; 26 Feb 2018 14:46:32 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=k9GGCKJM/QqYt/k0ZXfiUxPnW/AGda0xTcAxKbPG1R8=; b=L+ys+rkIowEVCx8w/6Vi7U8RJIvzCatlafHAAJhM5kNLGHWY6aETGE3UNq48LyDfrKnSm6ZKTJGpkzpFbOGacWul90Rts8VMSV1U48slxrrj6wH1x++O+CQmjtPnkEFRx304JyshUOyr51FXI+6Fxi8zCS/qG1b4EdTmTegG9eE= Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1678.namprd14.prod.outlook.com (10.171.146.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Mon, 26 Feb 2018 14:46:29 +0000 Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32%18]) with mapi id 15.20.0527.021; Mon, 26 Feb 2018 14:46:29 +0000 From: Tim Hollebeek To: IETF Secretariat , "spasm@ietf.org" , "lamps-chairs@ietf.org" , "draft-hoffman-andrews-caa-simplification@ietf.org" Thread-Topic: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" Thread-Index: AQHTraVorrf6N5rdb0qHBxrDXKeE/KO2wt9A Date: Mon, 26 Feb 2018 14:46:29 +0000 Message-ID: References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> In-Reply-To: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [50.196.75.174] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR14MB1678; 7:OcEbp7GzKYFZ24ymwqm9RA7Q1G6klhAzG4CKTNOTYMqrENtwy0Nt8ZWcndA8S+kURO7omjU3INgz66QVQnMM6SgBI9TlkE70ewyGeDvHNKaN7jPBaTvLD2RNb+xzQXIe2uGpVhUjmdowT5qvWBaJhYL7N9JfrhVwI9/kRGmQTe5BMqF4d8WnZyWKAmAxQpk6F4WO/d2ti9KGIpwkAzeiRMhdEAHniUYLdMotvDlp5DtlB0hxTTyHCBpg4lmAgG29 x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 14d2d560-dadc-4ad6-1b78-08d57d27b883 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1678; x-ms-traffictypediagnostic: MWHPR14MB1678: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(120809045254105); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501161)(52105095)(6041288)(2016111802025)(20161123560045)(20161123562045)(20161123564045)(20161123558120)(6043046)(6072148)(201708071742011); SRVR:MWHPR14MB1678; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1678; x-forefront-prvs: 05954A7C45 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(39860400002)(346002)(366004)(396003)(376002)(13464003)(189003)(199004)(478600001)(316002)(2900100001)(6246003)(99936001)(7736002)(33656002)(2950100002)(3280700002)(14454004)(3660700001)(68736007)(53546011)(8936002)(6506007)(59450400001)(106356001)(76176011)(105586002)(102836004)(5660300001)(7696005)(186003)(26005)(66066001)(81156014)(74316002)(8676002)(305945005)(81166006)(53936002)(2201001)(2906002)(229853002)(6436002)(2501003)(5250100002)(6116002)(110136005)(3846002)(86362001)(966005)(97736004)(25786009)(99286004)(450100002)(9686003)(6306002)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1678; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: i+zb52cZrrdOMPLW62shVklfnnas+Z3qAC36k9HnqrhdhkdD8+9d/+fLeE2nOBNCd69zUWoKCx+U/jeuFCIDgKU5LDzZhVHF4d++VGt6DJprcfyXqGIMoaxSBlTB7moY9VnJXeVMzLMLuDTbp+ESL+EqePQT8uCev9nNn4VE68Q= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_00A0_01D3AED5.E8069950" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: 14d2d560-dadc-4ad6-1b78-08d57d27b883 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2018 14:46:29.4339 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1678 Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 14:46:44 -0000 ------=_NextPart_000_00A0_01D3AED5.E8069950 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This document contains many useful improvements. On the subject of blocked queries and responses, the proposed text is excellent. It doesn't actually fix anything (just adds a SHOULD and some informative text and guidance), but it does point out some of the challenges in this area, and will be helpful in convincing the CA/B Forum that the current BR CAA error handling requirements are impractical in the world as it exists today, and need to be revised. The policy discussion will be much easier with the documented, specific examples of why the current failure handling rules cause a lot of pain for people trying to get certificates. Perhaps it would be worthwhile adding text to clarify that these sorts of failure can prevent issuance of certificates, even for domains that don't use and don't want to use CAA. When CAA was originally being sold, it was claimed that if people didn't want to use it, they wouldn't be affected, and that has turned out to be very, very far from the truth. The draft unfortunately prioritizes a few issues (the CNAME issues and blocked queries), while ignoring some more critical issues, like the fact that the RFC 6844 grammar contradicts the examples. Corey had an excellent proposed fix for this issue. It should probably be incorporated. -Tim > -----Original Message----- > From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of IETF Secretariat > Sent: Saturday, February 24, 2018 12:27 PM > To: spasm@ietf.org; lamps-chairs@ietf.org; draft-hoffman-andrews-caa- > simplification@ietf.org > Subject: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa- > simplification in state "Candidate for WG Adoption" > > > The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state > Candidate for WG Adoption (entered by Russ Housley) > > The document is available at > https://datatracker.ietf.org/doc/draft-hoffman-andrews-caa-simplification/ > > Comment: > Should this document be adopted by the LAMPS WG as the starting point for > rfc6844bis? > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm ------=_NextPart_000_00A0_01D3AED5.E8069950 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTgwMjI2MTQ0NjI2WjAvBgkqhkiG9w0BCQQxIgQg53RD0hQr1Av5xbEPOORh6v0vKGhQ DUwsx6dro0qhOeowgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAFKHFumPxhy83l0RQw7FZxoT1q9iEzjeVDBhiMluCR4oMGE2y4p9MgiVbdJooWVPYGzq9TRB 0P5iw3W5sRp96Sq+oA7jAeSIezJvWdQBgIUTP6BjkEGqbdI3VnvD/D2/mh0irWax+4SZbKXO7vuK 6kEHA+oTtTi99ltE8M0a4FmiTZuyX0oVqTXoWnJmU5mekaZmspi6AzT7JdOgWc156ry/yqgmoD5m sbYj5aXYz+nyv5yUccXXmF8d3Awg+ZwzcHU4uihP3fy+JVHCReMG+Kw2UljTUB6Wq6jqp2VCVha6 zstvkoPG13Y547K6Yl2VpcnZJqyg3/n6IjeL6xZ/4A4AAAAAAAA= ------=_NextPart_000_00A0_01D3AED5.E8069950-- From nobody Mon Feb 26 11:04:53 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C56DE1270A7; Mon, 26 Feb 2018 11:04:52 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.011 X-Spam-Level: X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qReXS8c0XE4; Mon, 26 Feb 2018 11:04:51 -0800 (PST) Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B96A01201FA; Mon, 26 Feb 2018 11:04:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NFAsEBavpI6uXBDInKGUATnjAxSRYofAQSjtcztbAvA=; b=SwAAmoV1ocW/rF5wQuFGMMoaIG E+LFxJ5aXXdrHEx5Acok4ayEpKI5rkYROopnBbyPYt7XaUGQzWqfyVKzEGrBPB0jUIr2mPthxqwXc hrcBDN2OmOYkKvtlJ1cQ9YEzT7v2XWzkgqzkgIQv8T4+/czEXjW7jO3a7v4XsUpjytGQ=; Received: ; Mon, 26 Feb 2018 11:04:50 -0800 To: Tim Hollebeek , IETF Secretariat , "spasm@ietf.org" , "lamps-chairs@ietf.org" , "draft-hoffman-andrews-caa-simplification@ietf.org" References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> From: Jacob Hoffman-Andrews Message-ID: Date: Mon, 26 Feb 2018 11:04:50 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Content-Language: en-US Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 19:04:53 -0000 On 02/26/2018 06:46 AM, Tim Hollebeek wrote: > the RFC 6844 grammar contradicts the examples. Corey had an excellent > proposed fix for this issue. It should probably be incorporated. I tried to incorporate changes based on the thread Corey started, but wound up deciding it was better to have something to adopt sooner rather than later. Definitely happy to continue to work on those changes in parallel with the call for adoption. Assuming the draft gets adopted as a WG work product, it's easy enough to land the changes on the WG draft. From nobody Mon Feb 26 13:01:57 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B959212711E; Mon, 26 Feb 2018 13:01:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.002 X-Spam-Level: X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwZWWNDAW-Ob; Mon, 26 Feb 2018 13:01:54 -0800 (PST) Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC6D012711A; Mon, 26 Feb 2018 13:01:53 -0800 (PST) Received: from [216.82.251.38] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-12.bemta-12.messagelabs.com id 12/4B-09148-1C5749A5; Mon, 26 Feb 2018 21:01:53 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA1WSe0xTSRSHO3MfXFkujgXk2GjUGqMrtIJK0gQTn4lE42b/20iMeKtX2tgW0ltMjSaKMfhAE40YaAUxEQVhdTc+AtToYuVhhVVBYljiMxKgQEXcddcHK/Z2wMd/38x35ndmJkdgtL28TpDdLtnpkGx6PprtmnU1xdCQV5SZErhhNB3tusmbava3IpOn8z1velh2kTedfrRlOZfx6k0fl1FR8R7/jDM5q8Oc497MWULvKlHuXyvcvtF77F50YNlhFC2wZBjD8dIeXl1oyUkMtVVtHF08R1Ba0MMcRpMEnqTAoxstWBXxpAxDc4sHqyKO7IJ79b0Rjie7IVhXwlBeCYWhIKsyS+ZCfdVbTmWRbISqSwcw7XAfQbvvY+TAJJIOFRfaIkGITIX/7v4aYYYkQndPeYSBxMOL9laecgIEX37iaP1GKPvbP74/G4KDrQzlGdBRXojUZkCuYhjqHmCpMMK14yFEeT38+dbD0aJDGDyNAY6KBfDsU0cU5e1wbqQbT+wfbPRieqAfw+nXTeNJ06Hht/MMFY85KO3LjyRpyVYoqvbzVIQf/fDEU47+ng6edB5Cx9CP3m/e6g3XMaQcQbD7/yhv5NemQMDTw9IiA/huNjCUZ0JtqHSc06Hkwy2e8mwoKnwRRTkNBptG0BkkVKP5iuzcITsNqUuMZqc12+KyS1abITV1kdEuK4qULdsks2LckmO/jMLTtkejQXXo3/rVfjRNwPoEcXt6UaY21pyzdadFUixZzjybrPjRdEHQgzjsCrspTjlbdm+z2sIjO6FBiNHHi9HhodWKSq5kV6zZVN1Fi4XO4r4CRujqHyxgtKwjxyHrEkWfmkTUUkue40vQxPh3oBm6OBFpNBptTK7stFtd3/sBlCggfZzYrqbEWB2uL/0GwlfB4ausGTumXsUlfVW6vahyNCuN+an4nztjSUOVydFkbf/Z/ietoa f5ncXLZff6dUtjV6YsFMeuD1XgpIT66jklKzbVXbi/al5T3vDkdRkZZ5ft0fze3CjsVN6NSPNPBZJ+OHI7v3nJA19L8pUj+2J6awy7Awv/8D9oA8OG0VP4hNnu1Vy+nfxLWk1+LG5Iv1WoZxWLlLqAcSrSZ8gVLS75AwAA X-Env-Sender: tim.hollebeek@digicert.com X-Msg-Ref: server-16.tower-163.messagelabs.com!1519678912!152446813!1 X-Originating-IP: [216.32.180.48] X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass X-StarScan-Received: X-StarScan-Version: 9.9.13; banners=-,-,- X-VirusChecked: Checked Received: (qmail 130926 invoked from network); 26 Feb 2018 21:01:52 -0000 Received: from mail-by2nam03lp0048.outbound.protection.outlook.com (HELO NAM03-BY2-obe.outbound.protection.outlook.com) (216.32.180.48) by server-16.tower-163.messagelabs.com with AES256-SHA256 encrypted SMTP; 26 Feb 2018 21:01:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FrdyTQKvQDwYvsCs/uOR76DnjoebvndTNZuwgIPowfw=; b=O8uJTOXEjJNEEVgGhv0aqXAbMmjT91/laRHtOYphDq7Kz5Sj8a/Pa0KTaHvkBUTS8g3Jsy+e7pnFDtTYcAPfOVN3HTgQSW/79pGbwfYaCqtZEQE1FvEf/IstdOb4GWTyc7V3yFZnEvItEHRnIfnZ0hzLwEI/27n5gt1sG9HdESA= Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1456.namprd14.prod.outlook.com (10.173.233.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Mon, 26 Feb 2018 21:01:50 +0000 Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32%18]) with mapi id 15.20.0527.021; Mon, 26 Feb 2018 21:01:50 +0000 From: Tim Hollebeek To: Jacob Hoffman-Andrews , IETF Secretariat , "spasm@ietf.org" , "lamps-chairs@ietf.org" , "draft-hoffman-andrews-caa-simplification@ietf.org" Thread-Topic: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" Thread-Index: AQHTraVorrf6N5rdb0qHBxrDXKeE/KO2wt9AgABLMACAACAQ4A== Date: Mon, 26 Feb 2018 21:01:50 +0000 Message-ID: References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [50.196.75.174] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; MWHPR14MB1456; 7:zbRMCsK9duGF2lxt3hVWXMsXyonDHKGRgMNLxqmPAqM5bi2DsZYfwBbR6Q/aSxFT7u3/yOnXA3KAaJPRN+S1xZneSKytO8x1qCuHYr1l8Az3M4Rh3mMl05djQXQkPBbWBWsAAeLqemrUWaL1m5XT5sHLy/TQoJRiA/2JcKsJQa1yz6uOI8uBj133RGHz7PAcCDfLUMxCZEgDGHyBWoFlD6+ESMNXLAHNzGIXjI/2Hf3PmAPk+2e50RnEFMFn/4Ek x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 096789ce-775b-4dde-4292-08d57d5c2822 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1456; x-ms-traffictypediagnostic: MWHPR14MB1456: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(10201501046)(3231220)(944501161)(52105095)(6041288)(20161123564045)(2016111802025)(20161123558120)(20161123562045)(20161123560045)(6043046)(6072148)(201708071742011); SRVR:MWHPR14MB1456; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1456; x-forefront-prvs: 05954A7C45 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(39380400002)(396003)(346002)(39860400002)(13464003)(189003)(199004)(186003)(5250100002)(106356001)(6506007)(6436002)(53546011)(7696005)(68736007)(8676002)(97736004)(478600001)(76176011)(6116002)(86362001)(81156014)(3280700002)(81166006)(2201001)(3660700001)(2906002)(8936002)(229853002)(6246003)(55016002)(53936002)(3846002)(99936001)(5660300001)(25786009)(74316002)(305945005)(7736002)(316002)(14454004)(110136005)(2950100002)(33656002)(2501003)(9686003)(102836004)(26005)(99286004)(2900100001)(66066001)(105586002)(19400905002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1456; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: edprh/d/DIavXdfMegien6ekje9LtQn4GEtlU/+/U7G8aMYNpY0RtsopVny7SzUcCy2yylC63eHAenD2FV6QC9XNzJh7YyNAykFJpr9diObxWUVY05akafOKLAaR2N/UIIJ5svxmgJiQJnbSLRsz2K44ma+a/w2ZINEEtPQeK0Q= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_0170_01D3AF0A.5771DCD0" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: 096789ce-775b-4dde-4292-08d57d5c2822 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Feb 2018 21:01:50.5027 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1456 Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2018 21:01:56 -0000 ------=_NextPart_000_0170_01D3AF0A.5771DCD0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Ok. I just want to make sure it gets in soon. Having a grammar that's incorrect is a pretty serious issue. Corey and I can help support the effort if that helps keep things moving. I'd support getting RFC 6844bis out on an expedited timeline, since some of the errors in RFC 6844 are so serious. If we end up with a RFC6844bisbis later, so be it. -Tim > -----Original Message----- > From: Jacob Hoffman-Andrews [mailto:jsha@eff.org] > Sent: Monday, February 26, 2018 12:05 PM > To: Tim Hollebeek ; IETF Secretariat secretariat-reply@ietf.org>; spasm@ietf.org; lamps-chairs@ietf.org; draft- > hoffman-andrews-caa-simplification@ietf.org > Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa- > simplification in state "Candidate for WG Adoption" > > On 02/26/2018 06:46 AM, Tim Hollebeek wrote: > > the RFC 6844 grammar contradicts the examples. Corey had an excellent > > proposed fix for this issue. It should probably be incorporated. > I tried to incorporate changes based on the thread Corey started, but wound up > deciding it was better to have something to adopt sooner rather than later. > Definitely happy to continue to work on those changes in parallel with the call > for adoption. Assuming the draft gets adopted as a WG work product, it's easy > enough to land the changes on the WG draft. ------=_NextPart_000_0170_01D3AF0A.5771DCD0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTgwMjI2MjEwMTQ3WjAvBgkqhkiG9w0BCQQxIgQgjQALgLRiyacqj1AXEUIe2fUNrEjA BVH2DNuDH3yMhOswgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAFDcAzkVTV+6cZBJvaYz0lVP7xsr+HhrP7iOyQ7hrmw8ndn3zwUupKMeIQ2ExMXd2qK+ANnm Dus44MbXaW4CKCaEt04YdzXI+21CGIDQo3Y53u96IFyrxjOOIwHJ3mGyBBNdpCE1F2uOV0O0cHX7 w5Bn0Veqr5w3wwHNk66JnS/V7Z+hdX6v5OfQMfm6KCW4yO3vFPG4OE8LwQ2g2/zMjlQ74x2P8ftM bLVkyuBv0DxkCKofxlVnpWZfd+DpyFVUxIhF6eahfOKbLvwhCbitrZEawru6gBfFj77isAY2PeBn ZLuybdvhGaM5Gnlfg1a8a1jzX3XrQe7evvodhgvGLSMAAAAAAAA= ------=_NextPart_000_0170_01D3AF0A.5771DCD0-- From nobody Tue Feb 27 12:20:30 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04557126FDC; Tue, 27 Feb 2018 12:20:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxJt7TajeLX5; Tue, 27 Feb 2018 12:20:26 -0800 (PST) Received: from seg-node-elk-02.trustwave.com (seg-node-elk-02.trustwave.com [204.13.202.188]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F3FE1201FA; Tue, 27 Feb 2018 12:20:26 -0800 (PST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (Not Verified[216.32.180.54]) by seg-node-elk-02.trustwave.com with Trustwave SEG (v8, 0, 6, 10676) (using TLS: TLSv1.2, AES256-SHA256) id ; Tue, 27 Feb 2018 14:20:23 -0600 Received: from CY4PR07MB3575.namprd07.prod.outlook.com (10.171.253.14) by CY4PR07MB3208.namprd07.prod.outlook.com (10.172.115.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.527.15; Tue, 27 Feb 2018 20:20:19 +0000 Received: from CY4PR07MB3575.namprd07.prod.outlook.com ([fe80::9993:ac58:1046:e047]) by CY4PR07MB3575.namprd07.prod.outlook.com ([fe80::9993:ac58:1046:e047%13]) with mapi id 15.20.0527.021; Tue, 27 Feb 2018 20:20:19 +0000 From: Corey Bonnell To: Jacob Hoffman-Andrews , Tim Hollebeek , IETF Secretariat , "spasm@ietf.org" , "lamps-chairs@ietf.org" , "draft-hoffman-andrews-caa-simplification@ietf.org" Thread-Topic: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" Thread-Index: AQHTraVoHn8WdZxpn0O7x51qlIqxJKO2xeCAgABILwCAAVOZAA== Date: Tue, 27 Feb 2018 20:20:19 +0000 Message-ID: <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=CBonnell@trustwave.com; x-originating-ip: [50.243.167.1] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR07MB3208; 7:4CANpNlwlJz5UbPtcvmFyHimNRXLCjRkCw+hvpM+Pwgq+5sirzY9JwrWYm5FGDaM9khx0wZhD/ZQaHwnjzecAJVOdZIRC9+WSnCcoLU8FBV7IFpCBvmWstvBbZDSMw6MaQWzK80qLRrbcqRbTnnpPcnpUH3Dx5ibFr85EAMrkb7Lm0M0qW2NKr5vB479cB2qy7fjBsT3hBYxwiZjFdHtJq1opCikgUKWXUmF6Q5iyb/EtZ0KsZAwA8a0Q3KNPBHg x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: f87d75d2-1997-4b17-367c-08d57e1f85a0 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:CY4PR07MB3208; x-ms-traffictypediagnostic: CY4PR07MB3208: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(232896897485771); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231220)(944501161)(3002001)(6041288)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR07MB3208; BCL:0; PCL:0; RULEID:; SRVR:CY4PR07MB3208; x-forefront-prvs: 05961EBAFC x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(346002)(376002)(39380400002)(366004)(189003)(199004)(2950100002)(6116002)(2906002)(82746002)(80792005)(99286004)(105586002)(81166006)(81156014)(33656002)(229853002)(8936002)(305945005)(478600001)(97736004)(3660700001)(6512007)(6306002)(3846002)(6246003)(2900100001)(3280700002)(7736002)(53936002)(8676002)(6436002)(83716003)(6506007)(26005)(186003)(53546011)(76176011)(66066001)(36756003)(102836004)(2201001)(86362001)(6486002)(106356001)(14454004)(5250100002)(25786009)(316002)(966005)(2501003)(110136005)(72206003)(68736007)(5660300001)(19400905002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR07MB3208; H:CY4PR07MB3575.namprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: trustwave.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: /HUZiiv3CuBfoKyE7F/WAGIZnHKJnzCHp1HWpeNPAx01OZKAngQt8fRFXK90xRs1p2IVZ8ZgF0l/OUPURqqsA7sKl+YvXlTsJcYaOYYxqlUcbjkRsVStgENyvD1f1IDmR8rmNoo8wS/n8pF7ps+JkDlcQ4JRLKm/7a//XjzzxYg= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: trustwave.com X-MS-Exchange-CrossTenant-Network-Message-Id: f87d75d2-1997-4b17-367c-08d57e1f85a0 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2018 20:20:19.1717 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cb1dab68-a067-4b6b-ae7e-c012e8c33f6a X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR07MB3208 Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 20:20:29 -0000 SGkgSmFjb2IsDQpJIGhhdmUgYSBmZXcgbWlub3IgY2hhbmdlcyBJJ2QgbGlrZSB0byBtYWtlIHRv IHRoZSBncmFtbWFyIEkgcHJvcG9zZWQgYSBmZXcgbW9udGhzIGFnbywgbmFtZWx5IHRvIGFkZCBz dXBwb3J0IGZvciB3aGl0ZXNwYWNlIHN1cnJvdW5kaW5nIHRoZSBlcXVhbHMgc2lnbiBpbiBwYXJh bWV0ZXIgdGFnL3ZhbHVlIHBhaXJzIGFzIHdlbGwgYXMgdG8gYWxsb3cgZm9yIGh5cGhlbnMgdG8g YXBwZWFyIGluIHBhcmFtZXRlciB0YWdzICh0aGlzIGlzIG5lY2Vzc2FyeSB0byBzdXBwb3J0IHRo ZSBwYXJhbWV0ZXIgbmFtZXMgcHJvcG9zZWQgaW4gaHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1s L2RyYWZ0LWlldGYtYWNtZS1jYWEtMDMpOg0KDQppc3N1ZXZhbHVlID0gKldTUCBbZG9tYWluXSAq V1NQIFsiOyIgKldTUCBbcGFyYW1ldGVyc10gKldTUF0NCg0KZG9tYWluID0gbGFiZWwgKigiLiIg bGFiZWwpDQpsYWJlbCA9IChBTFBIQSAvIERJR0lUKSAqKCAqKCItIikgKEFMUEhBIC8gRElHSVQp KQ0KDQpwYXJhbWV0ZXJzID0gKHBhcmFtZXRlciAqV1NQIOKAnDvigJ0gKldTUCBwYXJhbWV0ZXJz KSAvIHBhcmFtZXRlcg0KcGFyYW1ldGVyID0gdGFnICpXU1AgIj0iICpXU1AgdmFsdWUNCnRhZyA9 IChBTFBIQSAvIERJR0lUKSAqKCAqKCItIikgKEFMUEhBIC8gRElHSVQpKQ0KdmFsdWUgPSAqKCV4 MjEtM0EgLyAleDNDLTdFKQ0KDQpJIHVzZWQgdGhlIHNhbWUgcHJvZHVjdGlvbiBydWxlIHZhbHVl IGZvciAidGFnIiB0aGF0IGN1cnJlbnRseSBleGlzdHMgZm9yICJsYWJlbCIgdG8gYWxsb3cgZm9y IGh5cGhlbnMgaW4gdGhlIHBhcmFtZXRlciB0YWcsIGJ1dCBkaWRuJ3QgY29tYmluZSB0aGVtIHNv IHRoYXQgd2UgY2FuIGNvbnRpbnVlIHRvIHVzZSB0aGUgZGVzY3JpcHRpdmUgcnVsZSBuYW1lcyBv ZiAidGFnIiBhbmQgImxhYmVsIiBhcyBvcHBvc2VkIHRvIHNvbWV0aGluZyBwb3RlbnRpYWxseSBj b25mdXNpbmcgbGlrZSAidGFnLW9yLWxhYmVsIi4NCg0KRm9yIHRoZSBwdXJwb3NlcyBvZiBnZXR0 aW5nIHRoaXMgaW5jb3Jwb3JhdGVkIGludG8gUkZDIDY4NDQtYmlzIChvciBSRkMgNjg0NC1iaXMt YmlzKSwgc2hvdWxkIEkgY3JlYXRlIGFuIGVycmF0dW0sIG9yIGlzIHRoaXMgZW1haWwgc3VmZmlj aWVudD8NCg0KVGhhbmtzLA0KQ29yZXkNCg0KDQpPbiAyLzI2LzE4LCAyOjA0IFBNLCAiU3Bhc20g b24gYmVoYWxmIG9mIEphY29iIEhvZmZtYW4tQW5kcmV3cyIgPHNwYXNtLWJvdW5jZXNAaWV0Zi5v cmcgb24gYmVoYWxmIG9mIGpzaGFAZWZmLm9yZz4gd3JvdGU6DQoNCiAgICBPbiAwMi8yNi8yMDE4 IDA2OjQ2IEFNLCBUaW0gSG9sbGViZWVrIHdyb3RlOg0KICAgID4gdGhlIFJGQyA2ODQ0IGdyYW1t YXIgY29udHJhZGljdHMgdGhlIGV4YW1wbGVzLiAgQ29yZXkgaGFkIGFuIGV4Y2VsbGVudA0KICAg ID4gcHJvcG9zZWQgZml4IGZvciB0aGlzIGlzc3VlLiAgSXQgc2hvdWxkIHByb2JhYmx5IGJlIGlu Y29ycG9yYXRlZC4NCiAgICBJIHRyaWVkIHRvIGluY29ycG9yYXRlIGNoYW5nZXMgYmFzZWQgb24g dGhlIHRocmVhZCBDb3JleSBzdGFydGVkLCBidXQNCiAgICB3b3VuZCB1cCBkZWNpZGluZyBpdCB3 YXMgYmV0dGVyIHRvIGhhdmUgc29tZXRoaW5nIHRvIGFkb3B0IHNvb25lciByYXRoZXINCiAgICB0 aGFuIGxhdGVyLiBEZWZpbml0ZWx5IGhhcHB5IHRvIGNvbnRpbnVlIHRvIHdvcmsgb24gdGhvc2Ug Y2hhbmdlcyBpbg0KICAgIHBhcmFsbGVsIHdpdGggdGhlIGNhbGwgZm9yIGFkb3B0aW9uLiBBc3N1 bWluZyB0aGUgZHJhZnQgZ2V0cyBhZG9wdGVkIGFzDQogICAgYSBXRyB3b3JrIHByb2R1Y3QsIGl0 J3MgZWFzeSBlbm91Z2ggdG8gbGFuZCB0aGUgY2hhbmdlcyBvbiB0aGUgV0cgZHJhZnQuDQogICAg DQogICAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCiAg ICBTcGFzbSBtYWlsaW5nIGxpc3QNCiAgICBTcGFzbUBpZXRmLm9yZw0KICAgIGh0dHBzOi8vc2Nh bm1haWwudHJ1c3R3YXZlLmNvbS8/Yz00MDYyJmQ9Mk5xVTJwREdzTWFyVkJlUmpkTmg1bWhiOE5f aXdBLWVzWmJfaHhGTjVRJnM9NSZ1PWh0dHBzJTNhJTJmJTJmd3d3JTJlaWV0ZiUyZW9yZyUyZm1h aWxtYW4lMmZsaXN0aW5mbyUyZnNwYXNtDQogICAgDQoNCg== From nobody Tue Feb 27 13:07:11 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 282C512D957 for ; Tue, 27 Feb 2018 13:07:10 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5uQ5pN3yq1l6 for ; Tue, 27 Feb 2018 13:07:08 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF9FD12D88E for ; Tue, 27 Feb 2018 13:07:08 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 8FAAB30056B for ; Tue, 27 Feb 2018 16:07:06 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id F-kkaiL17pSI for ; Tue, 27 Feb 2018 16:07:04 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 439573004BD; Tue, 27 Feb 2018 16:07:04 -0500 (EST) From: Russ Housley Message-Id: <2EF3E1C2-EFBA-440F-BEF1-4CECDCFD7CDD@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_11E7C575-B089-4899-9E11-3E6FC55DB439" Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Tue, 27 Feb 2018 16:07:05 -0500 In-Reply-To: <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> Cc: Jacob Hoffman-Andrews , Tim Hollebeek , "spasm@ietf.org" To: Corey Bonnell References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 21:07:10 -0000 --Apple-Mail=_11E7C575-B089-4899-9E11-3E6FC55DB439 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Playing with BAP (on tools.ietf.org ) I see a = few improvements in the ABNF. I did not try to change the syntax in any way. Russ =3D =3D =3D =3D =3D =3D=20 issuevalue =3D *WSP [domain] *WSP [";" *WSP [parameters *WSP]] domain =3D label *("." label) label =3D (ALPHA / DIGIT) *( *"-" (ALPHA / DIGIT)) parameters =3D parameter *WSP ";" *WSP parameters / parameter parameter =3D tag *WSP "=3D" *WSP value tag =3D (ALPHA / DIGIT) *( *"-" (ALPHA / DIGIT)) value =3D *(%x21-3A / %x3C-7E) > On Feb 27, 2018, at 3:20 PM, Corey Bonnell = wrote: >=20 > Hi Jacob, > I have a few minor changes I'd like to make to the grammar I proposed = a few months ago, namely to add support for whitespace surrounding the = equals sign in parameter tag/value pairs as well as to allow for hyphens = to appear in parameter tags (this is necessary to support the parameter = names proposed in https://tools.ietf.org/html/draft-ietf-acme-caa-03): >=20 > issuevalue =3D *WSP [domain] *WSP [";" *WSP [parameters] *WSP] >=20 > domain =3D label *("." label) > label =3D (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) >=20 > parameters =3D (parameter *WSP =E2=80=9C;=E2=80=9D *WSP parameters) / = parameter > parameter =3D tag *WSP "=3D" *WSP value > tag =3D (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) > value =3D *(%x21-3A / %x3C-7E) >=20 > I used the same production rule value for "tag" that currently exists = for "label" to allow for hyphens in the parameter tag, but didn't = combine them so that we can continue to use the descriptive rule names = of "tag" and "label" as opposed to something potentially confusing like = "tag-or-label". >=20 > For the purposes of getting this incorporated into RFC 6844-bis (or = RFC 6844-bis-bis), should I create an erratum, or is this email = sufficient? >=20 > Thanks, > Corey >=20 >=20 > On 2/26/18, 2:04 PM, "Spasm on behalf of Jacob Hoffman-Andrews" = wrote: >=20 > On 02/26/2018 06:46 AM, Tim Hollebeek wrote: >> the RFC 6844 grammar contradicts the examples. Corey had an = excellent >> proposed fix for this issue. It should probably be incorporated. > I tried to incorporate changes based on the thread Corey started, = but > wound up deciding it was better to have something to adopt sooner = rather > than later. Definitely happy to continue to work on those changes = in > parallel with the call for adoption. Assuming the draft gets = adopted as > a WG work product, it's easy enough to land the changes on the WG = draft. >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > = https://scanmail.trustwave.com/?c=3D4062&d=3D2NqU2pDGsMarVBeRjdNh5mhb8N_iw= A-esZb_hxFN5Q&s=3D5&u=3Dhttps%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinf= o%2fspasm >=20 >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --Apple-Mail=_11E7C575-B089-4899-9E11-3E6FC55DB439 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Playing with BAP (on tools.ietf.org) I see a few improvements in the ABNF.
I did not try to change the syntax in any way.

Russ

=3D =3D =3D =3D =3D = =3D 

issuevalue =3D *WSP [domain] *WSP [";" *WSP = [parameters *WSP]]

domain =3D label *("." label)
label =3D = (ALPHA / DIGIT) *( *"-" (ALPHA / DIGIT))

parameters =3D parameter *WSP ";" *WSP = parameters / parameter
parameter =3D tag *WSP "=3D" = *WSP value
tag =3D (ALPHA / DIGIT) *( *"-" (ALPHA / = DIGIT))
value =3D *(%x21-3A / %x3C-7E)




On Feb 27, 2018, at 3:20 PM, Corey Bonnell <CBonnell@trustwave.com> wrote:

Hi = Jacob,
I have a few minor changes I'd like to make to the = grammar I proposed a few months ago, namely to add support for = whitespace surrounding the equals sign in parameter tag/value pairs as = well as to allow for hyphens to appear in parameter tags (this is = necessary to support the parameter names proposed in https://tools.ietf.org/html/draft-ietf-acme-caa-03):

issuevalue =3D *WSP [domain] *WSP [";" *WSP = [parameters] *WSP]

domain =3D label *("." = label)
label =3D (ALPHA / DIGIT) *( *("-") (ALPHA / = DIGIT))

parameters =3D (parameter *WSP = =E2=80=9C;=E2=80=9D *WSP parameters) / parameter
parameter = =3D tag *WSP "=3D" *WSP value
tag =3D (ALPHA / DIGIT) *( = *("-") (ALPHA / DIGIT))
value =3D *(%x21-3A / %x3C-7E)

I used the same production rule value for = "tag" that currently exists for "label" to allow for hyphens in the = parameter tag, but didn't combine them so that we can continue to use = the descriptive rule names of "tag" and "label" as opposed to something = potentially confusing like "tag-or-label".

For the purposes of getting this incorporated into RFC = 6844-bis (or RFC 6844-bis-bis), should I create an erratum, or is this = email sufficient?

Thanks,
Corey


On 2/26/18, = 2:04 PM, "Spasm on behalf of Jacob Hoffman-Andrews" <spasm-bounces@ietf.org on behalf of jsha@eff.org> wrote:

   On 02/26/2018 06:46 AM, Tim = Hollebeek wrote:
the = RFC 6844 grammar contradicts the examples.  Corey had an = excellent
proposed fix for this issue.  It should = probably be incorporated.
=    I tried to incorporate changes based on the thread = Corey started, but
   wound up deciding it = was better to have something to adopt sooner rather
=    than later. Definitely happy to continue to work on = those changes in
   parallel with the call = for adoption. Assuming the draft gets adopted as
=    a WG work product, it's easy enough to land the = changes on the WG draft.

=    _______________________________________________
   Spasm mailing list
=    Spasm@ietf.org
   https://scanmail.trustwave.com/?c=3D4062&d=3D2NqU2pDGsMarVB= eRjdNh5mhb8N_iwA-esZb_hxFN5Q&s=3D5&u=3Dhttps%3a%2f%2fwww%2eietf%2e= org%2fmailman%2flistinfo%2fspasm


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

= --Apple-Mail=_11E7C575-B089-4899-9E11-3E6FC55DB439-- From nobody Tue Feb 27 13:17:13 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4DEF12D9FE for ; Tue, 27 Feb 2018 13:17:11 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e8kukQcoMi5j for ; Tue, 27 Feb 2018 13:17:06 -0800 (PST) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B91B12DA00 for ; Tue, 27 Feb 2018 13:17:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 6DDDB3005A4 for ; Tue, 27 Feb 2018 16:17:04 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZSdwPq77N0el for ; Tue, 27 Feb 2018 16:17:02 -0500 (EST) Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id EC8413004BD; Tue, 27 Feb 2018 16:17:01 -0500 (EST) From: Russ Housley Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_657333D9-96FC-43B4-8E77-15EE3FE2D166" Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Date: Tue, 27 Feb 2018 16:17:02 -0500 In-Reply-To: <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> Cc: Jacob Hoffman-Andrews , Tim Hollebeek , "spasm@ietf.org" To: Corey Bonnell References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> X-Mailer: Apple Mail (2.3273) Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 21:17:11 -0000 --Apple-Mail=_657333D9-96FC-43B4-8E77-15EE3FE2D166 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Many years ago, Tony Finch offered a slightly different ABNF definition = for domain: https://www.ietf.org/mail-archive/web/ietf-smtp/current/msg01490.html = Russ > On Feb 27, 2018, at 3:20 PM, Corey Bonnell = wrote: >=20 > Hi Jacob, > I have a few minor changes I'd like to make to the grammar I proposed = a few months ago, namely to add support for whitespace surrounding the = equals sign in parameter tag/value pairs as well as to allow for hyphens = to appear in parameter tags (this is necessary to support the parameter = names proposed in https://tools.ietf.org/html/draft-ietf-acme-caa-03): >=20 > issuevalue =3D *WSP [domain] *WSP [";" *WSP [parameters] *WSP] >=20 > domain =3D label *("." label) > label =3D (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) >=20 > parameters =3D (parameter *WSP =E2=80=9C;=E2=80=9D *WSP parameters) / = parameter > parameter =3D tag *WSP "=3D" *WSP value > tag =3D (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) > value =3D *(%x21-3A / %x3C-7E) >=20 > I used the same production rule value for "tag" that currently exists = for "label" to allow for hyphens in the parameter tag, but didn't = combine them so that we can continue to use the descriptive rule names = of "tag" and "label" as opposed to something potentially confusing like = "tag-or-label". >=20 > For the purposes of getting this incorporated into RFC 6844-bis (or = RFC 6844-bis-bis), should I create an erratum, or is this email = sufficient? >=20 > Thanks, > Corey >=20 >=20 > On 2/26/18, 2:04 PM, "Spasm on behalf of Jacob Hoffman-Andrews" = wrote: >=20 > On 02/26/2018 06:46 AM, Tim Hollebeek wrote: >> the RFC 6844 grammar contradicts the examples. Corey had an = excellent >> proposed fix for this issue. It should probably be incorporated. > I tried to incorporate changes based on the thread Corey started, = but > wound up deciding it was better to have something to adopt sooner = rather > than later. Definitely happy to continue to work on those changes = in > parallel with the call for adoption. Assuming the draft gets = adopted as > a WG work product, it's easy enough to land the changes on the WG = draft. >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > = https://scanmail.trustwave.com/?c=3D4062&d=3D2NqU2pDGsMarVBeRjdNh5mhb8N_iw= A-esZb_hxFN5Q&s=3D5&u=3Dhttps%3a%2f%2fwww%2eietf%2eorg%2fmailman%2flistinf= o%2fspasm >=20 >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm --Apple-Mail=_657333D9-96FC-43B4-8E77-15EE3FE2D166 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Many years ago, Tony Finch offered a slightly different ABNF = definition for domain:

https://www.ietf.org/mail-archive/web/ietf-smtp/current/msg0149= 0.html

Russ

On Feb 27, 2018, at 3:20 PM, = Corey Bonnell <CBonnell@trustwave.com> wrote:

Hi = Jacob,
I have a few minor changes I'd like to make to the = grammar I proposed a few months ago, namely to add support for = whitespace surrounding the equals sign in parameter tag/value pairs as = well as to allow for hyphens to appear in parameter tags (this is = necessary to support the parameter names proposed in https://tools.ietf.org/html/draft-ietf-acme-caa-03):

issuevalue =3D *WSP [domain] *WSP [";" *WSP = [parameters] *WSP]

domain =3D label *("." = label)
label =3D (ALPHA / DIGIT) *( *("-") (ALPHA / = DIGIT))

parameters =3D (parameter *WSP = =E2=80=9C;=E2=80=9D *WSP parameters) / parameter
parameter = =3D tag *WSP "=3D" *WSP value
tag =3D (ALPHA / DIGIT) *( = *("-") (ALPHA / DIGIT))
value =3D *(%x21-3A / %x3C-7E)

I used the same production rule value for = "tag" that currently exists for "label" to allow for hyphens in the = parameter tag, but didn't combine them so that we can continue to use = the descriptive rule names of "tag" and "label" as opposed to something = potentially confusing like "tag-or-label".

For the purposes of getting this incorporated into RFC = 6844-bis (or RFC 6844-bis-bis), should I create an erratum, or is this = email sufficient?

Thanks,
Corey


On 2/26/18, = 2:04 PM, "Spasm on behalf of Jacob Hoffman-Andrews" <spasm-bounces@ietf.org on behalf of jsha@eff.org> wrote:

   On 02/26/2018 06:46 AM, Tim = Hollebeek wrote:
the = RFC 6844 grammar contradicts the examples.  Corey had an = excellent
proposed fix for this issue.  It should = probably be incorporated.
=    I tried to incorporate changes based on the thread = Corey started, but
   wound up deciding it = was better to have something to adopt sooner rather
=    than later. Definitely happy to continue to work on = those changes in
   parallel with the call = for adoption. Assuming the draft gets adopted as
=    a WG work product, it's easy enough to land the = changes on the WG draft.

=    _______________________________________________
   Spasm mailing list
=    Spasm@ietf.org
   https://scanmail.trustwave.com/?c=3D4062&d=3D2NqU2pDGsMarVB= eRjdNh5mhb8N_iwA-esZb_hxFN5Q&s=3D5&u=3Dhttps%3a%2f%2fwww%2eietf%2e= org%2fmailman%2flistinfo%2fspasm


_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

= --Apple-Mail=_657333D9-96FC-43B4-8E77-15EE3FE2D166-- From nobody Tue Feb 27 14:59:33 2018 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD6B12E8C3 for ; Tue, 27 Feb 2018 14:59:32 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.01 X-Spam-Level: X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eff.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dD_oZj4jozpT for ; Tue, 27 Feb 2018 14:59:30 -0800 (PST) Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A70DB12E8C2 for ; Tue, 27 Feb 2018 14:59:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aIWfGq9FF68NyMpaPtULdqM9yChf5vGKyuE0dw6IhvQ=; b=IbszbyVF0ceb4t6rjhixAHh6dZ +9F8qAmSVoQpc4ftKrb2CvT0rsn2YxKecha2FaKMPQZ3ZSSwv/tbxBaPZP3hpYhpIG5UoiusXGHOa khym3QFQ6pYTqolT8eE3ftNbvSuEMhamP0OuRIJjQOiQ5FK3/Q/WVxGj9qR9AUehSFW0=; Received: ; Tue, 27 Feb 2018 14:59:29 -0800 To: Corey Bonnell , Tim Hollebeek , "spasm@ietf.org" References: <151950039671.13803.5548300357689455000.idtracker@ietfa.amsl.com> <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> From: Jacob Hoffman-Andrews Message-ID: <398b4cb4-4a58-c134-c08f-03589f0639e6@eff.org> Date: Tue, 27 Feb 2018 14:59:29 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <7D9F4BE0-4760-4191-846F-3DA8511C9F03@trustwave.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US Archived-At: Subject: Re: [lamps] The LAMPS WG has placed draft-hoffman-andrews-caa-simplification in state "Candidate for WG Adoption" X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 22:59:32 -0000 On 02/27/2018 12:20 PM, Corey Bonnell wrote: > Hi Jacob, > I have a few minor changes I'd like to make to the grammar I proposed a few months ago, namely to add support for whitespace surrounding the equals sign in parameter tag/value pairs as well as to allow for hyphens to appear in parameter tags (this is necessary to support the parameter names proposed in https://tools.ietf.org/html/draft-ietf-acme-caa-03): > > issuevalue = *WSP [domain] *WSP [";" *WSP [parameters] *WSP] > > domain = label *("." label) > label = (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) > > parameters = (parameter *WSP “;” *WSP parameters) / parameter > parameter = tag *WSP "=" *WSP value > tag = (ALPHA / DIGIT) *( *("-") (ALPHA / DIGIT)) > value = *(%x21-3A / %x3C-7E) > > I used the same production rule value for "tag" that currently exists for "label" to allow for hyphens in the parameter tag, but didn't combine them so that we can continue to use the descriptive rule names of "tag" and "label" as opposed to something potentially confusing like "tag-or-label". > > For the purposes of getting this incorporated into RFC 6844-bis (or RFC 6844-bis-bis), should I create an erratum, or is this email sufficient? This email is sufficient, thanks. From nobody Tue Feb 27 15:16:14 2018 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DADD12EAE5; Tue, 27 Feb 2018 15:11:15 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "\"IETF Secretariat\"" To: , Cc: spasm@ietf.org, ekr@rtfm.com X-Test-IDTracker: no X-IETF-IDTracker: 6.73.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <151977307557.5200.8508186352104446921.idtracker@ietfa.amsl.com> Date: Tue, 27 Feb 2018 15:11:15 -0800 Archived-At: Subject: [lamps] lamps - Requested session has been scheduled for IETF 101 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.22 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2018 23:11:20 -0000 Dear Russ Housley, The session(s) that you have requested have been scheduled. Below is the scheduled session information followed by the original request. lamps Session 1 (1:00:00) Friday, Afternoon Session I 1150-1320 Room Name: Richmond/Chelsea/Tower size: 75 --------------------------------------------- Request Information: --------------------------------------------------------- Working Group Name: Limited Additional Mechanisms for PKIX and SMIME Area Name: Security Area Session Requester: Russ Housley Number of Sessions: 1 Length of Session(s): 1 Hour Number of Attendees: 50 Conflicts to Avoid: First Priority: suit curdle quic perc saag sidrops sipbrandy tls ipwave stir acme ace rtcweb lamps Second Priority: cfrg dprive ecrit oauth sacm mile modern radext Third Priority: mtgvenue iasa20 People who must be present: Russ Housley Eric Rescorla Sean Turner Jim Schaad Resources Requested: Special Requests: ---------------------------------------------------------