subject:"Re\: \[TLS\] Working group last call for draft\-ietf\-tls\-subcerts\-07"

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-06-03 Thread Nick Sullivan

standard for server/origin >> recertification, etc. >> >> >> >> *From: *Joseph Salowey >> *Date: *Monday, June 1, 2020 at 12:53 AM >> *To: *"t...@ietf..org " >> *Subject: *Re: [TLS] Working group last call for >> draft-ietf-t

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-06-03 Thread Russ Housley

gt; From: Joseph Salowey mailto:j...@salowey.net>> > Date: Monday, June 1, 2020 at 12:53 AM > To: "t...@ietf..org <mailto:tls@ietf.org>" <mailto:tls@ietf.org>> > Subject: Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07 > > > > Remi

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-06-03 Thread Nick Sullivan

*"tls@ietf.org" > *Subject: *Re: [TLS] Working group last call for > draft-ietf-tls-subcerts-07 > > > > Reminder: the last call expires this week. > > > > On Mon, May 18, 2020 at 12:56 PM Joseph Salowey wrote: > > This is the Working Group Last Call f

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-06-01 Thread Salz, Rich

I reread this and support it. We are looking at implementation. We’re curious if anyone is working on a standard for server/origin recertification, etc. From: Joseph Salowey Date: Monday, June 1, 2020 at 12:53 AM To: "tls@ietf.org" Subject: Re: [TLS] Working group last call for draf

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-31 Thread Martin Thomson

I've reviewed it, it's mostly fine. I wonder how much more needs to be said about expiration dates and allowance for clock skew. We haven't had any trouble with the mechanism proposed here (to my knowledge), but we've had plenty of trouble with ESNI deployment. Maybe the design here is suffic

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-31 Thread Joseph Salowey

Reminder: the last call expires this week. On Mon, May 18, 2020 at 12:56 PM Joseph Salowey wrote: > This is the Working Group Last Call for "Delegated Credentials for TLS" > available at https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/. > Please review the document and respond to the li

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-22 Thread Salz, Rich

>One of the hard requirements for our deployment was that the same certificate be useable with DCs and without. A different EKU would be more problematic then an extension for this purpose That's a good point, and I accept Ryan's comments about EKU deployment.

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-22 Thread Watson Ladd

On Thu, May 21, 2020 at 11:23 AM Ryan Sleevi wrote >> >> I am aware of the "fight" about EKU chaining. I have a view, but I did not >> really want to drag subcerts into that controversy. > > > Sure, but unfortunately, the design of DC/subcerts is a direct result of that > running code. One of

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-21 Thread Ryan Sleevi

On Thu, May 21, 2020 at 10:51 AM Russ Housley wrote: > > > On May 21, 2020, at 10:12 AM, Ryan Sleevi wrote: > > > On Wed, May 20, 2020 at 6:40 PM Russ Housley wrote: > >> MINOR >> >> Section 1 also says: >> >>Because the above problems do not relate to the CA's inherent >>function of va

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-21 Thread Russ Housley

> On May 21, 2020, at 10:12 AM, Ryan Sleevi wrote: > > > On Wed, May 20, 2020 at 6:40 PM Russ Housley > wrote: > MINOR > > Section 1 also says: > >Because the above problems do not relate to the CA's inherent >function of validating possession of names,

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-21 Thread Salz, Rich

* While I have no objection to the DelegationUsage extension, I wonder is an extended key usage would provide the same confidence in the certificate. FWIW, a new extendedKeyUsage value would be easier to add into OpenSSL, and I’m looking at adding this there (sic). _

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-21 Thread Ryan Sleevi

On Wed, May 20, 2020 at 6:40 PM Russ Housley wrote: > MINOR > > Section 1 also says: > >Because the above problems do not relate to the CA's inherent >function of validating possession of names, > > The CA is responsible for confirming that the public key in the > certificate corresp

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

2020-05-20 Thread Russ Housley

> This is the Working Group Last Call for "Delegated Credentials for TLS" > available at https://datatracker.ietf.org/doc/draft-ietf-tls-subcerts/ > . Please review > the document and respond to the list with any comments by June 2, 202

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

Re: [TLS] Working group last call for draft-ietf-tls-subcerts-07

13 matches

Site Navigation

Mail list logo

Footer information