Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-22 Thread Fossati, Thomas (Nokia - GB/Cambridge, UK)
I've read draft-rescorla-tls-subcerts-01 and have a few comments. It's a well written document and the low-level mechanics look ok. However, I think I have a couple of issues with the overall design. First: it is not self-sufficient. The fact that clients must opt-in implies that servers must

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-19 Thread Daniel Migault
Hi, I am in favor of adoption of the draft. This is an important issue we need to address. Yours, Daniel On Wed, Apr 12, 2017 at 3:31 PM, Sean Turner wrote: > All, > > At our IETF 98 session, there was support in the room to adopt > draft-rescorla-tls-subcerts [0]. We need to

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-14 Thread Peter Gutmann
Russ Housley writes: >I want to see a solution to this problem, but I think we should look at RFC >3820, X.509 Proxy Certificate Profile.  I know that this was implemented, but >I do not know if it is still in use. It's fairly heavily used in grid computing.  It would

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-13 Thread Russ Housley
Subodh: > > @Russ there's some discussion about comparison with proxy certs in the > current draft. > Yes, I saw the list of bullets in Section 5. I think that a TLS-specific delegation is a good idea, but I do not agree with all of the points into bullets. That said, we should not be

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-12 Thread Subodh Iyengar
S; IETF LURK Subject: Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner <s...@sn3rd.com<mailto:s...@sn3rd.com>> wrote: All, At our IETF 98 session, there was support in the room to adopt draft-rescorla-tls-subcerts

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-12 Thread Russ Housley
On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner > wrote: All, At our IETF 98 session, there was support in the room to adopt draft-rescorla-tls-subcerts [0]. We need to confirm this support on the list so please let the list know whether you support

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-12 Thread Melinda Shore
On 4/12/17 11:31 AM, Sean Turner wrote: > At our IETF 98 session, there was support in the room to adopt > draft-rescorla-tls-subcerts [0]. We need to confirm this support on > the list so please let the list know whether you support adoption of > the draft and are willing to review/comment on

Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts

2017-04-12 Thread Eric Rescorla
Unsurprisingly, I favor adopting this draft. -Ekr On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner wrote: > All, > > At our IETF 98 session, there was support in the room to adopt > draft-rescorla-tls-subcerts [0]. We need to confirm this support on the > list so please let the