+1 for adoption @Russ there's some discussion about comparison with proxy certs in the current draft.
Subodh ________________________________ From: TLS <[email protected]> on behalf of Russ Housley <[email protected]> Sent: Wednesday, April 12, 2017 2:37:28 PM To: IETF TLS; IETF LURK Subject: Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner <[email protected]<mailto:[email protected]>> wrote: All, At our IETF 98 session, there was support in the room to adopt draft-rescorla-tls-subcerts [0]. We need to confirm this support on the list so please let the list know whether you support adoption of the draft and are willing to review/comment on the draft before 20170429. If you object to its adoption, please let us know why. Clearly, the WG is going to need to work through the trade-offs between short-lived certificates and sub-certs because both seem, to some, to be addressing the same problem. Cheers, J&S [0] https://datatracker.ietf.org/doc/html/draft-rescorla-tls-subcerts<https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_html_draft-2Drescorla-2Dtls-2Dsubcerts&d=DwMCAg&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=osJAxjy_1uCu6fnGyX7xCq81BrisoC5B5ydK5vt3LCQ&s=GjhbUQ8zTz6yOY8b4PbBzUBVpAIbzU9Gi-fqPLvnPUc&e=> I want to see a solution to this problem, but I think we should look at RFC 3820, X.509 Proxy Certificate Profile. I know that this was implemented, but I do not know if it is still in use. Russ
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
