0 *H÷ 010 `He0 *H÷ $ Content-Type: multipart/alternative; boundary="----=_NextPart_000_0429_01DB47E8.31F8B810" This is a multipart message in MIME format. ------=_NextPart_000_0429_01DB47E8.31F8B810 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Thanks Tom.. From: Tom Jones <thomasclinganjones@gmail.com> Sent: Friday, December 6, 2024 2:02 PM To: Salvatore D'Agostino <sal@idmachines.com> Cc: wg-ancr@kantarainitiative.org; pemc kantara <wg-pemc@kantarainitiative.org>; wg-riup <wg-riup@kantarainitiative.org>; dg-deepfakesidv@kantarainitiative.org Subject: Re: [WG-PEMC] FW: Certificate usage I have been trying to enabled MTLS (that's what it's traditionally been called) for at least 25 years. It's harder than it looks primarily because the user won't tolerate it Perhaps with an AI user agent it will work. That's where I am putting my effort today. thx ..Tom (mobile) On Fri, Dec 6, 2024, 10:51â¯AM Salvatore D'Agostino <sal@idmachines.com <mailto:sal@idmachines.com> > wrote: Yes, interesting, passing along. Thanks Dan. Building on TLS 1.3 for client/server makes a lot of sense. Here is the technical article referenced in the blog post. 1063.pdf <https://eprint.iacr.org/2023/1063.pdf> The record layer effectively uses a receipt. From: Daniel Schleifer <dan@idmachines.com <mailto:dan@idmachines.com> > Sent: Friday, December 6, 2024 1:00 PM To: Salvatore D'Agostino <sal@idmachines.com <mailto:sal@idmachines.com> > Subject: Certificate usage Hi Sal, I saw this article and thought it was interesting. https://brave.com/blog/distefano/ _______________________________________________ A Community Group mailing list of KantaraInitiative.org Wg-pemc mailing list -- wg-pemc@kantarainitiative.org <mailto:wg-pemc@kantarainitiative.org> To unsubscribe send an email to staff@kantarainitiative.org <mailto:staff@kantarainitiative.org> List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/wg-pemc@kantarainitiat... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/Wg-pemc ------=_NextPart_000_0429_01DB47E8.31F8B810 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" = xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta = http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta = name=3DGenerator content=3D"Microsoft Word 15 (filtered = medium)"><style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:"Yu Gothic"; panose-1:2 11 4 0 0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:Aptos;} @font-face {font-family:"\@Yu Gothic"; panose-1:2 11 4 0 0 0 0 0 0 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:12.0pt; font-family:"Aptos",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} span.EmailStyle18 {mso-style-type:personal-reply; font-family:"Aptos",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></head><body lang=3DEN-US link=3Dblue = vlink=3Dpurple style=3D'word-wrap:break-word'><div = class=3DWordSection1><p class=3DMsoNormal><span = style=3D'font-size:11.0pt'>Thanks Tom..<o:p></o:p></span></p><p = class=3DMsoNormal><span = style=3D'font-size:11.0pt'><o:p> </o:p></span></p><div = style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in = 0in 0in'><p class=3DMsoNormal><b><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span><= /b><span style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'> = Tom Jones <thomasclinganjones@gmail.com> <br><b>Sent:</b> Friday, = December 6, 2024 2:02 PM<br><b>To:</b> Salvatore D'Agostino = <sal@idmachines.com><br><b>Cc:</b> wg-ancr@kantarainitiative.org; = pemc kantara <wg-pemc@kantarainitiative.org>; wg-riup = <wg-riup@kantarainitiative.org>; = dg-deepfakesidv@kantarainitiative.org<br><b>Subject:</b> Re: [WG-PEMC] = FW: Certificate usage<o:p></o:p></span></p></div><p = class=3DMsoNormal><o:p> </o:p></p><div><div><p class=3DMsoNormal>I = have been trying to enabled MTLS (that's what it's traditionally been = called) for at least 25 years. It's harder than it looks primarily = because the user won't tolerate it Perhaps with an AI user agent = it will work. That's where I am putting my effort = today.<o:p></o:p></p></div><div><p = class=3DMsoNormal><o:p> </o:p></p></div><div><p = class=3DMsoNormal>thx ..Tom (mobile)<o:p></o:p></p></div></div><p = class=3DMsoNormal><o:p> </o:p></p><div><div><p class=3DMsoNormal>On = Fri, Dec 6, 2024, 10:51<span = style=3D'font-family:"Arial",sans-serif'>=E2=80=AF</span>AM Salvatore = D'Agostino <<a = href=3D"mailto:sal@idmachines.com">sal@idmachines.com</a>> = wrote:<o:p></o:p></p></div><blockquote = style=3D'border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in = 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'>Yes, interesting, passing along. Thanks = Dan.</span><o:p></o:p></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p><p = class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'>Building on TLS 1.3 for client/server makes a = lot of sense.</span><o:p></o:p></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:aJuto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p><p = class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'>Here is the technical article referenced in = the blog post.</span><o:p></o:p></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p><p = class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'><a = href=3D"https://eprint.iacr.org/2023/1063.pdf" = target=3D"_blank">1063.pdf</a></span><o:p></o:p></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p><p = class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'>The record layer effectively uses a = receipt.</span><o:p></o:p></p><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span = style=3D'font-size:11.0pt'> </span><o:p></o:p></p><div><div = style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in = 0in 0in'><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span = style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span><= /b><span style=3D'font-size:11.0pt;font-family:"Calibri",sans-serif'> = Daniel Schleifer <<a href=3D"mailto:dan@idmachines.com" = target=3D"_blank">dan@idmachines.com</a>> <br><b>Sent:</b> Friday, = December 6, 2024 1:00 PM<br><b>To:</b> Salvatore D'Agostino <<a = href=3D"mailto:sal@idmachines.com" = target=3D"_blank">sal@idmachines.com</a>><br><b>Subject:</b> = Certificate usage</span><o:p></o:p></p></div></div><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p><= /o:p></p><div><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p><= /o:p></p></div><div><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi = Sal,<o:p></o:p></p></div><div><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I saw this = article and thought it was interesting.<o:p></o:p></p></div><div><p = class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a = href=3D"https://brave.com/blog/distefano/" = target=3D"_blank">https://brave.com/blog/distefano/</a> <o:p></o:p><= /p></div><div><p class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p><= /o:p></p></div><div><div = id=3D"m_9030748115635805817ms-outlook-mobile-signature"><div><p = class=3DMsoNormal = style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p><= /o:p></p></div></div></div></div></div><p class=3DMsoNormal = style=3D'margin-bottom:12.0pt'>__________________________________________= _____<br>A Community Group mailing list of = KantaraInitiative.org<br>Wg-pemc mailing list -- <a = href=3D"mailto:wg-pemc@kantarainitiative.org" = target=3D"_blank">wg-pemc@kantarainitiative.org</a><br>To unsubscribe = send an email to <a href=3D"mailto:staff@kantarainitiative.org" = target=3D"_blank">staff@kantarainitiative.org</a><br>List archives = -- <a = href=3D"https://mailman.kantarainitiative.org/hyperkitty/list/wg-pemc@kan= tarainitiative.org/" = target=3D"_blank">https://mailman.kantarainitiative.org/hyperkitty/list/w= g-pemc@kantarainitiative.org/</a><br>______<br>Group wiki -- <a = href=3D"https://kantara.atlassian.net/wiki/spaces/Wg-pemc" = target=3D"_blank">https://kantara.atlassian.net/wiki/spaces/Wg-pemc</a><o= :p></o:p></p></blockquote></div></div></body></html> ------=_NextPart_000_0429_01DB47E8.31F8B810-- ü0`0H BE#ÈDµ0 *H÷ 0J10 UUS10U IdenTrust1'0%UIdenTrust Commercial Root CA 10 140116181223Z 340116181223Z0J10 UUS10U IdenTrust1'0%UIdenTrust Commercial Root CA 10"0 *H÷ 0 §PÞ?=Ô3FñoQa²©Og]ÙSÝ(Ù×ðÿ®Crùµ]|ÁBá1PtÑ |Í!«Câ¬^nó Z2œ¢ëùè\ ìÿÒ¯q³ŽSNìO20K^WÄSÂöÙb+¿$bßÞ)KIx<`"üÚ6È¢Ô,Tg5ns¿Xð€Ýå°¢&zÊà6¥õý·ï®?@õmZýÎ4Ê$Üt#]3]Ä%ö0Ý]àÕGœŽë¡»IIØ[óä$äbOOÁ¯tšÑrjzIÌŽFyƱÚYúu! eÝVÎû«¥`ÄùR°œù+# #v;÷3áÉóiùK¢àNŒ~9÷Dp~þZ屬ÑÌò5åIIÊVÉ=û};ÁÂMÉO7é¡jßb.Ë5Qy,È%8ôúK§\Òã 9Jt|ÕYÂ?N\Rô=÷Rñ꣬ýI4(óA:îèÞÿ_ºËèò¹P`À1ÓsåïŸ í3tŸ ÄglðzUFN§ô>áöØ á3d+c×2^ùÀ{xoŒùxz×rtUtx±ºánpºO ºhÃ{ÿ1ðs==*±A þMeky3Ž×£B0@0Uÿ0Uÿ0ÿ0UíDÀÓðî€{ŸBç&TÈ6v0 *H÷ ®2öŠK|Dva'(Í^Tï%Œãù)×®háXï..~SR¶\êºP×ßa æÎÁò7x°_³¢sž8Í>°žûÀϱòì--Ì쪳ª`-;Ã=WužÓ0Í`ÓTñMfÀ]t@£î ~ÂwèÁ§]RíÉÝ%mú©í£:4ÐY{ÚíPó5¿íëM1Ç`ôÚñâHâÆÅ7ûúuYf1G)Úvé®ï¹Q÷#ib<åU6×Tÿñ¹]ÎÔ#oØEJ[eïݧ Ë¥%Ž ùð¢ÒôÈt¡*HeÛÄâ%}ëŸ[ TQJSì]Ê3íbýEÇ/[ÜX 9æú×þŠí=JBtÔÃwYsÍFŸU8ïúè2êX"Þ8ÃÌŒmÉ3:j i? Èêrc#œm<àILª¢¹*6xíÃèFâ&YDuÙuQÍa`Ë]ù"Mæãö[»®ÍÊJk^óQát+é~'§ÙINø¥Û%cbÉ3gk<ÆÞšÍð7qò«üAõÁì7] åNïú±\8¥JáÜ8-<Ü«ÕJîÑplÌîôWøºn00 @žáê<zÌ>BO0 *H÷ 0:10 UUS10U IdenTrust10UTrustID CA A140 240425192606Z 260426192506Z0M1!0 *H÷ sal@idmachines.com1(0&UA01410C0000018F16B8E1DC00130CBB0"0 *H÷ 0 êPV_FŒÞÇYÞ»1w@ ÿÈÈr/n䜻uoBŠZ@^üÈ »wýVá!ó}gk°
:¥4:ütÅe"°³Xɺ&XºðpÓ²>ºEÍ?z ¬b^5á¯ôRiÓïVOgLaèÕ².úrÑF~ÃöÕ?ô5,ËÅú2¯áâœú"EÆšŽ5õ4Åk~C P*ÒfnTnhÄÈ*£}ÞIºÝ€VÛÄTÞÄEh\8ºº ù]BÊÑÈQ i1¢/vNþŠÆk'5²;6ÿËènë®0 |=£0 0Uÿ00Uÿ 0+x0v00+0$http://commercial.ocsp.identrust.com0B+06http://validation.identrust.com/certs/trustidcaa14.p7c0U#0ÂÔD qÏHVŸh8\§·÷EŒ0#U 00 g0 `Hù/0EU>0<0: 8 64http://validation.identrust.com/crl/trustidcaa14.crl0U0sal@idmachines.com0U6(Óqï/ØD@Ø;lmXæSE~0U%0 +0 *H÷ °`ó0Äùê2`'3V-ŠÔý.ÛvéñNF$~L/2A2õþèC(á£Ãüûdï\×î ;!)GùÓ¬NÍÏÐÖ®êòrš¥%]TaË#ÑQ÷²Ö/ªÆÛä$]IÙNØCÓ*Yµ°ôHàî+Ȋ壪aóòœyJl[RU*wœZºé%¹v9N6¬N}íà³so4=µ#Ü)}MÅQWãQüÊoHÖþÿ©ðMoÊÌ^ªê,®j³± Li;I)¡Øâ&È:÷€ôÿÕç<fëñA±°ßÙm°x~š-Çu<Îý>>U±5íkªmÀÇÏë|Ô`îMEa³©)&sGriûi=Ñïfhµîuø$Ðqà 6ÅÆ<A<šÄÞAr7À¢dŒÀ£0ŠbZÍ»ÄÏž.î£ú§Bì)! Ûª¬Éã#jÕäbßúätâV\1èÑÄN ÓÝÝ ^ÐGÜ]šb¹ÜÞFûn}Ácô2ŽÅ]OÝ 1ö)ÉË ."La\W!!ìRj[Ø@ðÒ{ìKÆ+ÜZ3Ù%¯Áf{"ÀË7WF¯\¬1vyÓŽÄ0ô0Ü @ÿÒiÚwÂéÕMM0 *H÷ 0J10 UUS10U IdenTrust1'0%UIdenTrust Commercial Root CA 10 230816192846Z 330812192845Z0:10 UUS10U IdenTrust10UTrustID CA A140"0 *H÷ 0 è©õŒ±éäÙËíX€ËF`eð¬ûÃA`kX»0DÙ9bÜrÁ ñRñÕ׫²3È÷6u/!²Öa§? Œ§8lxn×î%ûf¬<²Ñ»X$=-Ÿà§ÆÍ£EðiùëžÅFÖ{ePH»òÒßqEK tG%£¹yP2`A6ìL[Nä\ÍÒ§»Ó À[:«CQR ãL|70ídj¢Et«¹}Ì u÷@ òxb× Æ°K=°1dªØØWÐ.ïvkª r Xý(bšFr|qG Ôñ³ÿ£|\3òÚtÈ:ÒXTߌô Bp`¡Â`@±[xoÄR^.W°ö@ÁÃé7¯Ì;Œ=Us¯Ø$YÂîníºË*tÅùÛò\ oþåê'Y. xp,¬\¿åù!³I.EÛË7ßÔh[P:4£ÿ]|×2`vZXtZ+cÒŒ~ÚÖP!!4Ó3aózG]wËí=.DÜ"X¯jë]êq?å§â!»aææVBJFQCj)(ñ" êÀÈ"©&?žR§gßû--Ùùt=µK7w¬eÀ#×k%ã3Ö)ŠÁåwsšxh:ÂÝ 8Ÿmí&Û5®i"\OŽEÝ£ä0à0Uÿ0ÿ0Uÿ0+}0{00+0$http://commercial.ocsp.identrust.com0G+0;http://validation.identrust.com/roots/commercialrootca1.p7c0U#0íDÀÓðî€{ŸBç&TÈ6v0_U X0V0TU 0L0J+>https://secure.identrust.com/certificates/policy/ts/index.html0JUC0A0? = ;9http://validation.identrust.com/crl/commercialrootca1.crl0UÂÔD qÏHVŸh8\§·÷EŒ0AU%:08++ +7 +7 +7 0 *H÷ ò][i]ãR®hÝE#+ 9q7%,Lya`VRÐÛ|ìAs«ÊœkYPÄÜdw S_ÇS¡Šá°èö(1Ü@ žæŒ&tš-B9̧åÚTt³Ý¿xQ¿0_¬óã°lÏ>Çc@±]NDì[£]ùb9"fkj¬ØçÀɬŻµû]5O®šªJ}ø@/Sä":MÄ ¥ÜIpÎ-'- WÌ»/MNΟaŒ@,µtí ¿ÛøÎxÒ]ªK'Eh2»ëô¬EØÍìÁjìñK³Ô g£JGÌüž«b]aÕ6ì·»m>Ë¡Ér"HA)ãÔ®r"Dë$\4Áìwš"0ØëQ%DœÐgëZÏ]\×¹IŽ¶l#@0â èÜ;£_àº,÷íèjA=UéOÆ0üôÈÖAg!Y6 ô*s!YTÉŒ¿é©J^íxàÝN}ý+Š°L%Rmü?â/[ìs$ßÃÿeZ((ôjdÓ±x*EB;2SšDåêìÄXyÈÍÏ3ké/ÒysáÎZªf²žÍ~º£±}EÐ*)K]b8NU¢f1<080N0:10 UUS10U IdenTrust10UTrustID CA A14@žáê<zÌ>BO0 `He ¿0 *H÷ 1 *H÷ 0 *H÷ 1 241206190733Z0/ *H÷ 1" ¿SÑcNùðmJ¹WaŠÌéóš0] +71P0N0:10 UUS10U IdenTrust10UTrustID CA A14@žáê<zÌ>BO0_*H÷ 1P N0:10 UUS10U IdenTrust10UTrustID CA A14@žáê<zÌ>BO0 *H÷ 1 00 `He*0 `He0 *H÷ 0 `He0*H÷ 0 *H÷ @0 `He0 `He0 `He0+0 *H÷ [$Š`X `êkå¹3ʀߜIŒñåú¥#³yÌù$& ¿:~Âv)óžËà÷]×øëôuÊá÷`JÁhª{ :.IÑÜøÿª20W±¡øKEåo§ÔØHçêì3þÑË,ìè ÌX$p¢<ËšÂRs'J¹sOœG%C2 & ìÃú>ù!Œ]È¢¹=ýÆMµ)PùþŒjšEÔ€slý0«áµÄ ©@ëUcÄðé dŒºû4 ͬW03)W"'±#5sͲÍï€wøw}Ž+áï!w}é¢Uµe