8.1.1. DET Resource Record -- DET TYPE

[rgmhtt]

Per discussions with the C509 team, I hold this needs to be a numeric value and needs to be in a DRIP registry defined in the IANA section of this doc. DRIP -DKI will reference this library as will DRIP-A2X use of C509. The proposed Type values are:

2 - Authentication CA DET 1 - Issuer CA DET 0 - EE DET

this needs to be expanded in new 8.1.1.1 (pushing current to .2) and in IANA Considerations.

[kc2rxo]

Is this effectively the TYPE field of the DET RR just used in another place?

---

73, Adam T. Wiethuechter Software Engineer; AX Enterprize, LLC

---

From: Bob @.> Sent: Friday, October 20, 2023 8:44 AM To: ietf-wg-drip/draft-ietf-drip-registries @.> Cc: Subscribed @.***> Subject: [ietf-wg-drip/draft-ietf-drip-registries] 8.1.1. DET Resource Record -- DET TYPE (Issue #41)

Per discussions with the C509 team, I hold this needs to be a numeric value and needs to be in a DRIP registry defined in the IANA section of this doc. DRIP -DKI will reference this library as will DRIP-A2X use of C509. The proposed Type values are:

2 - Authentication CA DET 1 - Issuer CA DET 0 - EE DET

this needs to be expanded in new 8.1.1.1 (pushing current to .2) and in IANA Considerations.

— Reply to this email directly, view it on GitHubhttps://github.com/ietf-wg-drip/draft-ietf-drip-registries/issues/41, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABMXGUWBZCZV6DFTXUI7TK3YAJW4HAVCNFSM6AAAAAA6I7H3ZOVHI2DSMVQWIX3LMV43ASLTON2WKOZRHE2TIMRRGU3TGMA. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[rgmhtt]

The TYPE field is IN the DET RR because we discussed what I had worked out in drip-dki that we HAVE to be clear what is the usage of the DET.

Thus it is defined in drip-registries and impacts the RR and IANA considerations.

Then in drip-dki I show the Endorsements and such and the x.509 and c509 certs using them.

It is what I am doing with c509 that pushed TYPE to be numeric, not alpha.

In X.509 there is no DN sub-object of type byte-stiring for use in subjectName. You CAN use ipAddress, type byte-string, in altSubjectName, but that does not help, so it was not mattering when I was working out the X.509 content.

But in c509, we are not limited to X.509 OIDs, IF the value content is all numeric, encode it byte-string! and save on transmission size. So that is what we are doing and why I am want TYPE to be numeric.

All that said, yes. registries defines TYPE for inclusion in the DET RR. This is used elsewhere. But not really so much, as it relates to the DIME's DET.

[kc2rxo]

That makes sense, I just wanted to be sure we were talking about the same field.

I agree it should be numeric and these are fine allocations to start with.

---

73, Adam T. Wiethuechter Software Engineer; AX Enterprize, LLC

---

From: Bob @.> Sent: Saturday, October 21, 2023 9:50 PM To: ietf-wg-drip/draft-ietf-drip-registries @.> Cc: Adam Wiethuechter @.>; Comment @.> Subject: Re: [ietf-wg-drip/draft-ietf-drip-registries] 8.1.1. DET Resource Record -- DET TYPE (Issue #41)

The TYPE field is IN the DET RR because we discussed what I had worked out in drip-dki that we HAVE to be clear what is the usage of the DET.

Thus it is defined in drip-registries and impacts the RR and IANA considerations.

Then in drip-dki I show the Endorsements and such and the x.509 and c509 certs using them.

It is what I am doing with c509 that pushed TYPE to be numeric, not alpha.

In X.509 there is no DN sub-object of type byte-stiring for use in subjectName. You CAN use ipAddress, type byte-string, in altSubjectName, but that does not help, so it was not mattering when I was working out the X.509 content.

But in c509, we are not limited to X.509 OIDs, IF the value content is all numeric, encode it byte-string! and save on transmission size. So that is what we are doing and why I am want TYPE to be numeric.

All that said, yes. registries defines TYPE for inclusion in the DET RR. This is used elsewhere. But not really so much, as it relates to the DIME's DET.

— Reply to this email directly, view it on GitHubhttps://github.com/ietf-wg-drip/draft-ietf-drip-registries/issues/41#issuecomment-1773968545, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABMXGUS56HKPA3UOMPIDDRTYAR3U5AVCNFSM6AAAAAA6I7H3ZOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZTHE3DQNJUGU. You are receiving this because you commented.Message ID: @.***>

[kc2rxo]

Bob,

Looking at the latest DKI (-09) I see three DET types defined: Authorization, Issuing and Operational.

I assume that EE maps to Operational here, but is there an expansion for EE to be used in the document? I planned to pull in description of them from DKI Section 1 if they are direct mappings.

[kc2rxo]

I have made a number of changes in commit e3ffd6728ce859435971c42cd925bcc0f2f03149 around the DET RR and our current thinking along with starting the IANA registries around the Type and Status fields.