IETF Logo Mail Archive

Re: [100attendees] Side Meeting on considerations on using short-term certificates.

Yoav Nir <ynir.ietf@gmail.com> Tue, 14 November 2017 02:56 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: 100attendees@ietfa.amsl.com
Delivered-To: 100attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3B0B1274A5 for <100attendees@ietfa.amsl.com>; Mon, 13 Nov 2017 18:56:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kO2zfkitXNKy for <100attendees@ietfa.amsl.com>; Mon, 13 Nov 2017 18:55:59 -0800 (PST)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEF59127076 for <100attendees@ietf.org>; Mon, 13 Nov 2017 18:55:59 -0800 (PST)
Received: by mail-pf0-x234.google.com with SMTP id j28so11011723pfk.8 for <100attendees@ietf.org>; Mon, 13 Nov 2017 18:55:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=cxJs30h7IF85qm7/ZY5oh2e71ZkiEzLa1Vl/VHgPCL4=; b=SpVdKXedkchuDM9n6eiiMd16+WFxVcsN6pudD2/QGbYNFSJ+m4anVXCqDez1urHFce 5nBeIxuIwRH06FzZh1PEPBS5E6TWKnntOhidW+shSUZm5lRKr0DTcBQsOXdS84IaJ74x ODyM82ZEdRXwK2oJ6a5ANvBz4/fbcH5c3rq4Y8RyP0Uoc3k1WWgzodSJykzWzjmvsDYJ eqkOVXKgGL8/9f4y1Og1UOppb+AyK3Tq76vmH7VpZIhKnoqKjy2XusitfQqfrZznRmFP sDW67Fy/k1pllvxNWxvVyBOxodwul5HUJ4zTxynWiyxZnfOJBh+Plsib2TSaBZYZfN5s OMkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=cxJs30h7IF85qm7/ZY5oh2e71ZkiEzLa1Vl/VHgPCL4=; b=U+jp0UBUUtHLO/RsYuWDs3/7pDk/JqTOdT5Mm6StqysDBeNg5aQ9KmqgD/GmC6l44P 7KQ4oDt+D7DzBspD7ckHYk03jcpZmaggrvyikRKygLdDKsF2e6z6g3/I8407BmslpTUs oNyq4hLdwjT85Wr4Fn2XsSWHVJfWQkvnuRUU50WK8gl1HKwvWsajd0fKw+fXJxuq5Y27 2m5QttCpym6rsoNI8yxIMhmDZ2igoy12+6xvMHLbPcTf/6ESHtn++u5aS/mDhidFnL+R A5P6EnKqROVl8xLltzfbq2Lxs24abunFINtKBjS0Qs1PQMxuRZlev4kwoPaAmCvGDd0Q LOLQ==
X-Gm-Message-State: AJaThX5dceWVI5y/4iA+B9pzJXvE2zohRqyhrNN2ckz1M3DJLxh+kavU WdJtaKQG3xF5fTvo7U3aYVE=
X-Google-Smtp-Source: AGs4zMZZQI7YPF6bkdFMOg9HTKLkmMlyjn58C7+Pll2wsqCqkTaGiizpEfhrZlzCTUiPHAYNHZRnUw==
X-Received: by 10.101.65.11 with SMTP id w11mr10812503pgp.207.1510628159420; Mon, 13 Nov 2017 18:55:59 -0800 (PST)
Received: from ?IPv6:2001:67c:370:128:ac00:6e53:e446:745? ([2001:67c:370:128:ac00:6e53:e446:745]) by smtp.gmail.com with ESMTPSA id 3sm34890599pfo.17.2017.11.13.18.55.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Nov 2017 18:55:58 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <420C6588-FF11-46E2-8D61-68316012AAB8@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_E162EEEF-70AA-49E8-BD0A-9EDC734FD32B"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Date: Tue, 14 Nov 2017 10:56:13 +0800
In-Reply-To: <CAMb9nTsFiBmbMKL+_JqL3JAzZPi78jVEejxAu6jd-nYU1ArwQg@mail.gmail.com>
Cc: 100attendees@ietf.org
To: Ori Finkelman <orif@qwilt.com>
References: <7AEE0333-EF1B-49CF-A9D6-88D0A491C541@gmail.com> <CAMb9nTsFiBmbMKL+_JqL3JAzZPi78jVEejxAu6jd-nYU1ArwQg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.4.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/100attendees/fxdLTI42qjku9pf1f3YfV2V63rY>
Subject: Re: [100attendees] Side Meeting on considerations on using short-term certificates.
X-BeenThere: 100attendees@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Mailing list of IETF 100 attendees that have opted in on this list." <100attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/100attendees>, <mailto:100attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/100attendees/>
List-Post: <mailto:100attendees@ietf.org>
List-Help: <mailto:100attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/100attendees>, <mailto:100attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 02:56:02 -0000

Thanks.  My co-authors are also the authors of the ACME STAR draft that is somewhat about the delegation case.

> On 14 Nov 2017, at 10:29, Ori Finkelman <orif@qwilt.com> wrote:
> 
> Hi Yoav,
> Unfortunately it collides with CDNI session.
> It would be good to consider to the work done in CDNI and specifically https://tools.ietf.org/html/draft-fieau-cdni-https-delegation-02#section-5 <https://tools.ietf.org/html/draft-fieau-cdni-https-delegation-02#section-5> where the use of STAR is considered.
> Also, a specific use case would be the delegation of traffic from a commercial CDN to an ISP CDN, in which case the domain and certs still belong to the content provider.
> So there may be a short term certs relationship between the content provider and their CDN and then to the ISP.
> 
> Ori
> 
> 
> On Mon, Nov 13, 2017 at 10:45 AM, Yoav Nir <ynir.ietf@gmail.com <mailto:ynir.ietf@gmail.com>> wrote:
> Hi, all
> 
> In recent years there’s been growing interest in short-term automatically-renewed (STAR) certificates.  The idea is to renew certificates often and forego revocation checking.
> 
> ACME has a draft for such certificate, and STIR has a candidate among others.
> 
> STAR certificates have somewhat different operational and security properties compared to regular PKI.  I’ve tried to document some of them in a draft:
> https://tools.ietf.org/html/draft-nir-saag-star-00 <https://tools.ietf.org/html/draft-nir-saag-star-00>
> This draft is in a very initial state, and I’m looking for input about this.
> 
> I’ve reserved the Hullet room on Thursday at 18:00.  Anyone who’s interested is invited.
> 
> Hope to see you there
> 
> Yoav
> 
> _______________________________________________
> 100attendees mailing list
> 100attendees@ietf.org <mailto:100attendees@ietf.org>
> https://www.ietf.org/mailman/listinfo/100attendees <https://www.ietf.org/mailman/listinfo/100attendees>
> 
> 
> 
> --
> Ori Finkelman
> Qwilt | Work: +972-72-2221647 | Mobile: +972-52-3832189 | orif@qwilt.com <mailto:orif@qwilt.com>

v2.8.7 | Report a Bug | By Email