Re: [Acme] draft-ietf-acme-star

Thomas Fossati <Thomas.Fossati@arm.com> Fri, 13 September 2019 17:28 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 091C3120118 for <acme@ietfa.amsl.com>; Fri, 13 Sep 2019 10:28:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Lt6p4pCW; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=FEgJaHdE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LeaC3qQFPdpI for <acme@ietfa.amsl.com>; Fri, 13 Sep 2019 10:28:44 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60060.outbound.protection.outlook.com [40.107.6.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 194F71200F9 for <acme@ietf.org>; Fri, 13 Sep 2019 10:28:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XroX8P+6EAMqPpy65Mx8XQgqi991u6iOFJxnIbuLo9o=; b=Lt6p4pCW3eB6VIXMWMz6rKEc20bjtfr+9sRXuziEp2Myoh/1EuzjqVdUFnZ8LK9i9bgTqATQqdYPTEbada5ioFOPcMl7JwtYYO2m7rnD3Opj5UNp7MVdTNqy1BD1PbQA55xpElTF+RUPEQpxWaj7QABMFd56K4vY05ev/o/4MQM=
Received: from VI1PR08CA0102.eurprd08.prod.outlook.com (2603:10a6:800:d3::28) by HE1PR0802MB2459.eurprd08.prod.outlook.com (2603:10a6:3:e1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.14; Fri, 13 Sep 2019 17:28:39 +0000
Received: from VE1EUR03FT034.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::202) by VI1PR08CA0102.outlook.office365.com (2603:10a6:800:d3::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15 via Frontend Transport; Fri, 13 Sep 2019 17:28:38 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=none action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT034.mail.protection.outlook.com (10.152.18.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.14 via Frontend Transport; Fri, 13 Sep 2019 17:28:37 +0000
Received: ("Tessian outbound d5a1f2820a4f:v31"); Fri, 13 Sep 2019 17:28:33 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 75d29bb1b818a498
X-CR-MTA-TID: 64aa7808
Received: from c340ec3f8c32.2 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.0.55]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 1C61A70D-E118-44E8-ACD4-35D08DCA5D05.1; Fri, 13 Sep 2019 17:28:28 +0000
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp2055.outbound.protection.outlook.com [104.47.0.55]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c340ec3f8c32.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 13 Sep 2019 17:28:28 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O51ZyC5XS1OV9WFGag4BIw483Nrd/N1nuQutwDaJcN5SZq+ke47oReITMaeGK4aY0GNwsJfihE/4WG/BLpd/9ogA/YFUbw7TvJTxc7XC2bAc8/vMg8oFA5H3XSLj5TutPvMpaloBFkV3kmuSMcECcnVZKW2HlWyVL/jeozZOiFJfGa0KtusA3IMgrqJDt7HRegZgZNsNDnHLTwsX8mbl78JXtG3UkpA1wqaUZas6P9M7/Wb/LN9MnmRcBE8pLJVcOIy4fIU0l/4tbpCLCdKyM55iIpfpwNxQY2v336EofX+PZfOlH7Xe0Vxox11UeEjUVuVEHqR3IOKub/9xsWUjhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IlwomtNyvZvxAM+zeGxvB4fYY6OH3JiUP4xNp25n7eE=; b=MtZNggy1DbDKErgZinm9tatrmxeCLhh6gSj5+n0FJpBme/1bGGatbPGjLPMcuXjqi9M/iELWWT+kprV+TeOMIIIvOnLEBYS2/3BQjY8JYPjiGkTcY1p/C+44O02GfCdtWL7s1hEcND/FZTRPkuP75Xb7WRGs/P8Xalut3dbvohCprczgRtjIN8WceNVRBvEVow933v/f2N23ru8/NjUpOhzqTOHtT1ZM+hnmOaKUnHnRWBlq1FNZFpvZWlA88fbW8R9xsIEX1CuTwnGxOwrhjRyrw8umAi14gk0L1ACC25ogYTZ7o/Qvn2gJ3/tbrRafTB00SzpxEZvP/vr+iOG2UA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IlwomtNyvZvxAM+zeGxvB4fYY6OH3JiUP4xNp25n7eE=; b=FEgJaHdEaCh52qXq6XVl4fQdxNE1pqavc9sdhXkoAkv0AVvFxPv1HsvhxP9LorCjLFiOcjWddNvelzo+qDdt3avaoFaA0+8JOXaoFIjjGWTWnLRHMIjw+GC4yFLpBt3IvJy8++7VJXibgM9jtB48FRm4oYAWJW9DMOm72W4Rmns=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB3447.eurprd08.prod.outlook.com (20.177.113.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.17; Fri, 13 Sep 2019 17:28:26 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::6020:78b2:b6a8:24a2]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::6020:78b2:b6a8:24a2%5]) with mapi id 15.20.2263.021; Fri, 13 Sep 2019 17:28:26 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: "Salz, Rich" <rsalz@akamai.com>, Richard Barnes <rlb@ipv.sx>, IETF ACME <acme@ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Acme] draft-ietf-acme-star
Thread-Index: AQHVXbBEG0DHphQ3ZkGWV02/jAyxnacjIuWAgADhwYCAAAP2AIACwzCA///7bACAAu9QgIAAUCaA
Date: Fri, 13 Sep 2019 17:28:25 +0000
Message-ID: <C20D19D1-64EB-44C6-A2A2-E66FBDFB5D43@arm.com>
References: <CAL02cgST77G9uR23x4Hf0L8_hqi6zSuJqB=dbunGYcDPEDpbDg@mail.gmail.com> <94D1B74E-8AD8-4623-8DFB-E9C132BBB940@arm.com> <CAL02cgTM+dTJ6enzpnb=dSCzbDMR+3Xadp4r4a3xuzzhxPgJag@mail.gmail.com> <1D779B7D-3661-49B6-BC75-A41B69F3768F@akamai.com> <81C03A03-8189-4BB6-A4B1-131B25831ED7@arm.com> <CAErg=HHmwF+=NjSBqsKRw28P5rLV1vY+oZKY9WNGcQLN7ujCYA@mail.gmail.com> <09E9471E-1E91-49C0-A6A6-2CEFD7B1793E@arm.com>
In-Reply-To: <09E9471E-1E91-49C0-A6A6-2CEFD7B1793E@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1d.0.190908
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [217.140.106.55]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: acd0121c-a369-45a7-1c5a-08d7386fcfb6
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM6PR08MB3447;
X-MS-TrafficTypeDiagnostic: AM6PR08MB3447:|AM6PR08MB3447:|HE1PR0802MB2459:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <HE1PR0802MB2459D553556201D152F0126B9CB30@HE1PR0802MB2459.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:3826;OLM:3826;
x-forefront-prvs: 0159AC2B97
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(376002)(39860400002)(346002)(396003)(136003)(366004)(189003)(199004)(6916009)(64756008)(66476007)(66946007)(66446008)(66556008)(186003)(76176011)(53936002)(508600001)(102836004)(26005)(3846002)(6116002)(7736002)(14454004)(54906003)(58126008)(2906002)(6246003)(91956017)(76116006)(71190400001)(66066001)(316002)(305945005)(4744005)(6436002)(6486002)(256004)(33656002)(71200400001)(86362001)(36756003)(4326008)(446003)(11346002)(476003)(486006)(8936002)(25786009)(6506007)(53546011)(2616005)(5660300002)(6512007)(99286004)(8676002)(81156014)(81166006)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB3447; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: AEbM+ib40MjWs5mjsBo2rKdGB5RMbyEzkIYsZdqopdfyjbtfzqtNlnYX6pZzEbL+/8Hm24qFQ6wGBY9V+4AVquPxFL+xCtn6UN17S7Z4LR70meYwr+9z2SUjJfXh6tX3LHKKiJPgsjqqkrJ/AI/FRrNq2i+8NkkXZ1Mnup7TvTVbAI8qksUmuoGgj/7pfrygx/9q7aB3Z22mE4S5ztSG9DJC0WG0jKJ7h/HrXqN8Us7Q9QXVMTZGhxXMTs0OOKpwxtvHTiBlv1Oe4RfSbJZ75r8cpqHbq/9NklavFqW7pd9aCYnVN3ygAyeeR5wkIPXcYHeXhyrLSWfmyKdnvJoLzFEIHqunGbREyoG5fXQqEUFZuI15qkD815uft4m8Dkb7Q26jDj0Ey2RfGwOfmuPs6K6zg6R/hj2ihfssmxu2nl4=
Content-Type: text/plain; charset="utf-8"
Content-ID: <7D63E0D16405DE4A8E6541F349E3153C@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3447
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT034.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(136003)(396003)(376002)(40434004)(189003)(199004)(70206006)(446003)(54906003)(76130400001)(11346002)(2616005)(70586007)(476003)(47776003)(25786009)(126002)(229853002)(36906005)(50466002)(4326008)(66066001)(336012)(14454004)(316002)(486006)(6506007)(53546011)(7736002)(305945005)(63350400001)(436003)(58126008)(8676002)(2906002)(4744005)(6116002)(356004)(186003)(14444005)(5024004)(26826003)(5660300002)(6486002)(6512007)(3846002)(2486003)(23676004)(22756006)(508600001)(102836004)(36756003)(26005)(81156014)(81166006)(6246003)(76176011)(99286004)(86362001)(6862004)(33656002)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0802MB2459; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; MX:1; A:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 76ebd809-92e3-4de0-8fa4-08d7386fc907
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(710020)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:HE1PR0802MB2459;
X-Forefront-PRVS: 0159AC2B97
X-Microsoft-Antispam-Message-Info: 3oGTrkWo9935St6ZWvfwNwv9LtugYSjtlM1ddXQ7tzWYQuI8ST5dScGGZK31Z1nN0nt5CjsxVokZwG7xouR6G7ZWxz5LTXxHGs07mxbxe17iFwuIoRSLjM5OKCxIAEyk8U/9cUXKuQSKze/6RRp0tYClaxZQWBD8B4lDJTYEEkRwJuW33qvL9LbiMUhwFcXopx81SVIxSg70nXI2gBZ+wFBWwXXzUw9Cix8r1c4xowF/ypy0yjYnQJhQKZEnOTAmjDm4nGt1kXeWBQmi6xsHhr5aZ0uQG7iTHfNCTBHx251zbfpV8+H3M6L/1MyNKngs2WvX7R5a/iwqk8OsRhvqdlDyQbmIexT7n72J/O52zl6QRzEzH69rJFCNOJ95eRtUlNBtbEP3hkrCiTDi7NQJsPEG3jt8tdo/DiAkpJHl1tE=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2019 17:28:37.2497 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: acd0121c-a369-45a7-1c5a-08d7386fcfb6
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2459
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/5wU1IOx90gYcuOY2YCJs7tFWvio>
Subject: Re: [Acme] draft-ietf-acme-star
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 17:28:47 -0000

On 13/09/2019, 13:41, "Thomas Fossati" <Thomas.Fossati@arm.com> wrote:
> It seems to me that this might still be possible modulo
> recurrent-certificate-adjust (rcp) being upper bounded by
> recurrent-cert-validity (rcv), i.e., slightly changing the calculations
> in 3.5 like this:
>
>      notBefore = nrd[i] - predating
>      notAfter  = min(nrd[i] + rcv, red)
>
>      predating = max(predating_S, predating_C)
>      predating_S = f * rcv (.5 <= f < 1)
>      predating_C = max(rcp, rcv)
                     ^^^
typo:                min

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.