[Acme] Revocation: why not cert serial number?
Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 26 July 2015 05:36 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AFDF1A1AF6 for <acme@ietfa.amsl.com>; Sat, 25 Jul 2015 22:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3B5GdO2epi58 for <acme@ietfa.amsl.com>; Sat, 25 Jul 2015 22:36:11 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 097A41A1B28 for <acme@ietf.org>; Sat, 25 Jul 2015 22:36:11 -0700 (PDT)
Received: by wibxm9 with SMTP id xm9so77267367wib.1 for <acme@ietf.org>; Sat, 25 Jul 2015 22:36:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=iH1BVlgfiuwxrcXL9cbv9zGCgsDElXMZK1rE0BbMvPQ=; b=KnBePYgMvfaKKrxmWEYhlgrMekdyqczEuEAnuokO6R323d9pPEhejiV765wyKXFIcX YknyiRQsUgZXfFeHxPilDB2UIkoU6n4VnAiA6YYjhksJstIIub1o4A6joAX9wRCyNxXn 9M5X+gdSp9AK+fq7QkpChZ+J3DJqLzfwYW+kTwi2tLA8bqeaimwc/30Cv3Yp8wvB0+mg N6dw3OW7CecRjaXeQhLSAPCRkMC3NBLxqnHG5I2cMiq4XsI/76iUohVEyUv4ekZF4zCO /anrkiC85GfE3skI2qm3EiTwkWPxQKxIe2t38fJYc5Jx0f9gMuqbR7+jjnnYGkvJ4WU3 QxBQ==
X-Received: by 10.180.101.233 with SMTP id fj9mr11479893wib.45.1437888969793; Sat, 25 Jul 2015 22:36:09 -0700 (PDT)
Received: from [10.0.0.8] (bzq-79-176-38-211.red.bezeqint.net. [79.176.38.211]) by smtp.googlemail.com with ESMTPSA id q4sm20844302wja.24.2015.07.25.22.36.07 for <acme@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 25 Jul 2015 22:36:08 -0700 (PDT)
Message-ID: <55B471C6.3080307@gmail.com>
Date: Sun, 26 Jul 2015 08:36:06 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: acme@ietf.org
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/JyVBw_yZGKbHxYhu119hzAE8Cqc>
Subject: [Acme] Revocation: why not cert serial number?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jul 2015 05:36:12 -0000
(Resending, sorry about the HTML mail)
The title says it all. People have been using serial numbers for ages to
identify the cert (and yes, we all know the problems with revocation).
Why not keep it like that?
Thanks,
Yaron
- [Acme] Revocation: why not cert serial number? Yaron Sheffer
- [Acme] Revocation: why not cert serial number? Yaron Sheffer