IETF Logo Mail Archive

Re: [Acme] Supporting off-line (manual) validation

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 28 July 2015 19:37 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF3281ACD1D for <acme@ietfa.amsl.com>; Tue, 28 Jul 2015 12:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5h3e2jldLW5 for <acme@ietfa.amsl.com>; Tue, 28 Jul 2015 12:37:58 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B07F11B2E60 for <acme@ietf.org>; Tue, 28 Jul 2015 12:37:57 -0700 (PDT)
Received: by wibud3 with SMTP id ud3so193996269wib.1 for <acme@ietf.org>; Tue, 28 Jul 2015 12:37:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=jwOLHCr7H6iU+EqfkqxpWFpfa9HK/8MK85xf5ftuZrA=; b=0DRGehxOLCvYXErLEDZSgkWYOHjG3i3vZXrTd+0XHKjCjwuwIEWH7v9cctIMfW/MDe 2IbXrNd0PNP4JRI1FefSnEh7cECBN/asC4ON8tASgdm0BZOOPESsJZ5z46G7AuJ335v2 oWqcc7UNsweFw+d+/Ja8RzqnUGgF+fvVuuCHE/2IEVBPe3hlYR2b6AKM0yaMooM4bcVE GQG+xDyO+mTFzppOzXhhGpN8KfBldJi+XzAgu8Qjb+VaKKJdGDBw3FzrKZrVgXB+kE4W dkPnVFY3bEjeGybfsvPMn5Ih8PGNJHhsNWEHDLpUFsJS4MPHyZ2u6eI9TxcE025SL6Kc fQpQ==
X-Received: by 10.180.19.36 with SMTP id b4mr36339408wie.33.1438112276442; Tue, 28 Jul 2015 12:37:56 -0700 (PDT)
Received: from [10.0.0.8] (bzq-109-66-100-105.red.bezeqint.net. [109.66.100.105]) by smtp.googlemail.com with ESMTPSA id be9sm34751255wjb.26.2015.07.28.12.37.54 for <acme@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jul 2015 12:37:55 -0700 (PDT)
Message-ID: <55B7DA0A.1020806@gmail.com>
Date: Tue, 28 Jul 2015 22:37:46 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: acme@ietf.org
References: <mailman.5108.1438102538.3631.acme@ietf.org>
In-Reply-To: <mailman.5108.1438102538.3631.acme@ietf.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/M3ZwGun3V8unx9hbWnPYLbnwRco>
Subject: Re: [Acme] Supporting off-line (manual) validation
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2015 19:37:59 -0000

Many clients will want to fail if the CA decides to "go offline". I 
think logic that keeps state on the CA is too complex. Better to allow 
the client to say "if offline validation is needed, please fail the 
whole transaction".

Thanks,
	Yaron

v2.23.0 | Report a Bug | By Email