Re: [Acme] Supporting off-line (manual) validation

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 28 July 2015 19:37 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF3281ACD1D for <acme@ietfa.amsl.com>; Tue, 28 Jul 2015 12:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X5h3e2jldLW5 for <acme@ietfa.amsl.com>; Tue, 28 Jul 2015 12:37:58 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B07F11B2E60 for <acme@ietf.org>; Tue, 28 Jul 2015 12:37:57 -0700 (PDT)
Received: by wibud3 with SMTP id ud3so193996269wib.1 for <acme@ietf.org>; Tue, 28 Jul 2015 12:37:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=jwOLHCr7H6iU+EqfkqxpWFpfa9HK/8MK85xf5ftuZrA=; b=0DRGehxOLCvYXErLEDZSgkWYOHjG3i3vZXrTd+0XHKjCjwuwIEWH7v9cctIMfW/MDe 2IbXrNd0PNP4JRI1FefSnEh7cECBN/asC4ON8tASgdm0BZOOPESsJZ5z46G7AuJ335v2 oWqcc7UNsweFw+d+/Ja8RzqnUGgF+fvVuuCHE/2IEVBPe3hlYR2b6AKM0yaMooM4bcVE GQG+xDyO+mTFzppOzXhhGpN8KfBldJi+XzAgu8Qjb+VaKKJdGDBw3FzrKZrVgXB+kE4W dkPnVFY3bEjeGybfsvPMn5Ih8PGNJHhsNWEHDLpUFsJS4MPHyZ2u6eI9TxcE025SL6Kc fQpQ==
X-Received: by 10.180.19.36 with SMTP id b4mr36339408wie.33.1438112276442; Tue, 28 Jul 2015 12:37:56 -0700 (PDT)
Received: from [10.0.0.8] (bzq-109-66-100-105.red.bezeqint.net. [109.66.100.105]) by smtp.googlemail.com with ESMTPSA id be9sm34751255wjb.26.2015.07.28.12.37.54 for <acme@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jul 2015 12:37:55 -0700 (PDT)
Message-ID: <55B7DA0A.1020806@gmail.com>
Date: Tue, 28 Jul 2015 22:37:46 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: acme@ietf.org
References: <mailman.5108.1438102538.3631.acme@ietf.org>
In-Reply-To: <mailman.5108.1438102538.3631.acme@ietf.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/M3ZwGun3V8unx9hbWnPYLbnwRco>
Subject: Re: [Acme] Supporting off-line (manual) validation
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2015 19:37:59 -0000

Many clients will want to fail if the CA decides to "go offline". I 
think logic that keeps state on the CA is too complex. Better to allow 
the client to say "if offline validation is needed, please fail the 
whole transaction".

Thanks,
	Yaron