IETF Logo Mail Archive

Re: [Acme] I-D Action: draft-ietf-acme-star-08.txt

Thomas Fossati <Thomas.Fossati@arm.com> Thu, 29 August 2019 07:37 UTC

Return-Path: <Thomas.Fossati@arm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB96712081F for <acme@ietfa.amsl.com>; Thu, 29 Aug 2019 00:37:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=Js9HedaU; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=armh.onmicrosoft.com header.b=lE8j3S7N
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id siKYHRn0yln5 for <acme@ietfa.amsl.com>; Thu, 29 Aug 2019 00:37:13 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02on0612.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe06::612]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C93CD120821 for <acme@ietf.org>; Thu, 29 Aug 2019 00:37:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bFCUQ8hMa+PZ1GEkO/Pe+4y3pKDcXK29YWP9TFjysA0=; b=Js9HedaUpRF3YlP4wV8CcWJo2v5eXaTcVDES3lbqoVpbwGPylhS6HtrLrVJe70WagYqejH3Cv2iYKEGQMeHKNuxr+Ncubsttd1MLDwFpbzVnXqDmCn3W33T62pIGsSGLhcrkPGZMZi6wvYE5bZ30hs6ILR9TyGCtoyQR34dC80c=
Received: from AM6PR08CA0038.eurprd08.prod.outlook.com (2603:10a6:20b:c0::26) by DB6PR0802MB2599.eurprd08.prod.outlook.com (2603:10a6:4:a2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.21; Thu, 29 Aug 2019 07:37:08 +0000
Received: from DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::207) by AM6PR08CA0038.outlook.office365.com (2603:10a6:20b:c0::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2199.15 via Frontend Transport; Thu, 29 Aug 2019 07:37:08 +0000
Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=temperror action=none header.from=arm.com;
Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout)
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT010.mail.protection.outlook.com (10.152.20.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.16 via Frontend Transport; Thu, 29 Aug 2019 07:37:07 +0000
Received: ("Tessian outbound eec90fc31dfb:v27"); Thu, 29 Aug 2019 07:37:04 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 721938294d3549f0
X-CR-MTA-TID: 64aa7808
Received: from 780472efec7a.2 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.6.59]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id A73D7080-5D92-41FE-8E2F-23ECCEF9ECCA.1; Thu, 29 Aug 2019 07:36:59 +0000
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02lp2059.outbound.protection.outlook.com [104.47.6.59]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 780472efec7a.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 29 Aug 2019 07:36:59 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HHXm/D/0LyI0nZ1RnAPIBdygftGlu2CLuEbmgcniRE+0wHFzOIsDjH+j0DjCsNSiRZyKquxvzKS4lddVeYXegy/w0hXOnFTc9CvvDM59jhVHREG7nxOElMMjBYAP0VFmGK16UgJBPvHPJj0RhTGZHImzQZiIKciQZgSTJgWVgoVZur4UJD1UQABWZHw0Hf5COqimNlu0WW5dADnQB/DeYywpTovIeMEd4xXdPhKdV8XPd5sc3uCam9YLSI9nC9EU7m4hidwz73LdUooDYva3FM59+7EbRr0NjaSjjYe9tctBZHsWROkquZ50UspaiqsCG24IXpuXOYEcMDy/FiPSzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k7+zwMqfmV5CNMmKcSiPH6+oqoK0SWGZnmYHRcYkVQE=; b=eWTBNsDIiXPaUoSGngbQGT2YC/Ck4cCHmVWDpl3BfA+ZFbJvkU1f0nCiUFWgrD9mdNHCgldY6gmWpRyPBj5QR1qdKZRh4GOTF9ZQLwohSxzCq3kpfPhA2eN7ISN82bFH7WKnvxigl+PlgUxS7EayetvA7kGLA8KXCMkn0modE7Pqcyn8hS6WfnHIvuBzAw6MSB7CXA2YHEG6E5EyPrrqm7I4D6OKO+wjpn3CiL7yEd4T8Dbv+tBslb03VftL5Nv9jBAtpI9FPIeLoo0l7Jo3buGs7pkXLcNA9fOrzIB/Lp077V6oF0H2DIZlSc9xNT9iw4L4H5mpI41CWjZW7WkwrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k7+zwMqfmV5CNMmKcSiPH6+oqoK0SWGZnmYHRcYkVQE=; b=lE8j3S7N1oLYZoOV3Q2X+hLesL1k9A8pcNZFbK4iD9p9MwLJ+3SaqU7oMyxjPCmg6LVmdjo28F2kdKCo94UsAUoPsrAuSfMoUmfGOizGEHq9pQJd8vghfzD5pTDKYs3XzeLLMmsmkyUEktiXSvqRhN1hdWhNbTmzmhCkFVXTGX8=
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com (20.179.18.151) by AM6PR08MB4738.eurprd08.prod.outlook.com (10.255.99.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2220.18; Thu, 29 Aug 2019 07:36:58 +0000
Received: from AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::6020:78b2:b6a8:24a2]) by AM6PR08MB4231.eurprd08.prod.outlook.com ([fe80::6020:78b2:b6a8:24a2%5]) with mapi id 15.20.2220.013; Thu, 29 Aug 2019 07:36:57 +0000
From: Thomas Fossati <Thomas.Fossati@arm.com>
To: Mehmet Ersue <mersue@gmail.com>, "acme@ietf.org" <acme@ietf.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>
Thread-Topic: [Acme] I-D Action: draft-ietf-acme-star-08.txt
Thread-Index: AQHVXjF9XDRx55RSNUGLbKwBNizF56cRzXKA
Date: Thu, 29 Aug 2019 07:36:57 +0000
Message-ID: <53C18761-B33A-410B-8306-05B57E912E02@arm.com>
References: <156705946209.1189.13363149676059700846@ietfa.amsl.com>
In-Reply-To: <156705946209.1189.13363149676059700846@ietfa.amsl.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1c.0.190812
Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
x-originating-ip: [82.11.185.80]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: b66f53d8-a146-45ec-ea51-08d72c53b1c1
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam-Untrusted: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:AM6PR08MB4738;
X-MS-TrafficTypeDiagnostic: AM6PR08MB4738:|AM6PR08MB4738:|DB6PR0802MB2599:
X-MS-Exchange-PUrlCount: 6
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <DB6PR0802MB25997EE32097F83A0C235D509CA20@DB6PR0802MB2599.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508;
x-forefront-prvs: 0144B30E41
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10009020)(4636009)(376002)(366004)(39860400002)(396003)(346002)(136003)(189003)(199004)(478600001)(8676002)(53546011)(6506007)(6486002)(2906002)(26005)(76176011)(2616005)(11346002)(446003)(14444005)(58126008)(6246003)(53936002)(99286004)(102836004)(305945005)(25786009)(7736002)(316002)(6116002)(256004)(3846002)(229853002)(4326008)(186003)(14454004)(36756003)(8936002)(66556008)(66946007)(76116006)(91956017)(66476007)(2501003)(966005)(66446008)(64756008)(6306002)(71190400001)(71200400001)(6512007)(6436002)(5660300002)(110136005)(476003)(486006)(66066001)(86362001)(81166006)(66574012)(33656002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR08MB4738; H:AM6PR08MB4231.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info-Original: a9LjlvBNC8CkhYtrAlSLnAGgFFcOsmD4QoShqw5gIWUOL2Am5MNpJfEUcYFc37D06SNmQLQj5XS0WODILwkXG5KUHMJlUmdUD4XO9bIGtm4qkom+V9ggeVivvSIIl2rSe8L15RMp72Xau/VLmHrgbljhGvmCL4qDIHRVehs4VIpi3ZauopGvrI2klz3Yc/C6+afiYv6ebfGXaEuY91M+HT7ash6MT38O5EnwDpjRLvuEbZAXNxT2WeOdwkIhCk2V0hjyR3VsFvH9vu2ljgSP+hx8ZS74fXzMD6NDDXmbKBv0ottA1hXRlLF3pCkL1Q0+7euiZ9I4n7dkfHtskHVigE2tqYPrcLgrBL2BVmZlM8VN1TUVICoye1NQtj+CRSQ9CtCCWEUaGx54nygU707N/pc7UMb/6CCgewQW90LkieM=
Content-Type: text/plain; charset="utf-8"
Content-ID: <402AF9DDC8F3CB4D9B9D156E6AD0A34F@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4738
Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Fossati@arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT010.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; IPV:CAL; SCL:-1; CTRY:IE; EFV:NLI; SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(136003)(346002)(396003)(2980300002)(40434004)(199004)(189003)(356004)(8936002)(6246003)(81156014)(81166006)(25786009)(14454004)(4326008)(102836004)(186003)(6116002)(26826003)(14444005)(26005)(86362001)(5024004)(2486003)(966005)(8676002)(7736002)(36756003)(99286004)(478600001)(110136005)(58126008)(76176011)(6506007)(316002)(23676004)(229853002)(336012)(63370400001)(2501003)(50466002)(6512007)(6306002)(33656002)(305945005)(63350400001)(436003)(446003)(486006)(11346002)(126002)(476003)(2616005)(2906002)(66574012)(70206006)(47776003)(76130400001)(22756006)(70586007)(6486002)(3846002)(66066001)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0802MB2599; H:64aa7808-outbound-1.mta.getcheckrecipient.com; FPR:; SPF:TempError; LANG:en; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; A:1; MX:1;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 4b2721a8-e7ca-428d-b3e7-08d72c53ac3d
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(710020)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB6PR0802MB2599;
X-Forefront-PRVS: 0144B30E41
X-Microsoft-Antispam-Message-Info: EoIg/PeWW+5MJYK4Hm8zCFsWlHq7f5JJfoNthoRzBrCPiQoRIhKrlSW3TCK+hRyydFgCXaQD44eCWtP0o6b4gl3n+ehCaFxKQftM13x27gjNO6lXyMnKEyF/V/fvuYj/F+PKr3wm9KBOS0+SSCBm1RcoM0N2H7rAzm8WsjdoRyo2px/LvgYQ/d6P9tfCAp4erXiAW/a85gUDB6kQGjIhmt1MV2gHmeetQVK1u7WYxXD0lS1g6f8k9ZnjH/XTjMlX0loJa8vXd8SYdPQR1V1AKG8isBmsdWxPhjJxcdQ4uF5gKWMxKVPKDmrBIZ341aLlNlTOErNBseJwNfJRz9YojC6qOCScRZeOhlDh9TrmVI3N6KGqrLv/zp3BAjrOzmUskKMXdQaOlJEx2phpRqK4Lgcsjy80ZITYWwzG54bz6as=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Aug 2019 07:37:07.1847 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b66f53d8-a146-45ec-ea51-08d72c53b1c1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2599
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/gRe7n9j9btmtYkSNNZmnWkuKitw>
Subject: Re: [Acme] I-D Action: draft-ietf-acme-star-08.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2019 07:37:27 -0000

Hi Mehmet, all,

This version addresses point #1 of Mehmet's Opsdir review [1], related
to the impact of STAR on CT.  With regards to point #2, Roman indicated
that Section V of [Topalovic] and text in Section 7.1 should
sufficiently cover the issue.

Cheers, thanks!

[1] https://datatracker.ietf.org/doc/review-ietf-acme-star-06-opsdir-lc-ersue-2019-07-21/

On 29/08/2019, 07:17, "Acme on behalf of internet-drafts@ietf.org" <acme-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Automated Certificate Management Environment WG of the IETF.
>
>         Title           : Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME)
>         Authors         : Yaron Sheffer
>                           Diego Lopez
>                           Oscar Gonzalez de Dios
>                           Antonio Agustin Pastor Perales
>                           Thomas Fossati
>       Filename        : draft-ietf-acme-star-08.txt
>       Pages           : 26
>       Date            : 2019-08-28
>
> Abstract:
>    Public-key certificates need to be revoked when they are compromised,
>    that is, when the associated private key is exposed to an
>    unauthorized entity.  However the revocation process is often
>    unreliable.  An alternative to revocation is issuing a sequence of
>    certificates, each with a short validity period, and terminating this
>    sequence upon compromise.  This memo proposes an ACME extension to
>    enable the issuance of short-term and automatically renewed (STAR)
>    X.509 certificates.
>
>    [RFC Editor: please remove before publication]
>
>    While the draft is being developed, the editor's version can be found
>    at https://github.com/yaronf/I-D/tree/master/STAR.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-acme-star/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-acme-star-08
> https://datatracker.ietf.org/doc/html/draft-ietf-acme-star-08
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-star-08
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email