Re: [Acme] ACME or EST?
Tony Arcieri <bascule@gmail.com> Wed, 26 November 2014 00:08 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44BDE1A89A7 for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 16:08:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ncM4Xt5z8kZa for <acme@ietfa.amsl.com>; Tue, 25 Nov 2014 16:08:43 -0800 (PST)
Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BAFA1A89A9 for <acme@ietf.org>; Tue, 25 Nov 2014 16:08:42 -0800 (PST)
Received: by mail-oi0-f46.google.com with SMTP id h136so1248421oig.5 for <acme@ietf.org>; Tue, 25 Nov 2014 16:08:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=8iJI2znuTruoNLUVN4v/vU3xCNkIZvxayBwdvS1cKMs=; b=ZytVAtbimHCyTXhnlPgmoqWtHl4f3A1VwdEMBuZuvLwnfCnYF7YXfsW4NJbtQog4fb Kvmtb+wj+wYh9XR71uc/uYjd6cGgyMOkv7X4Z2iarWXldFC+kN7wr+nNDN9GxQGMJdR3 I1mr09tgzCD9+E7GCYM/Gz/HA0dTfF69GFzM6bsc7KmSqmHb/CksH95BrrEb0S7aMmch GpcesRPFmfLgP0YVpEuojecmZXVWEiGoF5YMcaVPo+zXhSbEvSaPy9fSQIxODxd+3XU0 C9BewNpyvXpmgCycwpjaEbaHki+eWX8NzxU3S5xhFsNr6CuyT0vzPrMUpBLmKIVn9s9q hvEw==
X-Received: by 10.60.118.170 with SMTP id kn10mr17456927oeb.47.1416960521610; Tue, 25 Nov 2014 16:08:41 -0800 (PST)
MIME-Version: 1.0
Received: by 10.60.115.40 with HTTP; Tue, 25 Nov 2014 16:08:21 -0800 (PST)
In-Reply-To: <4DF92BBD-82A3-4155-A23C-44C9EF851035@vpnc.org>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <F5761985-AD8C-4CA3-9E55-D1AC33BB55E6@vpnc.org> <CAHOTMVKtbasxAMo4qrx+HkJ14+z0vyAGOJMnFvdEhyMH=nLkCQ@mail.gmail.com> <4DF92BBD-82A3-4155-A23C-44C9EF851035@vpnc.org>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 25 Nov 2014 16:08:21 -0800
Message-ID: <CAHOTMVLJFQsKUVaZueeqx4NRtzM+a4asU14YnQPC+2LHQCtcEQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="047d7b471eae8d2b5c0508b7d4f5"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/mSD_luB3nlq_qP3CoBmqYwfoYI0
Cc: Richard Barnes <rlb@ipv.sx>, acme@ietf.org
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 00:08:48 -0000
On Tue, Nov 25, 2014 at 4:03 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > There you go. :-) Folks who have fought with ASN.1 longer than JOSE find > CMS's "handful of problems" already solved More generally, there were two severe vulnerabilities discovered this year related to ASN.1: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/meyer http://www.intelsecurity.com/resources/wp-berserk-analysis-part-1.pdf ASN.1 is *not* "LANGSEC-friendly". JOSE comes a lot closer. For that reason alone, ASN.1 is inferior. -- Tony Arcieri
- [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Paul Hoffman
- Re: [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Michael Jenkins
- Re: [Acme] ACME or EST? Stephen Farrell
- [Acme] first order requirement - suitable as an o… Stephen Farrell
- Re: [Acme] ACME or EST? Salz, Rich
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] ACME or EST? Joe Hildebrand (jhildebr)
- Re: [Acme] ACME or EST? Stephen Farrell
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Viktor Dukhovni
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] ACME or EST? Tony Arcieri
- Re: [Acme] ACME or EST? Phillip Hallam-Baker
- Re: [Acme] ACME or EST? Christian Huitema
- [Acme] kinds of proof (was: Re: ACME or EST?) Stephen Farrell
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Phillip Hallam-Baker
- Re: [Acme] kinds of proof Stephen Farrell
- Re: [Acme] kinds of proof Salz, Rich
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Eric Rescorla
- Re: [Acme] ACME or EST? Eliot Lear
- Re: [Acme] kinds of proof (was: Re: ACME or EST?) Viktor Dukhovni
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Nico Williams
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Nico Williams
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] ACME or EST? Richard Barnes
- Re: [Acme] ACME or EST? Randy Bush
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Tony Arcieri
- Re: [Acme] kinds of proof Eric Mill
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Christian Huitema
- Re: [Acme] kinds of proof Viktor Dukhovni
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Peter Bowen
- Re: [Acme] kinds of proof Paul Hoffman
- Re: [Acme] kinds of proof Phillip Hallam-Baker
- Re: [Acme] kinds of proof Trevor Freeman
- Re: [Acme] kinds of proof Randy Bush
- Re: [Acme] kinds of proof Martin Thomson