Re: [dane] draft-ietf-dane-smime

Jakob Schlyter <> Thu, 16 October 2014 15:18 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id AD3C71A1BF3 for <>; Thu, 16 Oct 2014 08:18:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.361
X-Spam-Status: No, score=-1.361 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OHso_8NI_clU for <>; Thu, 16 Oct 2014 08:18:03 -0700 (PDT)
Received: from ( [IPv6:2001:67c:394:15::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5F8511A1BF2 for <>; Thu, 16 Oct 2014 08:18:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=spg20100524; h=received:content-type:mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer; bh=ZwRLvn9IzDVg1fOOlLcODSr/PtF8REwXtWf+dPTF5ZA=; b=nTgBGi65jgNCW8BPG2M+Ah6decVr1qZxcuzhGUx8JArb4l1TMw89y+oJymvzw+465pPHtI9qinua2 j33STfjJ+qKB/qmUtCvODqJovlZDz3pp0Zyz8/TRG0e+T0X6gHBqZyD3rmfP+g+OOvpBfug54buRUC O068z7pRFN/zJ9kc=
Received: from (unknown []) by (Halon Mail Gateway) with ESMTPS; Thu, 16 Oct 2014 17:17:51 +0200 (CEST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jakob Schlyter <>
In-Reply-To: <>
Date: Thu, 16 Oct 2014 17:17:49 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Ólafur Guðmundsson <>
X-Mailer: Apple Mail (2.1878.6)
Cc:, "<>" <>
Subject: Re: [dane] draft-ietf-dane-smime
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 16 Oct 2014 15:18:07 -0000

On 16 okt 2014, at 16:58, Olafur Gudmundsson <> wrote:

> If  X@Y sends S/MIME signed message to  DANE WG on January 20’th 2016. 
> X@Y leaves Y on Feb 15’th 2016. 
> Is there any value in being able to validate the signature when a document editor gets around to read the message March 15 2016 while updating the document referenced in the email to meet the ID deadline for IETF-95  ? 

You basically want to know if certificate C was valid at time T. A CRL might tell you when a certificate was revoked, whereas OCSP does not. Neither of the proposals discussed in this group so far would help you with that either.

Paul and I advocate that SMIMEA will only tell you if a given certificate is valid in real time (or in the proximity of). Others say an explicit revoked flag would be useful.

I believe your question is interesting, but I suspect it is out of scope for this group. If a given certificate is not valid, you can always go back to a CRL (if one exists) and find out when it was revoked.