Protocol Action: 'Updates to Lightweight OCSP Profile for High Volume Environments' to Proposed Standard (draft-ietf-lamps-rfc5019bis-12.txt)

The IESG <iesg-secretary@ietf.org> Fri, 13 September 2024 18:57 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietf.org
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from [10.244.2.118] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id A7D54C151079; Fri, 13 Sep 2024 11:57:56 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'Updates to Lightweight OCSP Profile for High Volume Environments' to Proposed Standard (draft-ietf-lamps-rfc5019bis-12.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 12.23.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <172625387617.3473599.1564859291302401124@dt-datatracker-68b7b78cf9-q8rsp>
Date: Fri, 13 Sep 2024 11:57:56 -0700
Message-ID-Hash: YBQB3C4RTWW3DT6XDYOTEQJK6LYBJTMB
X-Message-ID-Hash: YBQB3C4RTWW3DT6XDYOTEQJK6LYBJTMB
X-MailFrom: iesg-secretary@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ietf-announce.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-lamps-rfc5019bis@ietf.org, lamps-chairs@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org, spasm@ietf.org
X-Mailman-Version: 3.3.9rc4
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-announce/uzEUmWKY_WglQGKCblHyqnzdcG4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-announce>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Owner: <mailto:ietf-announce-owner@ietf.org>
List-Post: <mailto:ietf-announce@ietf.org>
List-Subscribe: <mailto:ietf-announce-join@ietf.org>
List-Unsubscribe: <mailto:ietf-announce-leave@ietf.org>

The IESG has approved the following document:
- 'Updates to Lightweight OCSP Profile for High Volume Environments'
  (draft-ietf-lamps-rfc5019bis-12.txt) as Proposed Standard

This document is the product of the Limited Additional Mechanisms for PKIX
and SMIME Working Group.

The IESG contact persons are Paul Wouters, Deb Cooley and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5019bis/




Technical Summary

   This specification defines a profile of the Online Certificate Status
   Protocol (OCSP) that addresses the scalability issues inherent when
   using OCSP in large scale (high volume) Public Key Infrastructure
   (PKI) environments and/or in PKI environments that require a
   lightweight solution to minimize communication bandwidth and client-
   side processing.

   This specification obsoletes RFC 5019.  The profile specified in RFC
   5019 has been updated to allow and recommend the use of SHA-256 over
   SHA-1.

Working Group Summary

   There is broad support in the LAMPS WG for this document.  WG Last Call
   included many implementers, and all of the issues that were raise were
   resolved quickly.

   One notable concern was raised during WG Last Call that should be highlighted.  This document includes:

~~~
    OCSP responders SHOULD NOT distribute OCSP responses that contain
    CertIDs that use SHA-1 if the OCSP responder has no clients that
    require the use of SHA-1.
~~~

   It is recognized that there is no obvious point in time when this will be
   true.  However, no one could offer a better criteria for stopping support
   for SHA-1, which everyone wants to do.

Document Quality

   OCSP is widely deployed.

Personnel

   The Document Shepherd for this document is Russ Housley. The Responsible
   Area Director is Roman Danyliw.