RE: RFC 7169 on The NSA (No Secrecy Afforded) Certificate Extension

"Leaf Yeh" <leaf.yeh.sdo@gmail.com> Wed, 02 April 2014 10:11 UTC

Return-Path: <leaf.yeh.sdo@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8CED1A0196 for <ietf@ietfa.amsl.com>; Wed, 2 Apr 2014 03:11:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kl4gNRnuLYqT for <ietf@ietfa.amsl.com>; Wed, 2 Apr 2014 03:11:06 -0700 (PDT)
Received: from mail-pd0-x22d.google.com (mail-pd0-x22d.google.com [IPv6:2607:f8b0:400e:c02::22d]) by ietfa.amsl.com (Postfix) with ESMTP id D43B01A019C for <ietf@ietf.org>; Wed, 2 Apr 2014 03:10:58 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id z10so10959758pdj.32 for <ietf@ietf.org>; Wed, 02 Apr 2014 03:10:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-type:content-transfer-encoding:thread-index :content-language; bh=eQt/b9BxmlGq6DP1+uht/Pd64nHNGj8yp0c/YoJxkUo=; b=zRnVctb/0v8m9Rmyoo/2BIPPQuXDdEl73AGKOWITUTsbTGugvr9a0hj/Pp27hPDlXh b8wCfg7mHpIdD1ix3sbS1ott0Dl8u3uHSp/qRb5J5vCmi9WOP/fMGlohCaiy+SyB6Hqt lGFdf5P45VkeLmPZN1ZYY6GtpNPpK+2P8RG7GJDHS5ZTqOkDD9iMnrbAc+7TDb1ULFfx onaFswTC/69EcrxzWu1lcn8JNCOzCBWnSY9ToH7Hr3/c0Fr3jwXbatkKYI6QcOZIiFW2 FSDfHE/Wtd9PV5ICjXE5HwScWKKcC9JR3VRqYg8oxQGviEAqHFBiSNG0cCPifoCt5ruY AlGQ==
X-Received: by 10.68.113.5 with SMTP id iu5mr24672823pbb.60.1396433455177; Wed, 02 Apr 2014 03:10:55 -0700 (PDT)
Received: from PC ([218.241.103.217]) by mx.google.com with ESMTPSA id oa3sm3414912pbb.15.2014.04.02.03.10.52 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 02 Apr 2014 03:10:54 -0700 (PDT)
From: "Leaf Yeh" <leaf.yeh.sdo@gmail.com>
To: "'Randy Bush'" <randy@psg.com>, "'IETF Disgust'" <ietf@ietf.org>
References: <20140401220128.3CD897FC3A9@rfc-editor.org> <m2a9c437i6.wl%randy@psg.com>
In-Reply-To: <m2a9c437i6.wl%randy@psg.com>
Subject: RE: RFC 7169 on The NSA (No Secrecy Afforded) Certificate Extension
Date: Wed, 2 Apr 2014 18:10:50 +0800
Message-ID: <533be22e.0382440a.2187.ffff90e5@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac9OCab4hBAEhIa9ThqxpEjMWONZOgAC6/oQ
Content-Language: zh-cn
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/6tYX7vBpydA40CoRDiLJeI2Y3Fk
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2014 10:11:11 -0000

This extension is needed on Apr. 1st. 

Leaf


-----Original Message-----
From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Randy Bush
Sent: Wednesday, April 02, 2014 8:22 AM
To: IETF Disgust
Subject: Re: RFC 7169 on The NSA (No Secrecy Afforded) Certificate Extension

>         RFC 7169
>         Title:      The NSA (No Secrecy Afforded) 
>                     Certificate Extension 
>         URL:        http://www.rfc-editor.org/rfc/rfc7169.txt

i do not understand why this extension is needed.  the 5eyes have all your
keys.  the flag should always be on.  is the real intent that, when the
extension/flag is not on in a received certificate, then you know it is
bogus?

randy