IETF Logo Mail Archive

Progressing CRL AIA

Tim Polk <tim.polk@nist.gov> Mon, 11 July 2005 21:09 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ds5WN-0007Js-Oo for pkix-archive@megatron.ietf.org; Mon, 11 Jul 2005 17:09:01 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA16453 for <pkix-archive@lists.ietf.org>; Mon, 11 Jul 2005 17:08:56 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6BK6VAq082837; Mon, 11 Jul 2005 13:06:31 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j6BK6Vvp082836; Mon, 11 Jul 2005 13:06:31 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6BK6T7C082829 for <ietf-pkix@imc.org>; Mon, 11 Jul 2005 13:06:29 -0700 (PDT) (envelope-from tim.polk@nist.gov)
Received: from postmark.nist.gov (pullyou.nist.gov [129.6.16.93]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id j6BK6CGJ020278; Mon, 11 Jul 2005 16:06:14 -0400
Received: from krdp8.nist.gov (krdp8.ncsl.nist.gov [129.6.54.113]) by postmark.nist.gov (8.12.5/8.12.5) with ESMTP id j6BK596v015332; Mon, 11 Jul 2005 16:05:09 -0400 (EDT)
Message-Id: <5.1.0.14.2.20050711155700.038c6ab8@email.nist.gov>
X-Sender: wpolk@email.nist.gov
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 11 Jul 2005 16:07:32 -0400
To: Sam Hartman <hartmans-ietf@mit.edu>
From: Tim Polk <tim.polk@nist.gov>
Subject: Progressing CRL AIA
Cc: ietf-pkix@imc.org, kent@bbn.com, stefans@microsoft.com, housley@vigilsec.com
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: tim.polk@nist.gov
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id j6BK6T7C082830
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by ietf.org id RAA16453


Sam,

The PKIX WG has achieved rough consensus on "Authority Information Access 
CRL Extension".  This document is ready for progression; we are 
recommending progression as standards track document.

The current draft is available at

      http://www.ietf.org/internet-drafts/draft-ietf-pkix-crlaia-02.txt

The PROTO questionnaire and writeup for CRL AIA is appended below.

Thanks,

Tim Polk

------------------------- PROTO writeup for CRL AIA 
--------------------------------

PROTO Questionnaire and Writeup for the CRL AIA Extension

    1.a) Have the chairs personally reviewed this version of the Internet
         Draft (ID), and in particular, do they believe this ID is ready
         to forward to the IESG for publication?

The chairs have both reviewed this version of the Internet Draft and agree this
ID is ready to forward for publication.

    1.b) Has the document had adequate review from both key WG members
         and key non-WG members?  Do you have any concerns about the
         depth or breadth of the reviews that have been performed?

This document has undergone a thorough review.  Most WG members reviewed at 
least one draft of the CRL AIA specification, and many WG members repeated 
the process during WG Last Call.  The document was also reviewed by the RFC 
3280bis design team to ensure consistency with complementary 
specifications.  I have no remaining concerns about depth or breadth of 
reviews.

    1.c) Do you have concerns that the document needs more review from a
         particular (broader) perspective (e.g., security, operational
         complexity, someone familiar with AAA, etc.)?

No such concerns.

    1.d) Do you have any specific concerns/issues with this document that
         you believe the ADs and/or IESG should be aware of?  For
         example, perhaps you are uncomfortable with certain parts of the
         document, or have concerns whether there really is a need for
         it.  In any event, if your issues have been discussed in the WG
         and the WG has indicated it that it still wishes to advance the
         document, detail those concerns in the write-up.

WG discussions of this specification highlighted significant disagreements 
with respect to CRL validation.   Identifying appropriate CRLs, relying 
parties leverage names stated in the certificate of interest and the 
CRL.  Some members of the WG feel these names are potentially ambiguous, 
and that additional safeguards should be imposed by the family of PKIX 
specifications.

While these issues are important, they are not within the scope of this 
specification, and their resolution will not affect the technical
mechanisms specified in this document.  The WG has concluded that these
issues would be best addressed in RFC 3280bis.

    1.e) How solid is the WG consensus behind this document? Does it
         represent the strong concurrence of a few individuals, with
         others being silent, or does the WG as a whole understand and
         agree with it?

The WG consensus is strong – most WG members have reviewed this document
and are comfortable with the content.

    1.f) Has anyone threatened an appeal or otherwise indicated extreme
         discontent?  If so, please summarise the areas of conflict in
         separate email to the Responsible Area Director.

No.  The contentious issues have been resolved to mutual satisfaction or
deferred to the development of 3280bis.

    1.g) Have the chairs verified that the document adheres to all of the
         ID nits? (see http://www.ietf.org/ID-Checklist.html).

Yes

    1.h) Is the document split into normative and informative references?
         Are there normative references to IDs, where the IDs are not
         also ready for advancement or are otherwise in an unclear state?
         (note here that the RFC editor will not publish an RFC with
         normative references to IDs, it will delay publication until all
         such IDs are also ready for publication as RFCs.)

Yes

---------------------------------- Document Write-up 
-----------------------------------------


Technical Summary

This document updates RFC 3280 by defining the Authority Information
Access Certificate Revocation Lists (CRL) extension.  RFC 3280 [PKIX1]
provides for bottom-up discovery of certification paths through the
Authority Information Access extension.  This document defines the use
of the Authority Information Access extension in CRLs, enabling a CRL
checking application to to locate certificates that may be useful in
the construction of a valid CRL issuer certification path to an
appropriate trust anchor.

Working Group Summary

The working group had consensus to advance the draft to Proposed
Standard.

Protocol Quality

This document has been reviewed by members of the ietf-pkix@imc.org
mailing list, the RFC 3280bis design team, and by the working group chairs.

v2.23.0 | Report a Bug | By Email