Re: [pkix] Optimizing OCSP - Time for some spec work ?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 25 October 2019 02:08 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44C2B1200A1 for <pkix@ietfa.amsl.com>; Thu, 24 Oct 2019 19:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xrRPiXKZiqn0 for <pkix@ietfa.amsl.com>; Thu, 24 Oct 2019 19:08:02 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77629120096 for <pkix@ietf.org>; Thu, 24 Oct 2019 19:08:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1571969283; x=1603505283; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=FyretSMe7mupU1XtQkz2BT2QRkHffCdW2enGXkxIQUo=; b=CaoQ9t5ERXH8q6oYIu+f7yc63A11t0N0uwxVwDTXJg3IulpvslbHh4Kj SE59n8nxfhl6Gk5ZOPRMw9ZmudS76rR5Jt+ZDrMsE9lldd6Uiam83F33C ozf+0jQAXziOlHgkSwlbpOlzSkL2Z86SaK6neizpz4NlVNpNrKCwkeaJf zmWNu81j1nyPrIwv5xI2sexKK1bMN1P9aKDUMam2ccraECVcx8Omhe8JR rM3XFZA/8dF6QEqIFVhO9wOiwedKI5QKLjZ4zyajSA17ulPSwmfaaEUnZ 8ZV0rWf9G3SNoGU+QFNPOfhS2FraGdZd5ykN8QsyFQThadIHVBY8DUIYv A==;
X-IronPort-AV: E=Sophos;i="5.68,226,1569240000"; d="scan'208";a="95976944"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.5 - Outgoing - Outgoing
Received: from uxcn13-ogg-d.uoa.auckland.ac.nz ([10.6.2.5]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 25 Oct 2019 15:08:01 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 25 Oct 2019 15:07:59 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1395.000; Fri, 25 Oct 2019 15:07:59 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Dr. Pala" <madwolf@openca.org>, PKIX <pkix@ietf.org>
Thread-Topic: [pkix] Optimizing OCSP - Time for some spec work ?
Thread-Index: AQHVinrq4I5nEcgfh0O9xU1lviUJBKdqnCAD
Date: Fri, 25 Oct 2019 02:07:58 +0000
Message-ID: <1571969278256.43657@cs.auckland.ac.nz>
References: <31256d2d-dcfb-85f7-3850-accb2b2d6b89@openca.org>
In-Reply-To: <31256d2d-dcfb-85f7-3850-accb2b2d6b89@openca.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/X9CAhpSfjZzWPdiHZWGwMqV6KXE>
Subject: Re: [pkix] Optimizing OCSP - Time for some spec work ?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2019 02:08:04 -0000

Dr. Pala <madwolf@openca.org> writes:

>Providing Full Chain responses.

OCSP already does this, and has done since day 1.  That was the Identrus 
value proposition, they would do all the checking for you and return
everything in a single response.  It proved... less than wildly popular.

Peter.