[pkix] OCSP reponses without nexUpdate

Thomas Kopp <thomas.kopp@luxtrust.lu> Mon, 24 February 2020 07:54 UTC

Return-Path: <thomas.kopp@luxtrust.lu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 810A03A07DE for <pkix@ietfa.amsl.com>; Sun, 23 Feb 2020 23:54:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.638
X-Spam-Level:
X-Spam-Status: No, score=-1.638 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxSqCT75Gmmz for <pkix@ietfa.amsl.com>; Sun, 23 Feb 2020 23:54:05 -0800 (PST)
Received: from mx1.luxtrust.lu (mx1.luxtrust.lu [185.69.225.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35F313A07D8 for <pkix@ietf.org>; Sun, 23 Feb 2020 23:54:04 -0800 (PST)
Received: from SV-1447WVP06.corp.1447.local (sv-1447wvp06.corp.1447.local [10.82.96.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.luxtrust.lu (MTA) with ESMTPS id 48QvTM1lyVz25dL for <pkix@ietf.org>; Mon, 24 Feb 2020 08:53:59 +0100 (CET)
Received: from SV-1447WVP06.corp.1447.local (10.82.96.76) by SV-1447WVP06.corp.1447.local (10.82.96.76) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1847.3; Mon, 24 Feb 2020 08:53:58 +0100
Received: from SV-1447WVP06.corp.1447.local ([10.82.96.76]) by SV-1447WVP06.corp.1447.local ([10.82.96.76]) with mapi id 15.01.1847.003; Mon, 24 Feb 2020 08:53:58 +0100
From: Thomas Kopp <thomas.kopp@luxtrust.lu>
To: "pkix@ietf.org" <pkix@ietf.org>
Thread-Topic: OCSP reponses without nexUpdate
Thread-Index: AdXq547Yj5JHBOWqRKivA/b474BBgw==
Date: Mon, 24 Feb 2020 07:53:58 +0000
Message-ID: <ae45cae10fe24054b56af6af5a629f9a@luxtrust.lu>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.82.96.71]
x-tm-as-product-ver: SMEX-14.0.0.3006-8.5.1024-25250.005
x-tm-as-result: No-10--20.984600-8.000000
x-tmase-matchedrid: vWvnoyq7eMzfVqwz+CynaRgO7sCGTR0NXF/PXQ6xePmJmZ8FliAav78t Q+d++9tXYff3A5nWjkYzvWHRIxWXwncbVuybnN+MvGAx/1ATZ5v/RWw03+xdxabN5Xxnq7eXf9k rIFPI8jVu7xCoxCPC8oDcpVWyPxAMqAn+yHbzwCcwMfxyID/dnTRGWZgDtiVIW2ODhN5BegkIbN RWsGR4loxtAsEN+OC7JhFEQZiq2ZSZEoWHC6Rh/ZZ5dyXMk0sSuiVf0/zK7a97lO0ZaWJUb/wlk T6z2PDaYkckb91vQ/65MbvpgqUSoxMaLJ/+JuBNPJ29SD5V9Ka2VoZZTnkHA4SmmYJGput1v5vm 3HFlS5BNxPCWgt1qATKVTrGMDe/DIPwiH5Xl/Q9vn11REP3xnsWELCnhv5MlMA5Zzu16lhLOqsg MyN+7e34fz8lQaWOgIvzeaaWnD0zOwndHdfxk9+eU0qFv58B+KR7YPxW6k1SEcppKRi10PcUJPU eTzbOZemDiYy/ldLcwo+sXt0rns/ioIsi7Sa0g41KbbIPm6wQxmN3SRonD6lcPyLd5264FncIDK rVDD8imX9aA/5jnEHTnOygHVQpOJd2n2XoSRFnMEmMJ+LiV/REQuhnt7JpjVR1qD7x/JlNYgjHT P2eBN1v/A5xvXuA1vHKClHGjjr1RvgR0hkbG4GukPpgdThA66/+JI9oIzb8Lr5mO/KWaCxComHE HwE+Cnh9cdMtMf0qj3Qz+FyEjBh35gqXq1LNl/zIkW73uAA48FBU9zIgkJ/i3gC6KqlRJgr8k01 hGTLzhD3VLjruNvZN65fjGjYMQQxkr2KQr+ojsWjO/lPD2Sf7E6GNqs6cePUWPd028fB4+1twsN 5Hv44RtqopBKUBleC3yW6NuHyER4v4YaBLsTX3H1dx1DkpgBM6369GIz1iOkrXRx8gGrQ==
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
x-tmase-result: 10--20.984600-8.000000
x-tmase-version: SMEX-14.0.0.3006-8.5.1024-25250.005
x-tm-snts-smtp: 624C08F8D34776CFACDC49AF9A6DFECA5A064ABE67F063ED4FDC62E0FDA65E8C2000:9
Content-Type: multipart/related; boundary="_006_ae45cae10fe24054b56af6af5a629f9aluxtrustlu_"; type="multipart/alternative"
MIME-Version: 1.0
x-msw-jemd-newsletter: false
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/sD-3OmI5OF7x8GmajBMQQMcTl0g>
Subject: [pkix] OCSP reponses without nexUpdate
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 07:54:07 -0000

Dear all,

OCSP real time responders typically produce responses without a nextUpdate. RFC 6960 stipulates in section 4.2.2.1 that ...

If nextUpdate is not set, the responder is indicating that newer revocation information is available all the time.

It seems that the former wording is ambiguous with regard to the semantics of the word "newer".
Does it mean for subsequent requests that one of the fields  thisUpdate or producedAt must change even if certificate status has not changed?

[LuxTrust_logo_blue_signature]
Thomas KOPP
Chief Scientist

Email: thomas.kopp@luxtrust.lu<mailto:thomas.kopp@luxtrust.lu>
Mobile:+352 621 229 316
Office: +352 26 68 15 - 574
LuxTrust S.A. |  IVY Building | 13-15, Parc d'activit├ęs | L-8308 Capellen | Luxembourg | www.luxtrust.lu<http://www.luxtrust.lu/>

[cid:image004.png@01D2B49A.E51F9060]<https://www.linkedin.com/company/luxtrust-s.a.>
[Banner_Email_jobs_hiring]
________________________________
The information in this e-mail and any attachment is confidential and for use by the addressee only. Access to this e-mail by anyone else is not authorized. If you are not the intended recipient, please inform the sender and erase all copies of it from your system. Internet communications are by default not secure. LuxTrust S.A. cannot guarantee the integrity and origin of e-mails unless they have been properly digitally signed. Confidentiality of e-mails can only be guaranteed if they are encrypted properly using a secure digital certificate.LuxTrust S.A. takes precautions to ensure that e-mails are scanned for viruses but cannot accept liability for any damage sustained as a result of software viruses.
________________________________