Re: [pkix] [saag] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
Sean Leonard <dev+ietf@seantek.com> Wed, 09 September 2015 22:34 UTC
Return-Path: <dev+ietf@seantek.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 991D41B3570; Wed, 9 Sep 2015 15:34:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id puAi4V5f_Vit; Wed, 9 Sep 2015 15:34:26 -0700 (PDT)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACE31B35C4; Wed, 9 Sep 2015 15:34:26 -0700 (PDT)
Received: from smize.t-mobile.com (unknown [162.248.119.213]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 9B69F509BB; Wed, 9 Sep 2015 18:34:23 -0400 (EDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_94E96916-09B6-4E6C-81C0-2DB42CD2DB32"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Leonard <dev+ietf@seantek.com>
In-Reply-To: <D2147567.77C32%paul@marvell.com>
Date: Wed, 09 Sep 2015 15:33:47 -0700
Message-Id: <860D66D4-6D96-4BAA-9869-ED5091CB4DB3@seantek.com>
References: <20141113051500.12824.67140.idtracker@ietfa.amsl.com> <8FF19ABF-17F7-4A83-ABF9-DF84C93528A8@seantek.com> <55EAFAE2.9040107@cs.tcd.ie> <D2147567.77C32%paul@marvell.com>
To: Paul Lambert <paul@marvell.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/vEZ3u9Rt5TF39Kp8JYzj7NWzM_M>
Cc: "pkix@ietf.org" <pkix@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [pkix] [saag] (it updates RFC 2585) New Version Notification for draft-seantek-certfrag-02.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 22:34:27 -0000
Hello: On Sep 8, 2015, at 11:32 AM, Paul Lambert <paul@marvell.com> wrote: > > > >> Sean has asked me if I'd be ok with AD sponsoring this one. While it >> seems reasonable as a thing one might want to do, I haven't seen that >> it is something anyone else wants to use so I'm not convinced for now. > > The application and semantics of this RFC is unclear. The only text > describing a use case is: > "For example, a user agent may wish to draw > attention to the "notAfter" time for an > expired certificate.² > > > This seems broken in that the semantics of any one field needs to include > a notion of the validity of the certificate. Not really, or at least, that was not the intent. notAfter is just a field in the certificate. The purpose of the example was to motivate a use case, namely, if the certificate is expired in some validation context, the user agent can generate a URI like: view-source://internal/checkcert?cert=foo#na so that the modular certificate viewing component can highlight that particular data field. An equally potent example could be given if the certificate is valid, to highlight when the certificate expires. Yet another example could be given is nobody has done a validation check; the user agent just wants to point out the notAfter time. To reduce confusion, I can change that sentence to: “For example, a user agent may wish to draw attention to the "notAfter" field of a certificate.” -Sean
- [pkix] (it updates RFC 2585) New Version Notifica… Sean Leonard
- Re: [pkix] (it updates RFC 2585) New Version Noti… Stephen Farrell
- Re: [pkix] [saag] (it updates RFC 2585) New Versi… Paul Lambert
- Re: [pkix] [saag] (it updates RFC 2585) New Versi… Sean Leonard
- Re: [pkix] (it updates RFC 2585) New Version Noti… Sean Leonard