Re: [sidr] come on people Re: The question about https certificates and frequency of mft/crl re-issuance

Rob Austein <sra@hactrn.net> Sat, 25 June 2016 18:47 UTC

Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A661B12B046 for <sidr@ietfa.amsl.com>; Sat, 25 Jun 2016 11:47:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R2JNsUD043HY for <sidr@ietfa.amsl.com>; Sat, 25 Jun 2016 11:47:14 -0700 (PDT)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58A8812B030 for <sidr@ietf.org>; Sat, 25 Jun 2016 11:47:14 -0700 (PDT)
Received: from minas-ithil.hactrn.net (c-73-47-197-23.hsd1.ma.comcast.net [73.47.197.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (not verified)) by adrilankha.hactrn.net (Postfix) with ESMTPS id DD36A22884 for <sidr@ietf.org>; Sat, 25 Jun 2016 18:47:13 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id 0FECA4067D4E for <sidr@ietf.org>; Sat, 25 Jun 2016 14:47:20 -0400 (EDT)
Date: Sat, 25 Jun 2016 14:47:20 -0400
From: Rob Austein <sra@hactrn.net>
To: sidr@ietf.org
In-Reply-To: <55B266B3-4D9D-4675-9952-24614CAD83AF@ripe.net>
References: <1CD27ACC-F5D2-4F11-8DD5-2B1F42544406@ripe.net> <6B1254FF-8A81-4923-BBE6-12536C6001C9@tislabs.com> <64FD7445-B2DD-4780-AD85-401104D12A82@tislabs.com> <m2mvm9vi3b.wl%randy@psg.com> <55B266B3-4D9D-4675-9952-24614CAD83AF@ripe.net>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20160625184720.0FECA4067D4E@minas-ithil.hactrn.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/kxbWxWQeu_Vusarp9y--njZuFiw>
Subject: Re: [sidr] come on people Re: The question about https certificates and frequency of mft/crl re-issuance
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jun 2016 18:47:16 -0000

I agree with Tim that:

a) We appear to be approaching closure on text to nail down the TLS
   certificate validation behavior of RRDP; and

b) That the MFT/CRL re-issuance implications of TLS certificate
   validation in RRDP (if any) are a separate topic to be discussed
   (if at all) in a different I-D.

I would add that we may not know enough to write the second I-D yet,
so I'm not in any particular hurry to start on it.