Re: [Sidrops] trying to limit RP processing variability
Martin Hoffmann <martin@opennetlabs.com> Thu, 16 April 2020 09:58 UTC
Return-Path: <martin@opennetlabs.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B96203A1362 for <sidrops@ietfa.amsl.com>; Thu, 16 Apr 2020 02:58:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id deHBFE1fd94f for <sidrops@ietfa.amsl.com>; Thu, 16 Apr 2020 02:58:20 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01FFC3A1366 for <sidrops@ietf.org>; Thu, 16 Apr 2020 02:58:19 -0700 (PDT)
Received: from glaurung.nlnetlabs.nl (82-197-214-124.dsl.cambrium.nl [82.197.214.124]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 532231CE0E; Thu, 16 Apr 2020 11:58:18 +0200 (CEST)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none (p=none dis=none) header.from=opennetlabs.com
Authentication-Results: dicht.nlnetlabs.nl; spf=none smtp.mailfrom=martin@opennetlabs.com
Date: Thu, 16 Apr 2020 11:58:17 +0200
From: Martin Hoffmann <martin@opennetlabs.com>
To: Claudio Jeker <cjeker@diehard.n-r-g.com>
Cc: Stephen Kent <stkent=40verizon.net@dmarc.ietf.org>, "sidrops@ietf.org" <sidrops@ietf.org>, Job Snijders <job@ntt.net>
Message-ID: <20200416115817.6c3f4318@glaurung.nlnetlabs.nl>
In-Reply-To: <20200415143321.GM72650@diehard.n-r-g.com>
References: <a9448e54-320f-300c-d4f9-d01aca2b6ef4.ref@verizon.net> <a9448e54-320f-300c-d4f9-d01aca2b6ef4@verizon.net> <20200415150141.016d021d@glaurung.nlnetlabs.nl> <20200415140012.GB30412@vurt.meerval.net> <20200415161415.29c49f4e@glaurung.nlnetlabs.nl> <20200415143321.GM72650@diehard.n-r-g.com>
Organization: Open Netlabs
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/2FIT7iOWxKJESGQRz2SSRlr8ilE>
Subject: Re: [Sidrops] trying to limit RP processing variability
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Apr 2020 09:58:22 -0000
Claudio Jeker wrote: > On Wed, Apr 15, 2020 at 04:14:15PM +0200, Martin Hoffmann wrote: > > Job Snijders wrote: > > > On Wed, Apr 15, 2020 at 03:01:41PM +0200, Martin Hoffmann wrote: > > > > > > > > > 1.Manifest present, valid, current > > > > > > > > If there is a present, valid, and current manifest, the CRL can > > > > safely be ignored for all objects. > > > > > > I'd like to ask you for some clarification, Stephen Kent listed 4 > > > different cases, I parapharsed here: > > > > > > 1.1. Manifest present, valid, current AND CRL present, valid, > > > current 1.2. Manifest present, valid, current AND CRL present, > > > stale 1.3. Manifest present, valid, current AND CRL present, > > > invalid 1.4. Manifest present, valid, current AND CRL missing > > > > > > When you say "can safely be ignored", do you mean, MAY be ignored, > > > SHOULD be ignored? or MUST be ignored? In all four cases? > > > > In all cases. Since it is ignored, it doesn’t really matter whether > > it is good or bad or ugly. > > > > I suppose I would go with "SHOULD be ignored" here. > > Which CRL are we talking about? The ones listed in the manifest or > the one referenced by the manifest certificate? Isn’t that supposed to be the same? Each CA only issues one CRL for all its issued certificates and replaces it upon update. Kind regards, Martin
- [Sidrops] trying to limit RP processing variabili… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Job Snijders
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Job Snijders
- Re: [Sidrops] trying to limit RP processing varia… Robert Kisteleki
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Di Ma
- Re: [Sidrops] trying to limit RP processing varia… Robert Kisteleki
- Re: [Sidrops] trying to limit RP processing varia… Claudio Jeker
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Robert Kisteleki
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Job Snijders
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Di Ma
- Re: [Sidrops] trying to limit RP processing varia… Job Snijders
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Claudio Jeker
- Re: [Sidrops] trying to limit RP processing varia… Tim Bruijnzeels
- Re: [Sidrops] trying to limit RP processing varia… Tim Bruijnzeels
- Re: [Sidrops] trying to limit RP processing varia… Jay Borkenhagen
- Re: [Sidrops] trying to limit RP processing varia… Randy Bush
- Re: [Sidrops] trying to limit RP processing varia… Robert Kisteleki
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Tim Bruijnzeels
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Randy Bush
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Job Snijders
- Re: [Sidrops] trying to limit RP processing varia… Claudio Jeker
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Randy Bush
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… George Michaelson
- Re: [Sidrops] trying to limit RP processing varia… Tim Bruijnzeels
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Martin Hoffmann
- Re: [Sidrops] trying to limit RP processing varia… Randy Bush
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent
- Re: [Sidrops] trying to limit RP processing varia… Rob Austein
- Re: [Sidrops] trying to limit RP processing varia… Job Snijders
- Re: [Sidrops] trying to limit RP processing varia… Stephen Kent