Re: [Sidrops] what to do when the CRL is hosed?

Job Snijders <job@ntt.net> Mon, 24 February 2020 23:43 UTC

Date: Mon, 24 Feb 2020 23:43:23 +0000
From: Job Snijders <job@ntt.net>
To: Jared Mauch <jared@puck.nether.net>
Cc: sidrops@ietf.org, claudio@openbsd.org
Message-ID: <20200224234323.GC60925@vurt.meerval.net>
References: <20200224211531.GB60925@vurt.meerval.net> <10259FC6-FE65-4B34-81B2-A37FCFA29BF2@puck.nether.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <10259FC6-FE65-4B34-81B2-A37FCFA29BF2@puck.nether.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/DcHphA_f0_CUbP1Ojde7w3YKBTo>
Subject: Re: [Sidrops] what to do when the CRL is hosed?
Precedence: list

On Mon, Feb 24, 2020 at 05:19:33PM -0500, Jared Mauch wrote:
> I think you may be right in absolute terms. You are likely wrong that
> unless you have cached CRL experience saying it's bad you have no
> reason to distrust. 

CRLs in RPKI != CRLs in TLS/browser context.

> Also cryptographically signed data can be sent insecurely and be
> validated against change or tampering. Perhaps you are worried about
> privacy?

I don't think I'm concerned about privacy.

My point was that in the application of X509 in the use case of RPKI: if
the CRL is expired, you have more than enough reason to distrust.

Kind regards,

Job

[Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
Re: [Sidrops] what to do when the CRL is hosed? Francisco Javier Moreno Arana
Re: [Sidrops] what to do when the CRL is hosed? Ben Maddison
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Louis Poinsignon
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Jared Mauch
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Di Ma
Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Nathalie Trenaman
Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Rob Austein
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Oleg Muravskiy
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? George Michaelson
Re: [Sidrops] what to do when the CRL is hosed? Di Ma
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Claudio Jeker
Re: [Sidrops] what to do when the CRL is hosed? Job Snijders
Re: [Sidrops] what to do when the CRL is hosed? Christopher Morrow
Re: [Sidrops] what to do when the CRL is hosed? Jay Borkenhagen
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Lukas Tribus
Re: [Sidrops] what to do when the CRL is hosed? Tim Bruijnzeels
Re: [Sidrops] what to do when the CRL is hosed? Robert Kisteleki
Re: [Sidrops] what to do when the CRL is hosed? Martin Hoffmann
Re: [Sidrops] what to do when the CRL is hosed? Stephen Kent
Re: [Sidrops] what to do when the CRL is hosed? Randy Bush