Re: [smime] RFC3125: Question - CertInfoReq fullPath

Jim Schaad <ietf@augustcellars.com> Fri, 03 November 2017 18:08 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6AAF13FF26 for <smime@ietfa.amsl.com>; Fri, 3 Nov 2017 11:08:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id famJqVajNiQa for <smime@ietfa.amsl.com>; Fri, 3 Nov 2017 11:08:26 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6714213FF24 for <smime@ietf.org>; Fri, 3 Nov 2017 11:08:26 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01D35494.0E97AAB0"
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1509732503; h=from:subject:to:date:message-id; bh=SQRMhMjXCjojmKCMK2aLLuT9WL7rNMfolo4fU1qG9oY=; b=VqFFwNtIA+kkn+oz8gGoogyIqzTzAJYxPemiVYXCCn4tCg+lXWyg6BB5BgKre1cmdcMk8h5dnzy Qgwb1BS8PwX0sQsZSlZF3YIXFd+E5S/Qvl38fy2+IyhncC8pTix5iarb6im2NB1qVpYIQ0T4k0dtm 5crrfJpAZFSew6c2WY6T493o0Zvf67I+f0ovRaEYg33Wm9GbNwd8nG37trloL1GgPnWCaUpBBiMzX 7KpMhxR306Ka3gEW+uu6B8HIlAickHTzRv2q6oOMZPSepJAXerrRuH4k4vIJd0G2/pa2j7mg5fMLW HGqchfwsVnEfXo3uUyAnDCTUp2jYjfXTrgjw==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 3 Nov 2017 11:08:22 -0700
Received: from Hebrews (192.168.1.162) by mail2.augustcellars.com (192.168.1.201) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 3 Nov 2017 11:07:19 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: "'Hajek, Juraj'" <Juraj.Hajek@ardaco.com>, <smime@ietf.org>
References: <73d57ce76d7a43b38666557558a5d9a7@XSI.ardaco.local> <e80f72fa03ee41efb9c8a3bcf396be44@XSI.ardaco.local>
In-Reply-To: <e80f72fa03ee41efb9c8a3bcf396be44@XSI.ardaco.local>
Date: Fri, 3 Nov 2017 11:08:17 -0700
Message-ID: <000c01d354ce$baf32750$30d975f0$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQDlC+65FtxNHzNwXhyqg5MngOp/SAKSb5TjpMrx3XA=
X-Originating-IP: [192.168.1.162]
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/KlAlSiKPVmWNWRAY0G0Hw2FEAc8>
Subject: Re: [smime] RFC3125: Question - CertInfoReq fullPath
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Nov 2017 18:08:28 -0000

Normally one would presume that the trust point is shared and thus can be
excluded from the path.  I do not believe that a problem would exist if a
reference to the trust point existed, as long as that did not constitute a
trust decision.

 

Jim

 

 

From: smime [mailto:smime-bounces@ietf.org] On Behalf Of Hajek, Juraj
Sent: Friday, November 3, 2017 3:10 AM
To: smime@ietf.org
Subject: Re: [smime] RFC3125: Question - CertInfoReq fullPath

 

Hello,

 

we are not sure about the interpretation of the following sentence in
RFC3125 (https://datatracker.ietf.org/doc/rfc3125/?include_text=1).

 

CertRefReq and CertInfoReq, p.9

“References for full cert path up to a trust point required”

 

Does it mean that  the trust point should be included or excluded in the
path?

 

Thank you very much.

 

Best regards,

 

Juraj Hájek

Project Manager

 

Ardaco, a.s.