Re: [lamps] Call for adoption of draft-nir-saag-star
Russ Housley <housley@vigilsec.com> Fri, 27 July 2018 17:48 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F211D131006 for <spasm@ietfa.amsl.com>; Fri, 27 Jul 2018 10:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4FVEvD5Ji0t6 for <spasm@ietfa.amsl.com>; Fri, 27 Jul 2018 10:48:54 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F36E3130E0C for <spasm@ietf.org>; Fri, 27 Jul 2018 10:48:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id D9E79300A3E for <spasm@ietf.org>; Fri, 27 Jul 2018 13:48:51 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id pYRZUcNIBnah for <spasm@ietf.org>; Fri, 27 Jul 2018 13:48:50 -0400 (EDT)
Received: from a860b60074bd.home (pool-71-127-50-4.washdc.fios.verizon.net [71.127.50.4]) by mail.smeinc.net (Postfix) with ESMTPSA id 67419300541; Fri, 27 Jul 2018 13:48:50 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <B44AAFBA-A7C1-4565-8307-D3B493A964B8@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_90F8B857-83E4-49AA-B575-44DE5F3A8DFE"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Fri, 27 Jul 2018 13:48:50 -0400
In-Reply-To: <BN6PR14MB1106140408FFB08553DEAE98835F0@BN6PR14MB1106.namprd14.prod.outlook.com>
Cc: SPASM <spasm@ietf.org>
To: Tim Hollebeek <tim.hollebeek@digicert.com>
References: <BN6PR14MB1106140408FFB08553DEAE98835F0@BN6PR14MB1106.namprd14.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/3RZ_8UErpb4hSrTnmoUUCM2HEcU>
Subject: Re: [lamps] Call for adoption of draft-nir-saag-star
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 17:48:56 -0000
This document was discussed at IETF 102 in Montreal. the DRAFT minutes say: '""" A WG call for adoption is underway. This document is about Short-Term Auto-Renewed (STAR) certificates. There is no revocation information for these certificates, and the short validity period of makes this acceptable. The automatic issuance of replacement certificates overcomes the operational challenges of short-term certificates. Two use cases are driving this work: IPsec VPNs and software-defined storage. These certificate might not be suitable for the Web PKI. Many people in the room felt that an extension for that tells the relying party that no revocation information is available is needed. The authors feel that such an extension should be defined in another document; this document should remain a BCP. Some people felt that these certificates should point to an empty CRL and a similar OCSP responder so that anyone looking for revocation information would not get a failure. Some people felt that the WG should not adopt this document until it addresses thes two topics. """ My conclusion from this discussion is that an update to the Internet-Draft is needed for the LAMPS WG to consider adoption. Please speak now id you come to a different conclusion. Russ > On Jul 14, 2018, at 12:01 PM, Tim Hollebeek <tim.hollebeek@digicert.com> wrote: > > > The recently approved LAMPS WG Charter adds this work item: > > 3. Specify the use of short-lived X.509 certificates for which no revocation information is made available by the Certification Authority. > > Short-lived certificates have a lifespan that is shorter than the time needed to detect, report, and distribute revocation information. As a result, revoking short-lived certificates is unnecessary and pointless. > > It has been suggested that the WG adopt draft-nir-saag-star as the starting point for this work. Please voice your support or concerns on the list. >
- [lamps] Call for adoption of draft-nir-saag-star Tim Hollebeek
- Re: [lamps] Call for adoption of draft-nir-saag-s… Melinda Shore
- Re: [lamps] Call for adoption of draft-nir-saag-s… Ryan Sleevi
- Re: [lamps] Call for adoption of draft-nir-saag-s… Dr. Pala
- Re: [lamps] Call for adoption of draft-nir-saag-s… Daniel Migault
- Re: [lamps] Call for adoption of draft-nir-saag-s… Russ Housley
- [lamps] discuss: empty OSCP (as: Re: Call for ado… Toerless Eckert
- Re: [lamps] Call for adoption of draft-nir-saag-s… Dr. Pala
- [lamps] Call for adoption of draft-vangeest-x509-… Russ Housley
- Re: [lamps] Call for adoption of draft-vangeest-x… Salz, Rich
- Re: [lamps] Call for adoption of draft-vangeest-x… Scott Fluhrer (sfluhrer)
- [lamps] Side-channel attack on multi-level trees … Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Scott Fluhrer (sfluhrer)
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Jim Schaad
- Re: [lamps] Side-channel attack on multi-level tr… Jim Schaad
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Scott Fluhrer (sfluhrer)
- Re: [lamps] Side-channel attack on multi-level tr… Tim Hollebeek
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Jim Schaad
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Tim Hollebeek
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Russ Housley
- Re: [lamps] Side-channel attack on multi-level tr… Russ Housley
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Scott Fluhrer (sfluhrer)
- Re: [lamps] Side-channel attack on multi-level tr… Daniel Van Geest
- Re: [lamps] Side-channel attack on multi-level tr… Dang, Quynh (Fed)
- Re: [lamps] Side-channel attack on multi-level tr… Russ Housley
- Re: [lamps] Side-channel attack on multi-level tr… Panos Kampanakis (pkampana)
- Re: [lamps] Call for adoption of draft-vangeest-x… Ryan Sleevi
- Re: [lamps] Call for adoption of draft-vangeest-x… Russ Housley
- Re: [lamps] Call for adoption of draft-vangeest-x… Adam Langley
- Re: [lamps] Call for adoption of draft-vangeest-x… Jonathan Hammell
- Re: [lamps] Side-channel attack on multi-level tr… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-vangeest-x… Tim Hollebeek
- Re: [lamps] Call for adoption of draft-vangeest-x… Jim Schaad
- Re: [lamps] Call for adoption of draft-vangeest-x… Russ Housley
- Re: [lamps] Call for adoption of draft-vangeest-x… Russ Housley