Re: [lamps] [saag] Considerations and Clarifications about draft-nir-saag-star-01

Benjamin Kaduk <> Wed, 21 March 2018 23:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0D5CC12E856; Wed, 21 Mar 2018 16:16:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9fLe79IHE4Xi; Wed, 21 Mar 2018 16:16:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A285D129C6E; Wed, 21 Mar 2018 16:16:31 -0700 (PDT)
X-AuditID: 1209190e-d51ff70000004ac5-01-5ab2e7ce83eb
Received: from ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id E2.78.19141.EC7E2BA5; Wed, 21 Mar 2018 19:16:30 -0400 (EDT)
Received: from (OUTGOING-AUTH-1.MIT.EDU []) by (8.13.8/8.9.2) with ESMTP id w2LNGTqi001469; Wed, 21 Mar 2018 19:16:29 -0400
Received: from ( []) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by (8.13.8/8.12.4) with ESMTP id w2LNGO5r011644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 21 Mar 2018 19:16:27 -0400
Date: Wed, 21 Mar 2018 18:16:25 -0500
From: Benjamin Kaduk <>
To: "Dr. Pala" <>
Cc: "" <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprCKsWRmVeSWpSXmKPExsUixCmqrXvu+aYogyVnNSz2b/CxuHiwyGJK fyeTxbxryQ4sHkuW/GTymD7xPksAUxSXTUpqTmZZapG+XQJXxr6fD1kLJvFUPPo1nbmB8TNn FyMnh4SAicT1/1PZQGwhgcVMEktP+XcxcgHZGxklOk4tZ4JwrjJJfO5dxgRSxSKgKvH6bhsr iM0moCLR0H2ZGcQWAbIXtLxh72Lk4GAWUJY4ftUPJCwsECLx/cAldhCbF2jZ2lc/mSCW2Ups 23+UBSIuKHFy5hMwm1lAS+LGv5dMEGOkJZb/44AIa0ssW/gabBOngJ3Eg9NbGUFsUaBNe/sO sU9gFJyFZNIsJJNmIUyahWTSAkaWVYyyKblVurmJmTnFqcm6xcmJeXmpRbrGermZJXqpKaWb GMEBLsm3g3FSg/chRgEORiUe3oycTVFCrIllxZW5hxglOZiURHnXlQGF+JLyUyozEosz4otK c1KLDzFKcDArifBmPwbK8aYkVlalFuXDpKQ5WJTEed1NtKOEBNITS1KzU1MLUotgsjIcHEoS vKrASBYSLEpNT61Iy8wpQUgzcXCCDOcBGq4CUsNbXJCYW5yZDpE/xajLcePF6zZmIZa8/LxU KXFeTpAiAZCijNI8uDmgxCSRvb/mFaM40FvCvGnPgKp4gEkNbtIroCVMIB/M3ACypCQRISXV wFgz5fXf1kSJFLOMiy/KzrAduHElJOi+6K4Za+e3nqq+sbDEO83arPOULdfnV7Ojiu+unTNR mKPzIMfCkmve6TaTNtzYpv7Q6kT654R8Nnd+X/XHmVXyvZPcD53fvdfInevo8pW3F/R9+Lz0 c/CaKzGPG8XVtr24xu8Rd1PuvWvTPfbsmSIbwo8psRRnJBpqMRcVJwIA1JfBQScDAAA=
Archived-At: <>
X-Mailman-Approved-At: Wed, 21 Mar 2018 16:28:41 -0700
Subject: Re: [lamps] [saag] Considerations and Clarifications about draft-nir-saag-star-01
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 21 Mar 2018 23:16:33 -0000

[spasm and pkix to bcc; please continue discussion on one list only]

Hi Max,

On Wed, Mar 21, 2018 at 01:08:07PM +0000, Dr. Pala wrote:
> Hi all,
> unfortunately I missed the sec-dispatch session, but I have some
> important considerations about the document. In general, short-lived
> certificates have been around for many years and for many different
> applications (nothing new here), however nobody who have been working
> with PKI long enough would actually made the case that the security
> levels of short-lived-no-revo and any-lived-plus-revo are the same
> (which seems the life-motif of the presentation and the document itself).
> Other aspects that I think shall be revisited are the lack of
> considerations about the usability of deployed infrastructures (when no
> revocation is assumed) and some wrong considerations in the document
> about validity periods of OCSP Responses and CRLs (that clearly
> undermine the equivalence claim).

It would probably be helpful if you included a description of what
attacker capabilities are present in your mental model.  If the
attacker is modelled as being in control of the network (and
revocation status is carried over HTTP-not-S) then the claim of
equivalence between short-lived certs and "short-lived" OCSP holds
much more weight.  When you say that a second party can get the
valid revocation status information, that implies that the attacker
does *not* have full control over the network -- so what exactly can
and cannot the attacker do?