IETF Logo Mail Archive

Re: [lamps] draft-housley-lamps-norevavail-00

Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 19 May 2023 16:48 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45EE1C14CEE3 for <spasm@ietfa.amsl.com>; Fri, 19 May 2023 09:48:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.796
X-Spam-Level:
X-Spam-Status: No, score=-2.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wovpZBtbRq-4 for <spasm@ietfa.amsl.com>; Fri, 19 May 2023 09:47:58 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 189F0C14CEED for <spasm@ietf.org>; Fri, 19 May 2023 09:47:57 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34JD2Rv7022933; Fri, 19 May 2023 11:47:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=dXj8jfRF+k+umFWAe04H2go3XuUFws+bRTdrfhEL+D8=; b=d5EgC4Avgh8Zg/WVtDhVqGU8h8UcLcCjeitZO/kWz9ytIP0twSKlccilpUo0HORfgeOc VLidWYJwEs2HT6ASOOpRLrEP5IoxXGjMXQfKchsARyKfU6uiHNLFgRHCb1U030cikk8+ rcihR02T46Gk96oAaBvgLSF+W4bwEoTwxonRjLQ+1h6e7Kq/GdsuPSFqSniBBx1BJ/1D bQPkATo4IRhe+Y6jAkDRMdvloRXsYGnJoMdO18LaPuBZ7IUIAUjlI5GywDbpaz1mZ7ZI 1YYd6F+QUCGpEIrEb2wZSTlLKBxKmjE2MxR7UafFCXWGB4bYx137UUVBDHVOMMNthewA nw==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2048.outbound.protection.outlook.com [104.47.66.48]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3qj781yy3b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 May 2023 11:47:52 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y736lUEd9PFasNPJIhY5fXnn0IPWH/4sKDtxY6C/ONTfQRuQWp0KYOtP6lPBkKcfURC0rPMkHoezzlkiYUnrhhRr348A9YqFGHrS6GO3ajJQZFwYKbKc93Y7hJ3SrsUOvBRpTpnsLyBANMLm1XY3XV308sBYN95M2D3Qfx3jRSWgKtcCehCuU0n7Pwj8ORbVbzasMRT0WFRavV1Z/ZQMp2h0Ajnsv0fMhKPkQjbGUBFt/wd2hhTT9arZrpu2kicnc9Iw7G27MU8/eubsjcD8u701k5PWccN3w8uUETeM6si9e87KCJ4csS7OwgS9qVnFuaTsUW8xmLz35QDyUIWF4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dXj8jfRF+k+umFWAe04H2go3XuUFws+bRTdrfhEL+D8=; b=NbpkSStZtoZmwjaHJiKMadx6ZUlZmCtXNZ9+QXgu4o6jAoRHVecwXrVo8p+cLSfLDc7/+B9znG7h613Ji3el2diO5Bu696klXvRYs15kb5ZuuOMNhtBXfP/oTyXs2D6eof7RDiMWHhJGmZxY61sbTkesGRcXAD4qpGEqYv6eZxg69OLE775b8mx9NrrqqTOxaImvcjdW/Y1YAc4DjZkAvQTNGPUbiS9j8oxGiNeD88yaf6COW/A0EE/+wQ+gZIJLtwtBOpo9SWD3dX+SSUUxyKqtvDceWnUng6t8m5Ib6qiGQDH1aMxh6t9JWgRVE2G72JEsVOgt62apRItLRHxV7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DM6PR11MB4641.namprd11.prod.outlook.com (2603:10b6:5:2a9::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.21; Fri, 19 May 2023 16:47:47 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f08:9ebc:8857:74f7]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f08:9ebc:8857:74f7%6]) with mapi id 15.20.6411.021; Fri, 19 May 2023 16:47:47 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Tim Hollebeek <tim.hollebeek@digicert.com>, Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
CC: Joe Mandel <Joe.Mandel@secureg.io>, Tomofumi Okubo <tomofumi.okubo@gmail.com>
Thread-Topic: [lamps] draft-housley-lamps-norevavail-00
Thread-Index: AQHZilonUL5acxfiUkihxSkYJITq5a9huHYQgAAEOgCAABHJAA==
Date: Fri, 19 May 2023 16:47:47 +0000
Message-ID: <CH0PR11MB5739E4C8D14294F6868D18929F7C9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <168444309553.24047.14923062710269229403@ietfa.amsl.com> <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com> <SN7PR14MB649255412EFADEE00E0F6B00837C9@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739CCB7CDDCAD1D11F04DAE9F7C9@CH0PR11MB5739.namprd11.prod.outlook.com> <BB5FA3FE-445A-44C4-B4C7-471B15310582@akamai.com>
In-Reply-To: <BB5FA3FE-445A-44C4-B4C7-471B15310582@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DM6PR11MB4641:EE_
x-ms-office365-filtering-correlation-id: b71cc84f-03ec-435e-1f41-08db5888c679
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Hop8I9rR4DzY+WmdE1epk1+La58J9RylkjcRRQqp1qi+nGsRyQmaMcBXZSaE3orRRf/bF4Nn9JkAar7sdjecbgif2eX5Qo1Z92O2NQBZoWfF7TyCCaklMgMPB59+Gj6D0NLREDJ/M6bGFPt8+FZp3Faul0VMWLEnZB4VEEZUg2sm/qU3NUWOu6eE/4vsOAuT7h/A06EcOHzYwWeskRLNDI2YzwzqT0o075o/rvbt6ewtwtUdUOAl0V1BgzkHKU+yNMsMGArZf3ObFSylw/6tLQnb8a+IGI1okCjMLvIG6gEqlI03/ji/0+Z97DpE+GiamkqQh0RPxPht+SWkCjwyLUdQMBNsknQRLxWxFzPs9rLNys4kWNYzXxyWtNJw8TCFsPD3n2RU2IVWik7auXrrstlnZiNkjS/BcEVEgU6jIayHFwfTM762dxQsnWIqunbrskXmizVODS7+wajfecNK7nxtkGfgDoa2AUqwVVibav4aTjvqXemYqHP7cYWjrMxDdL7c/rU/q3Ex3mVjImBfhi/JtfWRmWM18SH3G4im1UqW2CIjxxgQY4QREI4J8pZzW7PgzdLJc3S+4gbTdy8LEYxk19eeXn2Sf39MSJzvmsgKv1Scm0+bZ5YD81Urq1Ho
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(39850400004)(396003)(366004)(376002)(136003)(346002)(451199021)(38100700002)(122000001)(55016003)(33656002)(38070700005)(86362001)(52536014)(8936002)(4326008)(2906002)(5660300002)(8676002)(6506007)(53546011)(26005)(9686003)(478600001)(110136005)(54906003)(76116006)(66556008)(316002)(66446008)(66946007)(64756008)(71200400001)(66476007)(186003)(41300700001)(7696005)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: L6K+rAoPCsoy0bc9tD7Io1Vwn7VD+4was7wmu8D93Vmg4DekQkaCMaRrEs0zH1vgtf4vNKAFDO8hjIAOLoSHs8CCJGSpr9GoboyNBMoWQqFDUs31rW0gReD7Lmou1m7gX2BTrtJYvMDgLOt24xIn7rJr8CjFNVl7WaLDMX2AVcgb2W9dQGabhl22+oy6j1CgPWhYwiyxE1Fb6CWAQQqw0ICB3NfN1mdcNxjqGx1TnTwkLW/JVYi5y9bakPdPneDb1f5LxSErd2sY12nXo49l7Zfe4KB+gH8mhb39U8hf4jLsOq1qkkd2pvwPiEhqhxh0Aq3C22jJNPIjbli9BzB0rwlZDN3c9MABk1TxFNa40ERnlr4rjjldVD/OzUN7ZQ+FHSgT1hvoo/MrWNI+6rxk1v1TyABfq4ujSfY4DewR0YPpMCgY+Rhc7cuxF+INZqq5YjfCHL+0Dgqnk4grYxMnx8fK720O78bHLu3+dCb9K2yWYCYbDxUY/Jw5bk7fxuOyscnW1wWzMB/GhpDSwdop9PLlhs1TgC1jSn0LAIxjVVPx2d1MRBICBW4N3T/2D/epKXrzI6zWbjTgRN51v74aaCassn2XvpSdZI9ZiPf8xRoFks5lzUwz9QQz5BLvH2gcxjhIy15mIS3lCqDtqQj3zpkO/fSmVdrGyMCjUqa5ntMVFy8eP0wR6J2fgHOnJaSPEZmnSNswFLtntGtc57LqewHgzHKvHfUAP0zaHdl8xX+b1aPhh/xTBcZdxgbtLMDIQL4r2/bAK2HzpKhjHpX0HQUjcbrGzNKS8TOM2VouXiqsc12SAuRGnGu1oWxiiv+jVVEHUsdBBywxMUJ/VJA2jQ3arYB2vzEXqkJ2SCl7fJ76ujuM816Z5AAfCKSqBp0GtRidOWczrqunOJObqj0/LKPLS3SzjKfFgFawtsHQMY2eKk03NUqx1jf0LFq9Tcoop/orhNn7h1+rD8g8S6fGMZaSP9e0GhDE4pmniZbM5r02q+W47H3v5Aou3Tj5dtG9XcJxHXVO7/Q8lOQmXizHua90sN8rTf6WSXAHzWO4Bt0ekQ08Ll7NxjTx3r1cpbOrVpVhs67JYfaI0KCOsk8wBCRRftZliBLroWCCJWQ4xF9of4fPH3hIPqnFNf9nr8rghbmAKkNvnGXXLg7sVv3fga0x6BekN8ZAXhaJE0pfTHc9e6iOguqNABz0PdE7rFisPasjswKvfIbjKZ2ue84Kr98v0CGTrzIDULOPFAYyFSo5IgIzcuhWNU56f5RCU652afheLuYOCRf92aUpsEEELuDweROfjYkrMguvvJPABye7dWfahbZenLmeXvpWQ2L5g0gNCU99RzP+NQlcX5iSIxizkCScGehBd0vQ4fSzh+8QTx1h5tGVKC3HaeIoZO7m11+7Mre9Zzn9JDhAB/AKQLy4QyJuoLE97GIx6AXMBXrsc/QkV1VNnSj03yShepLnOdcSPiUDQcxBkCmqB+ZafGjOI9TEnOFgOOW9jTgPjoMDTwx6+BPGDKDtHt0itTC4QZ3Mw9CXt24dUWl5e4cXSVK7kf5x5l5Flos/EF9pmuxPazl2QN/u5gLY8qKQBoYo
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739E4C8D14294F6868D18929F7C9CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b71cc84f-03ec-435e-1f41-08db5888c679
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2023 16:47:47.1395 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FVdQc14sc3fJlHuNxTGtarRv8Qrhn3qUDNBBQA3D0VR0tSOkKHIdNtDXP9NxPodHWFfWaYgG5+/Oe49HSrDGuq+onSARNN46q6TNTb3VeOQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4641
X-Proofpoint-GUID: Yvyu_Jq8wRlde3iI-dBnjQp1gU2c-tEh
X-Proofpoint-ORIG-GUID: Yvyu_Jq8wRlde3iI-dBnjQp1gU2c-tEh
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-19_12,2023-05-17_02,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 impostorscore=0 adultscore=0 clxscore=1011 spamscore=0 malwarescore=0 mlxlogscore=703 mlxscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305190143
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/DwFWy7soxiSm1RgMOhCUV3dK7Ys>
Subject: Re: [lamps] draft-housley-lamps-norevavail-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2023 16:48:02 -0000

> In my security experience, it is always better to explicitly state something – the alarm did not sound – rather than have something implied by its absence

Fair enough.

---
Mike Ounsworth

From: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
Sent: Friday, May 19, 2023 10:44 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Tim Hollebeek <tim.hollebeek@digicert.com>; Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
Cc: Joe Mandel <Joe.Mandel@secureg.io>; Tomofumi Okubo <tomofumi.okubo@gmail.com>
Subject: [EXTERNAL] Re: [lamps] draft-housley-lamps-norevavail-00

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
So yeah, exactly what Tim said: in what case is it helpful to explicitly state “No revocation info available” vs just leaving those extns out?

(Separate thread, separate issue)

In my security experience, it is always better to explicitly state something – the alarm did not sound – rather than have something implied by its absence – did the alarm sound? Do I know the CA is modern, did it make a mistake (been known to happen), etc.


Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email