IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00

Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 19 May 2023 16:46 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E121C14CEED for <spasm@ietfa.amsl.com>; Fri, 19 May 2023 09:46:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.696
X-Spam-Level:
X-Spam-Status: No, score=-2.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Sw5c8Cjglsd for <spasm@ietfa.amsl.com>; Fri, 19 May 2023 09:46:44 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2E1EC14CEE3 for <spasm@ietf.org>; Fri, 19 May 2023 09:46:43 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 34J9ZPPc023187; Fri, 19 May 2023 11:46:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=8vxYfj5/o99h3dt+pQi+sGndW3CMCBCQBArSq3NP1fA=; b=S+rJ72xO35OpFWStlpSdTxg2/hd3SbfeBt9GKduyyOqYruHitOc7JKjwwzV79zfzAA2O AO5d5cOVRQ0HL8lcdaEjJk+HDM2rK7NQoVeAsmRxJ14DGE+3DYhvuNs9veQUHPHQVvuF bRNZgUoefrE1VaVVp0C2Wqzgrc2ao15pJ097yQvktVOjt4vG06JlXCpPx6OFd0j2GRge iCkSyPJOqsukGCSw3k4QMMIMpRYlj/e0yQBaCGeRXqMJJevIBvS+AIL1ERFXdrHhfjC4 ITsVN5miKGw0o+jZWBY+Z/QUEGsgZQgP/Rq+lBqL5Kx57TUPb257duL/e2efgQWwXLd0 vA==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2105.outbound.protection.outlook.com [104.47.58.105]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3qj5hpghm1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 May 2023 11:46:35 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LtM7OuQDb8C3SCeISJ7spQLSAuIwE5jVA77nBjBTn3U5qQeWoRFYCljqSudp2JfLiVw8lDVJ+OrYnHupsnubvwbOA+qc9w/+eGpor5Q+1K9G55J+c3DjAzcdGNnET0Azftc2nxbfgd8e7Qz/oq+uEhEWANfb9W7M6I+FVekvaLZPUHm5n/t9mrawI4Z0OF7lpHynUBy3N9tjrseJmbVXmRRh9JXR9Lrr/CVp36L0XEy+5lNq9PyHq0IhDxw57F/JNdNLaKwR5Q885WtxvttVLJCtIMQNodREwhDDZDitstU9cWB/3jaJbLx7vxDxfm8uBZrpNTSAtB08rHqsYVitZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8vxYfj5/o99h3dt+pQi+sGndW3CMCBCQBArSq3NP1fA=; b=MIOYjIk8CNfVbhhf0bia+paz1UoOVCyTpyhKw+BupYwZR4RlPKUx5xO9yhCJ4+VSSOrGoAUFsRFgxiffxivdYJNH9JBtBwbND9xKHKxgeZMtXTI3C8glDjWtRkdXwlMutQw1QjzOnJ6rSiHmtJX/Sqr4YFtNdXPrv1/W3Frs8SbLwgXMKwqKDLsg9M6l/4kKC5TvfvGVRTgx9H2G0Evv17zH5kxDjIQje1EWvfaB3F6dC5SgM6dft6WfTFzkZUKb5Agyhgee8GdOE9wVbVWivuMnm6e0iTVMMj0mPuGOObOQFXTHJSGQGXhntxkdCkrdfzuXb0A1McptXkcOt4+AgQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by MN6PR11MB8146.namprd11.prod.outlook.com (2603:10b6:208:470::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.17; Fri, 19 May 2023 16:46:31 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f08:9ebc:8857:74f7]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::6f08:9ebc:8857:74f7%6]) with mapi id 15.20.6411.021; Fri, 19 May 2023 16:46:31 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>, Tim Hollebeek <tim.hollebeek@digicert.com>
CC: LAMPS <spasm@ietf.org>, Joe Mandel <Joe.Mandel@secureg.io>, Tomofumi Okubo <tomofumi.okubo@gmail.com>
Thread-Topic: [EXTERNAL] Re: [lamps] draft-housley-lamps-norevavail-00
Thread-Index: AQHZilonUL5acxfiUkihxSkYJITq5a9huHYQgAAKvQCAAAr2QA==
Date: Fri, 19 May 2023 16:46:31 +0000
Message-ID: <CH0PR11MB5739729E2F5E1DA986487F289F7C9@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <168444309553.24047.14923062710269229403@ietfa.amsl.com> <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com> <SN7PR14MB649255412EFADEE00E0F6B00837C9@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739CCB7CDDCAD1D11F04DAE9F7C9@CH0PR11MB5739.namprd11.prod.outlook.com> <618CBF2F-5220-49B3-854D-254CD848565C@vigilsec.com>
In-Reply-To: <618CBF2F-5220-49B3-854D-254CD848565C@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|MN6PR11MB8146:EE_
x-ms-office365-filtering-correlation-id: 0b7b8952-9b49-4b11-704c-08db5888993a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VHDzKamTQytVYTtO1IgWYU/jCb6qYi/nsnBI6HsCrqFbObTQskG0lgP2Mlw8EVeewjXRSyN9E0X0KtZyvkssPt7JrSIoqnCDNpqW/nTC6j/mJqfv6i3Pul5qiknHqzijLIHQLW5UeoieMuXsrfv+fwzEDSVBKFSS8BvoQxoRjmbPqmm3p1J/+A+LnKW3v1WqPv0bm0+g/6jdMYp88qv7jK8RJHBqknk4Tqe3y3OwermFuvWgxiKRbEnMjhxZAEuaJGINXpYQCpTJghKmGMyCdIVEwVwxophn5h2YI/0h1uai5UY6N11AkUMwllNE6SftHbqpTZYRSHjqWZdX12JGuB5Sagno+ZhhPZEmrh0mGMPyv+sPfopvnDd4wQJLO5UoCAdglDhnKx46m1G69WAYOzfy5xclJ8wy5UMwxIN69IBqiJtfBW7ZJnkdsZ7ZTsiZ3sFkl8ZEUnVmZrHg0KMwk/mVdkhb/2UEhkdj8NHwB/T1SY6Z4bxC+GRW04hf2OKH15UO+wnpLK7K4bz6DKQc1+jwT6pnPKQb7c/ZdbEsXO6OHg6rUI36C219A+/62ojUo+te8eEKNqAx45HjItoTSCsb1RFQRJi9RCEM6Qd2OLyNd1pI7o018dk/V3f/V0ndbdvRM1S8laXdlR4v2JY46Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(366004)(136003)(346002)(396003)(39840400004)(451199021)(66899021)(54906003)(66556008)(66446008)(966005)(4326008)(66476007)(66946007)(478600001)(316002)(166002)(110136005)(64756008)(33656002)(86362001)(38070700005)(71200400001)(83380400001)(53546011)(26005)(9686003)(186003)(6506007)(52536014)(7696005)(66574015)(76116006)(8676002)(2906002)(8936002)(55016003)(5660300002)(38100700002)(122000001)(41300700001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: V7jcvAzw6wV5ZE50/g3hxrVzvkDdyRDFOpMJcDJNFRac9CE7qdM60Nm8hIr1zkTmHo6a1aPB7KqDzKCsWO240AOfJwpcSEi0iEdrQQcHQ2rPos9tbRTF5xZ7Tj9IbBYOOP3s7hotM8baZziKUXV2E2sa4NbMv3gsAkx6U3ehsEb3iJd52YQrdhM3JPn77d2Ve1p5oFqsanZF5Mn13n6sUApKU70xbTKcZg4UBJR6nWNatoQ1dZ7d+iI5H9vjKijZEjtAndwq8W19MUZV/FMQ1e+DesDA5bs8E/168QHDfszgqY3p8/TehDP9rx5OLSphl2VnlxHmCN+C6OkXaTHkwiARgwiiNE4tWfIdIuKMshEZ6+/VKF4+3DmZtiVwLdBaprLYLUB2fOKkbb/YBpTeDk+jLUKEQYGPq7tpRmo7rDleAJROBwKIfBKNNgID10HIbKrEh0yf7UXeABQURXzCAWvc9TKAv0z0pNuhmXIWGwXh3p171bDhmhlcGV2NlHwHONQbrbesOGv3C/c4bQe06OO/sveyieIxZEuwgrGkDFVem73ZRpbTPX0g8lTBNb90DXQfcAJjqs77Zp2GxvxzBKTVMUdy2DLpruoPNyZaHWTAlnrQBn6TNcCpuSwWg7c8d7SVwBffp0U9IErH3Q0CgJq28YW6VEyyx66AGP+5Ok6BNWZLE7lsSoOx/gDiwIxcL8WOMAqnvFMDet3ucr+E21t930Km/EmiK2fT2t1KcFAfBAc0yFe+NWaY7wl7jj+oV/3lK15yu1+UHwaz/e9mDCEyyGzzb+HT8rU6ULOUNgRpFLRLBpmg0UA8AiwRe5c6XTb26kpOTdW9PL7OJIV3w2TCdwlJQW4DECPYq29hEt7R5yOixT7lVgZxGxZW5hq4sCAkWuwl7oGVCj0rUqNitu2hB6jeq0y3RDx8nuEFva1fmIVn7w9ny2OVRFPVYd6bUXEHLCza+NzX0+Qyp8lRdscCL/PVEgcFx3IqNaNAxCMTHl7msVq8AffiNQI2hi+W9PFeZvVADtIku/rDHSGq/3vRdQLN3IUHqaKHiklS3hMB+icKQ+1Fr/wXoSfj/WFf5g8sg+2BM7W9kYqgJTCMg0jbvKt7CtWPtRx1wxi8CkFzGLgFPiXIWZohgGyR9hHnPeZ8GI6ZZLQn0/L23YYfojCBtJj0OMWzSSdFegIX/xS90ykZwkRHZE8/V9nZftpN4nhnYKO6pKplAR2+QhM3D+C+ISXPyAa1ODyxcsjXyZQGoCcZiSVyNsXolIJvcKGmoY/0tXOthafACbyvNFPyIPdPUZpHwvoYbL+CcKg7fTlohrL3CeMLg1FnXS+NUhrfN+vXLu7xtCDQcqDeDipSit6KH86S2D8fyB1F1xE/Mz2mwLlxDCoF/IosFwFkltRF+QeQl6qBMfPeKxNMuY4JZC3OCoZfye+XTjuTlLXNL9CLKf/ZkY8itt/ASrmVLU2ZNvYqSs83xfTR7yNjb33tjPwMqGBEIuDOFU7LaAhTTSuNdudiI+IHYvdTsUJJkHCOXwhDRkJ+mF4vN27H8yXENJYOwfLlOdG7VjrOJy+iTMGosNyMPBVAJ3WSwCjDglKE
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739729E2F5E1DA986487F289F7C9CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b7b8952-9b49-4b11-704c-08db5888993a
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 May 2023 16:46:31.2297 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Wx7GM7NXF0xIMCC5HNnS54KTcGH6q807Gjrp7L6Fu/XCJFLVwTXGpyDquscqvf8fu/B9dZdQNuZlB7uQRbpfwC3t7FMrBvZZN/f6hjkA3eg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR11MB8146
X-Proofpoint-GUID: XsJ0UKF4GXQivFLl7GNOcwFXvfZbK0G_
X-Proofpoint-ORIG-GUID: XsJ0UKF4GXQivFLl7GNOcwFXvfZbK0G_
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-19_12,2023-05-17_02,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 lowpriorityscore=0 mlxlogscore=999 mlxscore=0 bulkscore=0 phishscore=0 adultscore=0 impostorscore=0 suspectscore=0 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305190142
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Gdlv3ZDlXMKXDHkGwKby3j69V1c>
Subject: Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-norevavail-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2023 16:46:48 -0000

Thanks Russ.

That explanation passes the sanity check 😊

---
Mike Ounsworth

From: Russ Housley <housley@vigilsec.com>
Sent: Friday, May 19, 2023 11:07 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: LAMPS <spasm@ietf.org>; Joe Mandel <Joe.Mandel@secureg.io>; Tomofumi Okubo <tomofumi.okubo@gmail.com>
Subject: [EXTERNAL] Re: [lamps] draft-housley-lamps-norevavail-00

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Tim and Mike:

Some applications look for revocation information using mechanisms other than pointers in certificate extensions.  While there are not too many applications that use an X.500 Directory or LDAP, these applications look in the for revocation information in the CA's entry.  Similar queries are used with or HTTP certificate repositories defined in RFC 4387.  A flag to not bother looking is desirable for these applications.

Other applications, especially browsers, use non-standard revocation checking mechanisms for the CAs that are part of their trust anchor store.  When user organizations add their own trust anchors, they are not part of these non-standard revocation checking mechanisms.  Again, a flag to not bother looking is desirable.

The LAMPS Charter includes:

   1. Specify the use of short-lived X.509 certificates for which no
   revocation information is made available by the Certification Authority.
   Short-lived certificates have a lifespan that is shorter than the time
   needed to detect, report, and distribute revocation information.  As a
   result, revoking short-lived certificates is unnecessary and pointless.

It seems to me that a document stating that the lack of certain certificate extensions offers an opportunity for uncertainly.

Russ



On May 19, 2023, at 11:30 AM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>> wrote:

+1 to Tim’s question.


> Short-lived X.509v3 public key certificates as profiled in RFC 5280
   are seeing greater use in the Internet.

What, specifically, are the use-cases driving this? If it’s browsers then I’d like to hear from a browser vendor about how they want to handle lack of revocation info (I suspect they just ignore it).

So yeah, exactly what Tim said: in what case is it helpful to explicitly state “No revocation info available” vs just leaving those extns out?

---
Mike Ounsworth

From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Tim Hollebeek
Sent: Friday, May 19, 2023 8:59 AM
To: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>; LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Cc: Joe Mandel <Joe.Mandel@secureg.io<mailto:Joe.Mandel@secureg.io>>; Tomofumi Okubo <tomofumi.okubo@gmail.com<mailto:tomofumi.okubo@gmail.com>>
Subject: [EXTERNAL] Re: [lamps] draft-housley-lamps-norevavail-00

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Russ,

Can you briefly describe the advantages of explicitly stating this in a short-lived certificate, instead of simply omitting all relevant revocation fields?

-Tim

From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Russ Housley
Sent: Thursday, May 18, 2023 5:24 PM
To: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Cc: Joe Mandel <Joe.Mandel@secureg.io<mailto:Joe.Mandel@secureg.io>>; Tomofumi Okubo <tomofumi.okubo@gmail.com<mailto:tomofumi.okubo@gmail.com>>
Subject: [lamps] draft-housley-lamps-norevavail-00

I want the LAMPS WG to be aware of this I-D.  However, I do not think we should adopt it until the event predicted in the History section actually comes to pass:

   With greater use of short-lived certificates in the Internet, the
   next revision of ITU-T Recommendation X.509 [X.509-TBD] is expected
   to allow the noRevAvail certificate extension to be used with public
   key certificates as well as attribute certificates.

Russ


From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
Subject: New Version Notification for draft-housley-lamps-norevavail-00.txt
Date: May 18, 2023 at 4:51:35 PM EDT
To: "Joseph Mandel" <joe.mandel@secureg.io<mailto:joe.mandel@secureg.io>>, "Russ Housley" <housley@vigilsec.com<mailto:housley@vigilsec.com>>, "Tomofumi Okubo" <tomofumi.okubo+ietf@gmail.com<mailto:tomofumi.okubo+ietf@gmail.com>>


A new version of I-D, draft-housley-lamps-norevavail-00.txt
has been successfully submitted by Russ Housley and posted to the
IETF repository.

Name:               draft-housley-lamps-norevavail
Revision:          00
Title:                  No Revocation Available for Short-lived X.509 Certificates
Document date:            2023-05-18
Group:                            Individual Submission
Pages:               8
URL:            https://www.ietf.org/archive/id/draft-housley-lamps-norevavail-00.txt<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-housley-lamps-norevavail-00.txt__;!!FJ-Y8qCqXTj2!aGMAtEGaEzGgAUElR2nDasYxEQAhagSpUVcwvvjJ8qnwC15CYPwQHfT9-eSKkHmj5jgvQ9FdRxmcWssDffszb-HLx4OSEx4UdNwr7O5FiA$>
Status:         https://datatracker.ietf.org/doc/draft-housley-lamps-norevavail/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-housley-lamps-norevavail/__;!!FJ-Y8qCqXTj2!aGMAtEGaEzGgAUElR2nDasYxEQAhagSpUVcwvvjJ8qnwC15CYPwQHfT9-eSKkHmj5jgvQ9FdRxmcWssDffszb-HLx4OSEx4UdNw-m8lCCA$>
Html:           https://www.ietf.org/archive/id/draft-housley-lamps-norevavail-00.html<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-housley-lamps-norevavail-00.html__;!!FJ-Y8qCqXTj2!aGMAtEGaEzGgAUElR2nDasYxEQAhagSpUVcwvvjJ8qnwC15CYPwQHfT9-eSKkHmj5jgvQ9FdRxmcWssDffszb-HLx4OSEx4UdNyD5wXkvA$>
Htmlized:       https://datatracker.ietf.org/doc/html/draft-housley-lamps-norevavail<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-housley-lamps-norevavail__;!!FJ-Y8qCqXTj2!aGMAtEGaEzGgAUElR2nDasYxEQAhagSpUVcwvvjJ8qnwC15CYPwQHfT9-eSKkHmj5jgvQ9FdRxmcWssDffszb-HLx4OSEx4UdNx-cXhRbw$>


Abstract:
  Short-lived X.509v3 public key certificates as profiled in RFC 5280
  are seeing greater use in the Internet.  The Certification Authority
  (CA) that issues these short-lived certificates do not publish
  revocation information because the certificate lifespan that is
  shorter than the time needed to detect, report, and distribute
  revocation information.  This specification defines the noRevAvail
  certificate extension so that a relying party can readily determine
  that the CA does not publish revocation information for the
  certificate.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!b90XB8YZSLOoIZNy0j8NcQnhetFFJhOxh2mvwKxxG-XqV1uANDSQ7MeMXJUCt-eQZ1BtPT8wZKwoVGQInZK2yA$>

v2.23.0 | Report a Bug | By Email