Re: [lamps] Revocation Request Format?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 05 March 2018 22:29 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A259A12EA59 for <spasm@ietfa.amsl.com>; Mon, 5 Mar 2018 14:29:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KN7NqGoiZaDk for <spasm@ietfa.amsl.com>; Mon, 5 Mar 2018 14:29:47 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CFF71275AB for <SPASM@ietf.org>; Mon, 5 Mar 2018 14:29:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 21BB7BE2D; Mon, 5 Mar 2018 22:29:42 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAdT7LDDO-YZ; Mon, 5 Mar 2018 22:29:41 +0000 (GMT)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id BAE3EBE24; Mon, 5 Mar 2018 22:29:40 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1520288980; bh=yKMeVQefyC0arKUZqjPoUW2JEZtPxIjKinxfu1G950s=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=wWTYGWaola8qnFzk5zg2bUZKykMPgGhhH7PcnRUMSlh2/0F814KGvLJgpjs5vb4HY 6kYnBHJlgvXZx8N+atTzHeFSQPmbFv8D+B2zIEJxlnltdXZurMeaTIXwfqr98ptV2m JVvghM2ZIxPpTahul9q0fCs60kdckZBooFdGDCxg=
To: Russ Housley <housley@vigilsec.com>, Ryan Sleevi <ryan-ietf@sleevi.com>
Cc: SPASM <SPASM@ietf.org>
References: <CAMm+LwjAP78hNL9Yaxqaf4K9RHYGk4M8ayJjCWt=F3_VN28cFQ@mail.gmail.com> <CAErg=HEK0aJm+Xb06px=vmfpyESetdRpe2x=q+Wca=9J8nErmw@mail.gmail.com> <CAK6vND8p55yNVoXO6_eJs1ooodVBAFZovJ84ou6uj_4qHt5DGA@mail.gmail.com> <CAMm+LwjKKqaG+OjSw3KaSvwymy6mvvyEDx1sMp2EGqXqvPSdjA@mail.gmail.com> <CAErg=HFBWaSV5-mJCBO8fLP3esfnseiqqJ_Fh1x78BW9=P-kUQ@mail.gmail.com> <118164B3-8A17-45CA-8FF8-C7D2945A7DE1@vigilsec.com> <CAErg=HErsa-eYXPrW4CtB8UNO0SMYJxWm3ZR8-UiptDNuhO=wA@mail.gmail.com> <C6E68CC0-7C0F-4424-BAFC-0F4250E8EA2B@vigilsec.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <f7e5db3b-058c-38e1-91a6-c6fb2e4eb876@cs.tcd.ie>
Date: Mon, 5 Mar 2018 22:29:40 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <C6E68CC0-7C0F-4424-BAFC-0F4250E8EA2B@vigilsec.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="b5UBljAzxk4sJHjH0JpFZDQSvUbaDU2kD"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/JUeqoXN5pDvaoRTynMBerBivCBk>
Subject: Re: [lamps] Revocation Request Format?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 22:29:53 -0000


On 05/03/18 19:18, Russ Housley wrote:
> Aren't we already there, based on the CMP, CMC, and ACME protocol
> mechanisms?  Of course, any report of compromise that is not
> authenticated by the private key still must be investigated by the
> CA.
If something is to be done in this space (and I'm still not
convinced myself fwiw), then it'd be good to base that on
some public numbers wrt who's been revoking what for which
reasons. I'm not aware of studies on that, but haven't gone
looking.

Cheers,
S.