Re: [lamps] Review comment from the AD
Russ Housley <housley@vigilsec.com> Thu, 28 September 2017 14:31 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11EEB1331E7 for <spasm@ietfa.amsl.com>; Thu, 28 Sep 2017 07:31:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DSwfiMqj8PwW for <spasm@ietfa.amsl.com>; Thu, 28 Sep 2017 07:31:47 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A0131331E4 for <spasm@ietf.org>; Thu, 28 Sep 2017 07:31:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id EDFAF3002C7 for <spasm@ietf.org>; Thu, 28 Sep 2017 10:31:46 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id U3xz3RfE3v40 for <spasm@ietf.org>; Thu, 28 Sep 2017 10:31:41 -0400 (EDT)
Received: from [172.20.1.237] (h60.74.129.40.static.ip.windstream.net [40.129.74.60]) by mail.smeinc.net (Postfix) with ESMTPSA id 8F9FA300265; Thu, 28 Sep 2017 10:31:41 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <025901d337dc$917e6970$b47b3c50$@augustcellars.com>
Date: Thu, 28 Sep 2017 10:31:40 -0400
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7D7852CB-EF22-425C-8256-591437400325@vigilsec.com>
References: <024101d337c0$2069f5e0$613de1a0$@augustcellars.com> <6EC17286-BCA3-4C56-80A6-EEA8279ED5D6@vigilsec.com> <025901d337dc$917e6970$b47b3c50$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/K3264GSVfsN3pwtu3PVIDpNG6os>
Subject: Re: [lamps] Review comment from the AD
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Sep 2017 14:31:54 -0000
Jim: The CA that issued the certificate to the TSA should revoke that certificate if the TSA is compromised. So, I think that the revocation checking on the TSA certification path is enough. Russ > On Sep 27, 2017, at 6:04 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > Yes, but if the time-stamp authority has been compromised, then it is no > longer a good authority. So perhaps some extra guidance is needed about > doing two checks or something. > > Jim > > > >> -----Original Message----- >> From: Russ Housley [mailto:housley@vigilsec.com] >> Sent: Wednesday, September 27, 2017 11:56 AM >> To: Jim Schaad <ietf@augustcellars.com> >> Cc: SPASM <spasm@ietf.org> >> Subject: Re: [lamps] Review comment from the AD >> >> I think this text was supposed to say that SigningTime is the clock value > of the >> signer, which might be very wrong. One might rely on a time-stamp >> authority [RFC3161], if there is a valid attribute from one in the > message. >> Otherwise, the time that the message arrived in your mailbox is the best >> guess that you have. >> >> Russ >> >> >>> On Sep 27, 2017, at 2:40 PM, Jim Schaad <ietf@augustcellars.com> wrote: >>> >>> I have one review comment from EKR on rfc5750bis that I am not sure >>> what to do with. >>> >>> The following paragraph from Section 6 - Security Considerations >>> >>> When determining the time for a certificate validity check, agents >>> have to be careful to use a reliable time. Unless it is from a >>> trusted agent, this time MUST NOT be the SigningTime attribute found >>> in an S/MIME message. For most sending agents, the SigningTime >>> attribute could be deliberately set to direct the receiving agent to >>> check a CRL that could have out-of-date revocation status for a >>> certificate, or cause an improper result when checking the Validity >>> field of a certificate. >>> >>> The problem is two-fold: >>> 1. Should the definition of trusted agent be expanded to be more >>> clear, and 2. Should that sentence just be deleted because, even if it >>> is a trusted agent, a compromised key is going to be able to lie about > the >> time anyway. >>> >>> My memory was that this text was supposed to deal with things like >>> time-stamp agents where the time was significant, but it could be wrong. >>> >>> Jim >>> >>> >>> _______________________________________________ >>> Spasm mailing list >>> Spasm@ietf.org >>> https://www.ietf.org/mailman/listinfo/spasm > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Review comment from the AD Jim Schaad
- Re: [lamps] Review comment from the AD Russ Housley
- Re: [lamps] Review comment from the AD Jim Schaad
- Re: [lamps] Review comment from the AD Russ Housley
- Re: [lamps] Review comment from the AD Jim Schaad