Re: [lamps] Revocation Request Format?

Tim Hollebeek <tim.hollebeek@digicert.com> Sat, 03 March 2018 04:17 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C68C12EAE0 for <spasm@ietfa.amsl.com>; Fri, 2 Mar 2018 20:17:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bKevAZJpZ8kJ for <spasm@ietfa.amsl.com>; Fri, 2 Mar 2018 20:17:33 -0800 (PST)
Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43BE812EABD for <SPASM@ietf.org>; Fri, 2 Mar 2018 20:17:33 -0800 (PST)
Received: from [216.82.242.46] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-8.bemta-8.messagelabs.com id EA/B7-31372-CD12A9A5; Sat, 03 Mar 2018 04:17:32 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTfUxTVxjGd+5He6nUXC8I76pkszEaa6jFxNj oEhf9Q1ziosnQrDPqRa9tY79yb9Uas6xqJAP8qKYJ0InV2BHUoVMRQULEJviJX0TRUBBBUAGb ThGnZhne3lP8uH+c/M55nve8z7k5hyG5MrWOEXxeQXTxDr1KQ902Hs3OjU0JWUyBU1nm/f/8g cyjjwco84HuSmQ+1L7ueyq/IdSlzr9zYoTIj0TeEfk7GxupZZSFtrsK3b61tK3h7GHSs7PAd+ thOeFHb5aVoDSGYhMEdCSMJUjDcGyQgHA8SOBJN4KBhj100qViTdDedIVIciZbAKeqWxUm2fl wpyWicAY7Cxp7a0jsMcGuB7U05h8h3ldP425T4dH2LlWStewqOFJ2H+FmzwnYcbJU2SiNXQ5v a+sUE2Kz4N/rf6WaZUNHX1hhYDOh5+4NFeaJMPDkfxr7V0HlcDS1roeTLzpT/hxoC5cqzYBtV 8Pdo80pkxHO7Y8jzEthdyxAYVMxAV0HR0ksGKAjUqzGvBEOJH6nMP8Ao637SFwgH8H/5gKNhc nwtPSQCgtPaTjWWaXk4Nj1EDw+lu82glePfg4gQ+iz44XkGpINI6iI3iBDyo+aANcq+ihsskC srpvEbIDIjlE15m/gfPxgan0GvA7EUv6ZUHVkKLU+H8rfX1JhngLB0p5U7RwYanmJDqNxx9F0 SRA3C2LubGOhaLfavE7e7sjNM5mNTkGSeKvg4Asl4zq38wySr+RX8leP3v23MIq+Zgj9RG1/T 4WFG1/oXr/Vxku2NeImhyBF0WSG0YO26tuQhZsgClbBt8HukO/1mAxMuj5TuzQpayUP75TsVi xdRwuY2rJnRSRT2zsgj83K+PD5UBHJUS63S9Bla/3JMjZZZtvk+rjp2HtpQzm6DC2SY3LpHkF 02r1f6oMom0H6DO138rPi0u0u78feg3IsQo6ljpcnY3n5T5LOjzzLo5qay21LNCvOzLj2uDm8 yNpYcqtoyYhQ6Ru+VzF3cNovosab01vz7Oa27W+5F1RwemJBdUm9d8u+6qGsYl3TJHf1vL+bP P2Lft17of/qlpjpwVm6M2/2iGdxQfrqV69P90US5pX+4amtf9p7DYO7/dxP0D8+rc15M2C4GP qtpU5PSTY+z0CKEv8BQBKPHCoEAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-13.tower-96.messagelabs.com!1520050650!84114086!1
X-Originating-IP: [207.46.163.23]
X-StarScan-Received:
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 24379 invoked from network); 3 Mar 2018 04:17:31 -0000
Received: from mail-dm3nam03lp0023.outbound.protection.outlook.com (HELO NAM03-DM3-obe.outbound.protection.outlook.com) (207.46.163.23) by server-13.tower-96.messagelabs.com with AES256-SHA256 encrypted SMTP; 3 Mar 2018 04:17:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4xVNemtB9LmYOQ+M8srLTlitt7CtFvb1JPuVW+jKvrc=; b=So9yGexc4XQnuuXaX1Dkl9+R/MUFgm/ZL65KRZuM7N1JWIP/lYpYWn/mycCwJgiRRIrUoHfBQnkdqlwgxrVUrOYB6Wz2FGJS6ckH+xmFrRUHl/OdLND7fQiLdYSVrRuvkVXbM/SAQC6Ee4u2D+9bRn/8c4e8p0HUscGlClSuNjM=
Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1741.namprd14.prod.outlook.com (10.171.147.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sat, 3 Mar 2018 04:17:29 +0000
Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32%18]) with mapi id 15.20.0548.014; Sat, 3 Mar 2018 04:17:28 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>, Phillip Hallam-Baker <phill@hallambaker.com>
CC: SPASM <SPASM@ietf.org>, Peter Bowen <pzbowen@gmail.com>
Thread-Topic: [lamps] Revocation Request Format?
Thread-Index: AQHTsjInSyN45zGu70muhef4KLLyqaO9HOwAgABBwICAAAPKgIAAEXSAgABwX9A=
Date: Sat, 3 Mar 2018 04:17:28 +0000
Message-ID: <MWHPR14MB1376B96A3D7443EE655E68C583C40@MWHPR14MB1376.namprd14.prod.outlook.com>
References: <CAMm+LwjAP78hNL9Yaxqaf4K9RHYGk4M8ayJjCWt=F3_VN28cFQ@mail.gmail.com> <CAErg=HEK0aJm+Xb06px=vmfpyESetdRpe2x=q+Wca=9J8nErmw@mail.gmail.com> <CAK6vND8p55yNVoXO6_eJs1ooodVBAFZovJ84ou6uj_4qHt5DGA@mail.gmail.com> <CAMm+LwjKKqaG+OjSw3KaSvwymy6mvvyEDx1sMp2EGqXqvPSdjA@mail.gmail.com> <CAErg=HFBWaSV5-mJCBO8fLP3esfnseiqqJ_Fh1x78BW9=P-kUQ@mail.gmail.com>
In-Reply-To: <CAErg=HFBWaSV5-mJCBO8fLP3esfnseiqqJ_Fh1x78BW9=P-kUQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [98.111.253.132]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR14MB1741; 6:AEdwiG9q4tRUuhnzEO5UB8FxUssNKDipQ3jqujlRkLIu+U/DeG6clJI2NI0T1qUEzHfw0U4zdCWHbB9093JM6RtCMN4q/yhfrNyFWaZKZouYhZVftsd+hpGEZ85vOngo9fOE3P5AzpdwccXm9JxwIX8PCaeTr+RDrWCFJJrtFa7/6tuAzjabL9989mHLdOH7r155SRteyxbMuQme2vQTw66lZkvLph/oSda9RNF1BLiEibCqkNhlKxyXB2VMrv7lwRNfBjsr/jqC3mXOjbS47kxVh08VKMQXkriZDBSUWs490ELdhfmxlqrCMS5L4T7bUQXWt/KEktvnodMqpmz9F7w2y0g79nwlBa/EgBSA4P5P9TysF0G+OYt0G3jZZE5F; 5:YfJy3qFzjKOlHQpmg88+NfSTWW96py7DbOb9mbnXMIZjVCxKCr7e9b9sOvffFw+S9WSRTGUvuadTp97McZHFvYgpONwxbD0+73j22InjkTgi96JJu0avUl9/mMs004cZsWXmDowuzKT0Wg+3AGfi8uYhKsHWU6AYo8skAg9ucLo=; 24:ao05ZP4pYUwDcwTQyqGq7vXou7bfvml26fKE0yNPRiKd4lKQ3ZLBBqtxOtXNKGENYUvUL5TmRY5uZgmDfq2vwoOjhJl6QPGKBgCgXewx6BU=; 7:BaNF6TIqVsJLWqBD8257nKLkvbkrJtGqcHPMEdgLcyK5dKHMDgfqze7FLK7gI4ifpluaVd+SR/3g8vFA/0mQcwqqUS2u8jze8RnfefmYH4i4NMSeI0ZJ+pZy7GYcGGznCTgOopOMxAfB51I3SFKe9oFPMTmGhGVCXGFBZIiUgkWoETpcAghEvH9uzUvmhfRl2GEdvlVRU2P+aReHkCQq4C4ueL46AuXo+j6l0WXU6m6rXvRrYBSpvJCw3/hUr9Ev
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: eb34aee5-1d5b-4fa5-bd0d-08d580bdad6b
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(7021125)(4534165)(7022125)(4603075)(4627221)(201702281549075)(7048125)(7024125)(7027125)(7028125)(7023125)(5600026)(4604075)(3008032)(2017052603307)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1741;
x-ms-traffictypediagnostic: MWHPR14MB1741:
x-microsoft-antispam-prvs: <MWHPR14MB174131171947DFCE8974A50983C40@MWHPR14MB1741.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231220)(944501244)(52105095)(10201501046)(3002001)(6041288)(20161123558120)(20161123560045)(20161123562045)(20161123564045)(2016111802025)(6072148)(6043046)(201708071742011); SRVR:MWHPR14MB1741; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1741;
x-forefront-prvs: 0600F93FE1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(376002)(39860400002)(396003)(39380400002)(189003)(199004)(110136005)(478600001)(229853002)(54906003)(3660700001)(186003)(102836004)(5660300001)(8936002)(74316002)(33656002)(6506007)(81166006)(8676002)(81156014)(7736002)(97736004)(26005)(5250100002)(790700001)(3846002)(6116002)(105586002)(9686003)(54896002)(6306002)(55016002)(6436002)(6246003)(53936002)(93886005)(2900100001)(25786009)(2950100002)(316002)(39060400002)(106356001)(2906002)(3280700002)(4326008)(7696005)(68736007)(14454004)(66066001)(86362001)(99936001)(99286004)(76176011); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1741; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: B3aUO4DTx+HhLuIqMdDbErNvWs1kHg0FRE7mPZyp2IaAojK/n7m9jk85F5PaAvyGV1rSWHZUwiTA4IMqr4xhiV6Ba80g0pnVz4nVg43wslnDn5RUjN7zCno7LjotUNZl2t06TRQoWdXDIYyTrhx+Rdl6Zl8j7K3T577KWlXmmX8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_040A_01D3B26B.DCD7EEA0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eb34aee5-1d5b-4fa5-bd0d-08d580bdad6b
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2018 04:17:28.8392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1741
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/K90JbXDiIvLT5ti_68SS8BJJ0OA>
Subject: Re: [lamps] Revocation Request Format?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Mar 2018 04:17:35 -0000

Right.  If there is an assertion that public key X is bound to Ryan Sleevi, 
and I, as an individual who is provably not Ryan Sleevi [1], can successfully 
sign anything as Ryan Sleevi, revocation is required.



We need to make sure that any revocation rules and policies that exist respect 
that principle.



-Tim



[1] How many people can actually prove that?  Other than Ryan?



Because it's a demonstration of compromise. Any attempt to define how that 
demonstration of compromise is proved (which I think is *bad* standardization) 
is to make it more difficult to report or demonstrate compromise.