IETF Logo Mail Archive

Re: [lamps] Draft LAMPS Recharter

Yoav Nir <ynir.ietf@gmail.com> Wed, 02 May 2018 21:20 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A58912DA23 for <spasm@ietfa.amsl.com>; Wed, 2 May 2018 14:20:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wa5nrYogCTJt for <spasm@ietfa.amsl.com>; Wed, 2 May 2018 14:20:48 -0700 (PDT)
Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA571120721 for <spasm@ietf.org>; Wed, 2 May 2018 14:20:47 -0700 (PDT)
Received: by mail-wr0-x234.google.com with SMTP id o2-v6so12549539wrj.13 for <spasm@ietf.org>; Wed, 02 May 2018 14:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=veFpqqOWH1NsvWymKoEh/2jg+g3zuW9Vwkd4VBf6y3w=; b=teSdSIajbg+HX2fXeOQFOk+CAqhsorxJwVlYuAQ/i9eKXX4cds+GwEqKpCp3KKv5Yk go6os5whW6MFi4GE/P1VK9bdKsTb8WZzrGoN8DndUHiQYyxk7HE50+AjKw2Rrs23UdH2 ap2GwbIJNkXHN5m2dYjYIR+0bWJKtxiIF0njgbkNzDnstdBR/YPuVDNPelvtqhLYLf3I vze7oKs7yMF+v0QwgdlKl3/WpnFnnMc4sH7aJMQ4u9nl4j2c4uHyQg6Jf8g1OFaUCdSQ Nysh5kuoS7YdmoLalRM/NPUKhXYmIQX+Roj0urwd3Vm1OD9BoPcoUwSFiwNCVAFUpBK3 KX/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=veFpqqOWH1NsvWymKoEh/2jg+g3zuW9Vwkd4VBf6y3w=; b=SPLk+Zhnhhh2oetThaeWVpy5xMgIOcoUo7CltxWdTxu7H7VpCl9YPif+KYOqRPEToA JC6Nbkjwvh3/RM4YSgtxCbPUH31LcCYXaPtr8LSWGJoXa4S1rnhEUam91B7s1jdgWfwC vo1ZB059vRkwxd2NsojWi4XCKwDq42Kjk0exnnRBnF6ppeTFMaUlikyNMZcAbkL94bUq jrYPUgzvGFQMBYwni/tXAfAqiwlXSX2krcWa/D0TrbFYfUwwd/A00Fz7enx9ad6fIadX lgTx8uG5wbOKn6xmHS6kblk7J+mC+3YDrSwlU1kjuFyCOrK1/cQIvhEFrbEYWofLmtFE 1xcw==
X-Gm-Message-State: ALQs6tAdAgmVozioIWGqcF7iLwasfj3ttPRLtPhCYgVvaG9ibOSo4GHW 9uARv5FBliWtc5gr4n/hpOc=
X-Google-Smtp-Source: AB8JxZqCb8bOwVr/tnknb3KrXc/hjJQ2rv87o1jcnQGioyWxlVHHIMaun/SKclg4GhuH8UWG1kHWHQ==
X-Received: by 2002:adf:a3c7:: with SMTP id m7-v6mr15050332wrb.208.1525296046075; Wed, 02 May 2018 14:20:46 -0700 (PDT)
Received: from [192.168.1.18] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id l53-v6sm34127970wrc.80.2018.05.02.14.20.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 May 2018 14:20:45 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <64CD1067-8639-4C2C-A8EC-ED5FBC14F633@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_89532A0A-AA07-4511-96D6-F3798856A398"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Thu, 03 May 2018 00:20:42 +0300
In-Reply-To: <CAErg=HF40T1CLuu=5GebtsvFMphtSRyK+O5TpTn0pTz1v9jMgQ@mail.gmail.com>
Cc: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
References: <1D329233-AFCE-421B-81FE-EDDC30386260@vigilsec.com> <94C70910-6BA3-4364-BE43-3316AE1E51C6@vigilsec.com> <CAErg=HF40T1CLuu=5GebtsvFMphtSRyK+O5TpTn0pTz1v9jMgQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Ngk7TwGBXbie2MxfX4l_7RWQ8QM>
Subject: Re: [lamps] Draft LAMPS Recharter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 21:20:50 -0000


> On 3 May 2018, at 0:06, Ryan Sleevi <ryan-ietf@sleevi.com> wrote:
> 
> 
> 
> On Wed, May 2, 2018 at 10:41 AM, Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> wrote:
> Based on the discussion in London and the "Potential Topics for LAMPS Recharter" mail thread.  We propose the attached charter text.  Please review and comment.
> 
> Russ & Tim
> 
> = = = = = = = = =
> 
> 3. Specify the use of short-lived X.509 certificates for which no
> revocation information is made available by the Certification Authority.
> Short-lived certificates have a lifespan that is shorter than the time
> needed to detect, report, and distribute revocation information, as a
> result revoking them pointless.
> 
> I didn't see much discussion on the list in support for this, but apologies, I missed the discussion in SECDISPATCH when this draft was discussed.
> 
> Is this being envisioned for the use in the PKI typically called the "Web PKI", or is this being seen as a draft for private use cases? I have read the draft, and do not feel this was clearly and unambiguously answered.
> 
> I ask because, for various policy reasons, I would expect that undertaking this work may result in policies that explicitly prohibit it from being deployed on the Web PKI.
> 
> As a practical matter, the draft acknowledges an alternative design (namely, OCSP stapling), but its two objections to this work do not hold. As a consequence, I have concerns about the motivations for and the alternatives considered, and thus don't think LAMPS needs to consider such work in scope at this time.

Hi, Ryan.

The main motivation for me is things other than the Web PKI. There is nothing in the draft that makes it not work for the Web PKI, but I would like to leave it to the group to decide whether the Web PKI is explicitly excluded.

There is a short-term certificate document that *is* for the Web PKI. It is in the ACME working group.
https://tools.ietf.org/html/draft-ietf-acme-star-03 <https://tools.ietf.org/html/draft-ietf-acme-star-03>

Despite having some authors in common, the use cases are different.

HTH

Yoav

v2.23.0 | Report a Bug | By Email