Re: [lamps] Draft LAMPS Recharter

Ryan Sleevi <> Wed, 02 May 2018 21:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2023412DA23 for <>; Wed, 2 May 2018 14:06:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vY-0H4X05X0M for <>; Wed, 2 May 2018 14:06:20 -0700 (PDT)
Received: from ( []) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 669BC12420B for <>; Wed, 2 May 2018 14:06:20 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id E5C7820051C39 for <>; Wed, 2 May 2018 14:06:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type;; bh=9MforRsQ6QEDEqWtQnuKwEd6OCw=; b= k8ArDHqpdPCBXWtP7KMoTIicfMHRrsOG7iwqdOQLTQKoLmhzSjlvA+c61FZP9QJr mT3IAk0wg8egX/uxmyygj+qQ4z6+nriCMzP5UxgChU0zgK7m5mnJy8+rNXVoZLoc muFxe7va3xcx+Rq9o0WmRXYpeK4+Ms5zA50jXRTZpHw=
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id D691920051C36 for <>; Wed, 2 May 2018 14:06:19 -0700 (PDT)
Received: by with SMTP id t23-v6so19155036ioc.10 for <>; Wed, 02 May 2018 14:06:19 -0700 (PDT)
X-Gm-Message-State: ALQs6tCaGe4NbgZXoiBiiglZTM0nRM/HIirTV0iKSrmLbUQA7XOXEGB7 +mcg085roLYH+GIdrOL7GyA4eOXvufLtCbLHYjk=
X-Google-Smtp-Source: AB8JxZoXAUpvCzGbMW3MjTv8KN7Tz5aAV2J8WYkRl+d+bamFp61L6grZl895g3YqLiKnx+IZiWIc6HE6dtLDSRSg3lQ=
X-Received: by 2002:a6b:d312:: with SMTP id s18-v6mr18736792iob.284.1525295179291; Wed, 02 May 2018 14:06:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:985a:0:0:0:0:0 with HTTP; Wed, 2 May 2018 14:06:18 -0700 (PDT)
In-Reply-To: <>
References: <> <>
From: Ryan Sleevi <>
Date: Wed, 02 May 2018 17:06:18 -0400
X-Gmail-Original-Message-ID: <>
Message-ID: <>
To: Russ Housley <>
Cc: LAMPS <>
Content-Type: multipart/alternative; boundary="00000000000056eade056b3f7533"
Archived-At: <>
Subject: Re: [lamps] Draft LAMPS Recharter
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 May 2018 21:06:22 -0000

On Wed, May 2, 2018 at 10:41 AM, Russ Housley <> wrote:

> Based on the discussion in London and the "Potential Topics for LAMPS
> Recharter" mail thread.  We propose the attached charter text.  Please
> review and comment.
> Russ & Tim
> = = = = = = = = =
> 3. Specify the use of short-lived X.509 certificates for which no
> revocation information is made available by the Certification Authority.
> Short-lived certificates have a lifespan that is shorter than the time
> needed to detect, report, and distribute revocation information, as a
> result revoking them pointless.

I didn't see much discussion on the list in support for this, but
apologies, I missed the discussion in SECDISPATCH when this draft was

Is this being envisioned for the use in the PKI typically called the "Web
PKI", or is this being seen as a draft for private use cases? I have read
the draft, and do not feel this was clearly and unambiguously answered.

I ask because, for various policy reasons, I would expect that undertaking
this work may result in policies that explicitly prohibit it from being
deployed on the Web PKI.

As a practical matter, the draft acknowledges an alternative design
(namely, OCSP stapling), but its two objections to this work do not hold.
As a consequence, I have concerns about the motivations for and the
alternatives considered, and thus don't think LAMPS needs to consider such
work in scope at this time.