[lamps] I-D Action: draft-ietf-lamps-keyusage-crl-validation-01.txt
internet-drafts@ietf.org Mon, 07 July 2025 19:13 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@mail2.ietf.org
Received: from [10.244.8.159] (unknown [104.131.183.230]) by mail2.ietf.org (Postfix) with ESMTP id 88728406608F; Mon, 7 Jul 2025 12:13:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.43.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <175191558941.1868331.13179912997742752634@dt-datatracker-6fcb845cd4-p6tkq>
Date: Mon, 07 Jul 2025 12:13:09 -0700
Message-ID-Hash: J2A7LAAOGIISTB4GUVYTJWY2MTSD6VA3
X-Message-ID-Hash: J2A7LAAOGIISTB4GUVYTJWY2MTSD6VA3
X-MailFrom: internet-drafts@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: spasm@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: spasm@ietf.org
Subject: [lamps] I-D Action: draft-ietf-lamps-keyusage-crl-validation-01.txt
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/eJJYftRHSUpYoE1wekrW0aAS6wU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
Internet-Draft draft-ietf-lamps-keyusage-crl-validation-01.txt is now
available. It is a work item of the Limited Additional Mechanisms for PKIX and
SMIME (LAMPS) WG of the IETF.
Title: Clarification to processing Key Usage values during CRL validation
Authors: Corey Bonnell
伊藤 忠彦
大久保 智史
Name: draft-ietf-lamps-keyusage-crl-validation-01.txt
Pages: 6
Dates: 2025-07-07
Abstract:
RFC 5280 defines the profile of X.509 certificates and certificate
revocation lists (CRLs) for use in the Internet. This profile
requires that certificates which certify keys for signing CRLs
contain the key usage extension with the cRLSign bit asserted.
Additionally, RFC 5280 defines steps for the validation of CRLs.
While there is a requirement for CRL validators to verify that the
cRLSign bit is asserted in the keyUsage extension of the CRL issuer's
certificate, this document clarifies the requirement for relying
parties to also verify the presence of the keyUsage extension in the
CRL issuer's certificate. This check remediates a potential security
issue that arises when relying parties accept a CRL which is signed
by a certificate with no keyUsage extension, and therefore does not
explicitly have the cRLSign bit asserted.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-keyusage-crl-validation/
There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-lamps-keyusage-crl-validation-01.html
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-ietf-lamps-keyusage-crl-validation-01
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
- [lamps] I-D Action: draft-ietf-lamps-keyusage-crl… internet-drafts
- [lamps] Re: I-D Action: draft-ietf-lamps-keyusage… Corey Bonnell