Re: [lamps] draft-housley-lamps-norevavail-00
Jeffrey Walton <noloader@gmail.com> Mon, 22 May 2023 19:26 UTC
Return-Path: <noloader@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 791C7C14CE47 for <spasm@ietfa.amsl.com>; Mon, 22 May 2023 12:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.903
X-Spam-Level:
X-Spam-Status: No, score=0.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BOMB_FREEM=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_DOTEDU=1.999] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqxXWIkIemT4 for <spasm@ietfa.amsl.com>; Mon, 22 May 2023 12:26:43 -0700 (PDT)
Received: from mail-oo1-xc33.google.com (mail-oo1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8226C14CF18 for <spasm@ietf.org>; Mon, 22 May 2023 12:26:43 -0700 (PDT)
Received: by mail-oo1-xc33.google.com with SMTP id 006d021491bc7-555536b85a0so620995eaf.2 for <spasm@ietf.org>; Mon, 22 May 2023 12:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684783603; x=1687375603; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=y4esNjUNpAuxE1CPru096VyQL56uEZ+t2CJz8Ebw6to=; b=RWOIw6G8cwB8NVJy4B3k7EjIJKQyd3auphWEjuBdqUeGZGvjrTWTJXenIY67jMMHjF D15o9w84hQYcru2uN2kpbZoCg9GH0zFwLHd3UovK4FzMYj0OxF2g0PXq+AHkRYWP4Sh/ w2uBlUlg6XQajCN6QSIqa76QSD8brtJo7eXESbbursizbj5eykr5E/16/21qnoqDZ6bh +ertuNBNk5VnUsBt9BDqu73Fjk+YAVGazXT71W7Th/GDosPKo2ajZQTLtG8jGDe5++O9 YIRxkzylxsO9SVEdHO7f1RLlBUHsJ+c0br+cH2ucN32drbMlSteYRpI69+HhiA77+PpJ CCzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684783603; x=1687375603; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=y4esNjUNpAuxE1CPru096VyQL56uEZ+t2CJz8Ebw6to=; b=UARQbJqmgR9Ux9VQlpti+doh/J5XsT16V0iwI0/h4EbAIzJ+kLdtHopgLxeZ7qPuY0 V/HYHGs2Qiz/ZM7xrUY0jIrO7kTHSvjGAhG0LtAOoYrVcZ4lYYmG7yd0taZQ1n5orJth pYPbiMSj1r5e2d6cw5DurxUt84YQIB91/9ua4BQbf1uvrdKXjUfZzQpfyyWa1mA3JdKQ 6rKwfaL4jLXe6qBnqJEQ/Bj2RYuz780+nEsXnyf5Xf5Q9XkoupgkEjYcUnyumgkZXawc brXYIXR68p9P+LKK7ILt6Jpm60P2tIPbgoeQQ6h7QsLgpbm7OJWra9iGhpJRk4q30Blo yXUQ==
X-Gm-Message-State: AC+VfDwZcXyqHoEqQTHQTJQvxnPyKpxhFO8F2ug0mUWy4Fa07M8zGrkx qBZ7Wh6Rp5uoNw2+17+ZVHhzbw6ZS09BHRFlQrY=
X-Google-Smtp-Source: ACHHUZ4qR3wJb+Iz3yzGsSbLFGeDZA4dhjSAQSXjKo4lNATMkiVCn2oc9+B8jjqllHnlyYiRx54zYER9V9//I9riobI=
X-Received: by 2002:a4a:2718:0:b0:555:4e59:1834 with SMTP id l24-20020a4a2718000000b005554e591834mr1784190oof.0.1684783602807; Mon, 22 May 2023 12:26:42 -0700 (PDT)
MIME-Version: 1.0
References: <168444309553.24047.14923062710269229403@ietfa.amsl.com> <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com> <SN7PR14MB649255412EFADEE00E0F6B00837C9@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739CCB7CDDCAD1D11F04DAE9F7C9@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739CCB7CDDCAD1D11F04DAE9F7C9@CH0PR11MB5739.namprd11.prod.outlook.com>
Reply-To: noloader@gmail.com
From: Jeffrey Walton <noloader@gmail.com>
Date: Mon, 22 May 2023 15:26:31 -0400
Message-ID: <CAH8yC8mGySUWNAKHmvBXAcNGN2Q_sfCT=wRu2i8xoqabchxgcQ@mail.gmail.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Cc: LAMPS <spasm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/pZO42ku_a3-4I-WHNhn9bpdpFUA>
Subject: Re: [lamps] draft-housley-lamps-norevavail-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 May 2023 19:26:47 -0000
On Fri, May 19, 2023 at 11:31 AM Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> wrote: > > [...] > > Short-lived X.509v3 public key certificates as profiled in RFC 5280 > > are seeing greater use in the Internet. > > What, specifically, are the use-cases driving this? If it’s browsers then I’d like to hear from a browser vendor about how they want to handle lack of revocation info (I suspect they just ignore it). In the old days, one of the problems being addressed was mobile clients on 2G/3G connections. Apps would hang while downloading a 60MB or 80MB CRL. It affected Browser-based apps and native apps. One of the work-arounds was short-lived certificates to cut down on CRL size. Things have settled on 3-month longevity. Google experimented with 1-month in the past. (OCSP has some of its own problems). It is not limited to mobile clients, though. Internet poverty is still a widespread problem: https://www.brookings.edu/blog/future-development/2022/03/31/internet-poverty-the-next-frontier-in-development/. > So yeah, exactly what Tim said: in what case is it helpful to explicitly state “No revocation info available” vs just leaving those extns out? Jeff
- [lamps] draft-housley-lamps-norevavail-00 Russ Housley
- Re: [lamps] draft-housley-lamps-norevavail-00 Tomofumi Okubo
- Re: [lamps] draft-housley-lamps-norevavail-00 Tim Hollebeek
- Re: [lamps] draft-housley-lamps-norevavail-00 Mike Ounsworth
- Re: [lamps] draft-housley-lamps-norevavail-00 Salz, Rich
- Re: [lamps] draft-housley-lamps-norevavail-00 Salz, Rich
- Re: [lamps] draft-housley-lamps-norevavail-00 Russ Housley
- Re: [lamps] draft-housley-lamps-norevavail-00 Russ Housley
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] draft-housley-lamps-norevavail-00 Mike Ounsworth
- Re: [lamps] draft-housley-lamps-norevavail-00 Tim Hollebeek
- Re: [lamps] draft-housley-lamps-norevavail-00 Tim Hollebeek
- Re: [lamps] draft-housley-lamps-norevavail-00 Russ Housley
- Re: [lamps] draft-housley-lamps-norevavail-00 Seo Suchan
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Russ Housley
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Deb Cooley
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] draft-housley-lamps-norevavail-00 Jeffrey Walton
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Watson Ladd
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Tim Hollebeek
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Tim Hollebeek
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Russ Housley
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Russ Housley
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Salz, Rich
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: draft-housley-lamps-no… Michael StJohns