[lamps] Revocation Request Format?

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 02 March 2018 14:24 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C16A7124B18 for <spasm@ietfa.amsl.com>; Fri, 2 Mar 2018 06:24:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7BvRIo6IGeYS for <spasm@ietfa.amsl.com>; Fri, 2 Mar 2018 06:24:10 -0800 (PST)
Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C3DF1201F8 for <SPASM@ietf.org>; Fri, 2 Mar 2018 06:24:07 -0800 (PST)
Received: by mail-oi0-x231.google.com with SMTP id u73so7147133oie.3 for <SPASM@ietf.org>; Fri, 02 Mar 2018 06:24:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=E2qkv0b3y83VSVsnpBnYYJDUa05xQEpv4u+Vztgs6Bo=; b=szKBpZSHrdckZNyHVVcV3F8V8TpuZebAkfVoaJpWF+nTj1AU/eyCH5UYC1zeX1BL2q 9p1KBEaJGuAkaKRnNHXK+TnQaBGW/avJ2gAlhKesrUhW5d/AvTRtINgP5BN3pAXgW2SY G7w+YHnu2sosT4y80UvyWqeV+pvDETD44T/CEkqK6lF0MCh+VPk8L9PS4Ory5I7Ki2pz J2jRxQOXxwD3fWC9hCp5NQBUg7d6KtTI9kkerV5lzswxwyiMyaPxRc/9hQ/Bd6TWDulR S8rnjNEuen3CIXLkPuSD78Cyl77qnEOEB9jkxBQVKEbDo7ruqvE6FXvpOmPR/Sc7XS2G 99tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=E2qkv0b3y83VSVsnpBnYYJDUa05xQEpv4u+Vztgs6Bo=; b=ccRCYNRJlGSB1qcgxDJ6Vci0lSBvmTYrGitGtweCrsSytxJEl2vaJOhYKE0vFE5jmk NdIO7+0mTD1xPt62pmaHzkrK6soWQBuc8icc/+uc3WtqGSc8c2TjJw7BdxJypjijRdSB 7J/u6inT5gcHg9j/vY7MXpzsPS8b8zFeMPWUX3X0v8F8pKi2jLjPpTuD0rDKt8oKlh3c FQQh9HjUdMqUoXm1+b/HvJji7SwR4YMhxrCbvbWBRnbeiCmPDTXvhccpixsGDVWcrJiX zusOeiWu065m4d8ItqpjtqYwwJj/GzD2G8mh7AQql4A5wCy2KLkORSi7kdrVOW4GvnLU l6ww==
X-Gm-Message-State: AElRT7HOJK8/SKgeBQg4Yz7qxDywCPMT086Mopkx6a1HBZahPcjywgpA Obq9h6yNfWYuuk4efzFhzhq4Vj3G28RVvP8jxLI=
X-Google-Smtp-Source: AG47ELspIhzR2Vvje8yDlE7wzaqwI3zdPzAIg1T7VIKhrgK9DPsWoMYuraYpzgUY6kWsdssz6N2BFpfp2sZ7K7CLkpw=
X-Received: by 10.202.181.87 with SMTP id e84mr3573446oif.271.1520000645969; Fri, 02 Mar 2018 06:24:05 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.5.5 with HTTP; Fri, 2 Mar 2018 06:24:05 -0800 (PST)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 2 Mar 2018 09:24:05 -0500
X-Google-Sender-Auth: oxEfLwdzXsk-pFC96G4M6H_8VIs
Message-ID: <CAMm+LwjAP78hNL9Yaxqaf4K9RHYGk4M8ayJjCWt=F3_VN28cFQ@mail.gmail.com>
To: SPASM <SPASM@ietf.org>
Content-Type: multipart/alternative; boundary="001a113ce2e48fbcc405666ebadf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/qeVHLeG6-Q_47QKNdyOOxsAT3Zk>
Subject: [lamps] Revocation Request Format?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Mar 2018 14:24:12 -0000

Do we have a PKIX revocation request format?

I am asking because of a detail in the Trustico situation in which a file
of 23K private keys was emailed to a CA to request revocation.

At the point, the circumstances of that situation are not clear. But I can
see a scenario in which it is entirely plausible that a CA reseller would
have access to large numbers of TLS private keys and that is when they are
either hosting or managing the Web sites.

The management interfaces that allow Web sites to be wheeled around a data
center have become very sophisticated of late with virtualization and much
of that infrastructure is 'secret sauce'.

What might appear to be a five racks of 100 separate machines is likely
visible in the management console as one single entity.