Re: [lamps] draft-housley-lamps-norevavail-00

"Salz, Rich" <rsalz@akamai.com> Fri, 19 May 2023 15:43 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 950A6C151538 for <spasm@ietfa.amsl.com>; Fri, 19 May 2023 08:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UucBXm8THGuZ for <spasm@ietfa.amsl.com>; Fri, 19 May 2023 08:43:49 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C68E3C151093 for <spasm@ietf.org>; Fri, 19 May 2023 08:43:49 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.17.1.19/8.17.1.19) with ESMTP id 34JFdsJA005557; Fri, 19 May 2023 16:43:48 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=EG5bPVu8g1h+qUxO2GxB0gxoVFVrsY2ndvzm263I99o=; b=b8dlMxGoW0vQkDVY4hz0Fj1OHCqWmS9N66ELg+QArmYrl3SmFRt/v8JVDT1it9PeEgvx m2SOZufpuWp5EDmSa2wcOFubMDNxm1eQpmdCDiHe6gcA/Ccd36Z2DUzeo6CQKv17UgRL wIfDeHnbOoXHMvUWjbbELTnSLezJsOtdBH3YwPfWN6UnfePrRj6ipBBMqhLjmL2MmZK/ n16+OlGfj/YzKTMB6t2X9fCZSBNc2jCtNpR11MIP+5MXRmJcNr6khX+140YeESTFModw IheAOALZ/DR+2o6O6UFnn7MZDHtiJTG0xtZ8pJMEPgGMDX7/1cLuhwtHrIEDxwlcUkb5 rg==
Received: from prod-mail-ppoint7 (a72-247-45-33.deploy.static.akamaitechnologies.com [72.247.45.33] (may be forged)) by m0050102.ppops.net-00190b01. (PPS) with ESMTPS id 3qn7j9w0fj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 May 2023 16:43:48 +0100
Received: from pps.filterd (prod-mail-ppoint7.akamai.com [127.0.0.1]) by prod-mail-ppoint7.akamai.com (8.17.1.19/8.17.1.19) with ESMTP id 34JDA7la001921; Fri, 19 May 2023 11:43:47 -0400
Received: from email.msg.corp.akamai.com ([172.27.50.201]) by prod-mail-ppoint7.akamai.com (PPS) with ESMTPS id 3qj5vx8mqy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 May 2023 11:43:46 -0400
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com (172.27.50.203) by ustx2ex-dag4mb2.msg.corp.akamai.com (172.27.50.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.26; Fri, 19 May 2023 08:43:46 -0700
Received: from ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) by ustx2ex-dag4mb4.msg.corp.akamai.com ([172.27.50.203]) with mapi id 15.02.1118.026; Fri, 19 May 2023 08:43:46 -0700
From: "Salz, Rich" <rsalz@akamai.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
CC: Joe Mandel <Joe.Mandel@secureg.io>, Tomofumi Okubo <tomofumi.okubo@gmail.com>
Thread-Topic: [lamps] draft-housley-lamps-norevavail-00
Thread-Index: AQHZic8GhBV0phvI3UeJfDao+xLVnq9iFfIAgAAZlID//8CKgA==
Date: Fri, 19 May 2023 15:43:46 +0000
Message-ID: <BB5FA3FE-445A-44C4-B4C7-471B15310582@akamai.com>
References: <168444309553.24047.14923062710269229403@ietfa.amsl.com> <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com> <SN7PR14MB649255412EFADEE00E0F6B00837C9@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739CCB7CDDCAD1D11F04DAE9F7C9@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB5739CCB7CDDCAD1D11F04DAE9F7C9@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.72.23043001
x-originating-ip: [172.27.118.139]
Content-Type: multipart/alternative; boundary="_000_BB5FA3FE445A44C4B4C7471B15310582akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-19_11,2023-05-17_02,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 malwarescore=0 phishscore=0 adultscore=0 mlxlogscore=702 bulkscore=0 suspectscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305190132
X-Proofpoint-ORIG-GUID: p5VXSEUMbzL_Hy9N9NIgpP2J7Bwgdacg
X-Proofpoint-GUID: p5VXSEUMbzL_Hy9N9NIgpP2J7Bwgdacg
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-05-19_11,2023-05-17_02,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 priorityscore=1501 adultscore=0 impostorscore=0 phishscore=0 clxscore=1015 suspectscore=0 spamscore=0 malwarescore=0 mlxlogscore=639 lowpriorityscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2304280000 definitions=main-2305190134
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/s93qQqFEjT6kk9YD9ku0iy2rGv0>
Subject: Re: [lamps] draft-housley-lamps-norevavail-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2023 15:43:53 -0000

So yeah, exactly what Tim said: in what case is it helpful to explicitly state “No revocation info available” vs just leaving those extns out?

(Separate thread, separate issue)

In my security experience, it is always better to explicitly state something – the alarm did not sound – rather than have something implied by its absence – did the alarm sound? Do I know the CA is modern, did it make a mistake (been known to happen), etc.