Re: [lamps] draft-housley-lamps-norevavail-00

Tomofumi Okubo <tomofumi.okubo@gmail.com> Thu, 18 May 2023 21:33 UTC

Return-Path: <tomofumi.okubo@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 223DCC151074 for <spasm@ietfa.amsl.com>; Thu, 18 May 2023 14:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJswR5gNOlly for <spasm@ietfa.amsl.com>; Thu, 18 May 2023 14:33:18 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6500C14F748 for <spasm@ietf.org>; Thu, 18 May 2023 14:33:18 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id 3f1490d57ef6-ba8a0500f4aso991035276.3 for <spasm@ietf.org>; Thu, 18 May 2023 14:33:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684445598; x=1687037598; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SEsoKF7Zd3jZ7p14viUp+qV8Hma9LUxDtvaBUUTrWfI=; b=AiOzHu3eTRjfFpAhQMKXse7g4Ql2mtmjYRulEREnTm81Se2bsWDxo5+9RAz4D4sZAo kWJ/Q6hQzoH3cjdFxNuH7LqKBKWSsboI8zSlixc9WZTsopl9nnt4rmtmRA/oJuIgM6cM pBsSOyCVgxlMtPVvZP8PLrLLO9bvdaK/bGU5Zq9Wan2HdukNGv8SFvcyDchX1LKPWKnZ ni6qDe1Bh3THpkEOQA7zf50PuHHsPK90pKL0UeXdGgeblnChCrk7EYUBvz74Exxd/bCq iNj9r8XE0VEg6RJl9eZt24oBf9/CRpkRAPIvo1w/P4slwuDimSs0FQXRV5BjHk7G0gIt iNNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684445598; x=1687037598; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SEsoKF7Zd3jZ7p14viUp+qV8Hma9LUxDtvaBUUTrWfI=; b=cSldtknYWawP6SoUZTNSBM5tgG8tqQRmnqsNc3KzV2gealKxRW3vg5p/i1cGC3ipKu GomyoD+KkiyksCpph+jvCdjlkmZMM3786EkZuOn3FzGWYDiBAaKEFCm7wuYP65+8zeAo YmJPyjzZ8A7wRrQlh+KcdT9U5IB4fcuJUS+eaIjKpvF+S3zzJQq6PyCHcnoZOTaHVsrR XowSQ0JXmTZU/T7IAS7Wcv73suyhoUK6ElViC1Q0CpcI34ZtnxG4FpurHwiecNBMni0r wmrbLDfhkwVq+T0/XdwZ1FVlK0h2hct3mjOyeFt5CmezWqGaMvFIVMhUKfqcRR+LcgTs EbkA==
X-Gm-Message-State: AC+VfDwsQgx2OcrHzIVWpirf7YYEtXnxtWyj1KLvJ3Eo8QvBTA4KfGmc RKG7jBhiwdsN6dTynZImXDcUNirFnMg23UcEl4QMKlHwPaQ=
X-Google-Smtp-Source: ACHHUZ5xfhgYO+aNHayQT8GTLenWZYwBLeCrV513XyhrpMEzy75TIZPAC6nTbG6nDnekMQ+VzY7i7RzwRW6RNlEPsE4=
X-Received: by 2002:a25:d28e:0:b0:ba8:3b52:ea9c with SMTP id j136-20020a25d28e000000b00ba83b52ea9cmr375121ybg.21.1684445597637; Thu, 18 May 2023 14:33:17 -0700 (PDT)
MIME-Version: 1.0
References: <168444309553.24047.14923062710269229403@ietfa.amsl.com> <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com>
In-Reply-To: <E2BE1DCD-A241-4DDF-A5EC-DD3209C4CDA2@vigilsec.com>
From: Tomofumi Okubo <tomofumi.okubo@gmail.com>
Date: Fri, 19 May 2023 06:33:06 +0900
Message-ID: <CAJwNE+_SX_JaRHYa8tdSx28-HJFfdvXDK1r9mxrdSeQbh5CmVg@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: LAMPS <spasm@ietf.org>, Joe Mandel <Joe.Mandel@secureg.io>
Content-Type: multipart/alternative; boundary="0000000000007d9fb705fbfe8deb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/zod628Kb5FGKm2iJXG_nJ3jmGl4>
Subject: Re: [lamps] draft-housley-lamps-norevavail-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 May 2023 21:33:23 -0000

Yes, that makes sense.
Tomofumi

On Fri, May 19, 2023, 6:23 AM Russ Housley <housley@vigilsec.com> wrote:

> I want the LAMPS WG to be aware of this I-D.  However, I do not think we
> should adopt it until the event predicted in the History section actually
> comes to pass:
>
>    With greater use of short-lived certificates in the Internet, the
>    next revision of ITU-T Recommendation X.509 [X.509-TBD] is expected
>    to allow the noRevAvail certificate extension to be used with public
>    key certificates as well as attribute certificates.
>
> Russ
>
>
> *From: *internet-drafts@ietf.org
> *Subject: **New Version Notification for
> draft-housley-lamps-norevavail-00.txt*
> *Date: *May 18, 2023 at 4:51:35 PM EDT
> *To: *"Joseph Mandel" <joe.mandel@secureg.io>, "Russ Housley" <
> housley@vigilsec.com>, "Tomofumi Okubo" <tomofumi.okubo+ietf@gmail.com>
>
>
> A new version of I-D, draft-housley-lamps-norevavail-00.txt
> has been successfully submitted by Russ Housley and posted to the
> IETF repository.
>
> Name: draft-housley-lamps-norevavail
> Revision: 00
> Title: No Revocation Available for Short-lived X.509 Certificates
> Document date: 2023-05-18
> Group: Individual Submission
> Pages: 8
> URL:
> https://www.ietf.org/archive/id/draft-housley-lamps-norevavail-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-housley-lamps-norevavail/
> Html:
> https://www.ietf.org/archive/id/draft-housley-lamps-norevavail-00.html
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-housley-lamps-norevavail
>
>
> Abstract:
>   Short-lived X.509v3 public key certificates as profiled in RFC 5280
>   are seeing greater use in the Internet.  The Certification Authority
>   (CA) that issues these short-lived certificates do not publish
>   revocation information because the certificate lifespan that is
>   shorter than the time needed to detect, report, and distribute
>   revocation information.  This specification defines the noRevAvail
>   certificate extension so that a relying party can readily determine
>   that the CA does not publish revocation information for the
>   certificate.
>
>