Re: [stir] Kathleen Moriarty's No Objection on draft-ietf-stir-certificates-11: (with COMMENT)

Paul Kyzivat <> Thu, 03 November 2016 16:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AAF7D12949B for <>; Thu, 3 Nov 2016 09:23:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.698
X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DyZiunPbzPvl for <>; Thu, 3 Nov 2016 09:23:18 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 73928129505 for <>; Thu, 3 Nov 2016 09:23:18 -0700 (PDT)
X-AuditID: 1207440e-c7bff70000000b1c-2f-581b6475a540
Received: from (OUTGOING-ALUM.MIT.EDU []) by (Symantec Messaging Gateway) with SMTP id 4F.C4.02844.5746B185; Thu, 3 Nov 2016 12:23:17 -0400 (EDT)
Received: from [] ( []) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by (8.13.8/8.12.4) with ESMTP id uA3GNGcG000766 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <>; Thu, 3 Nov 2016 12:23:17 -0400
References: <> <>
From: Paul Kyzivat <>
Message-ID: <>
Date: Thu, 03 Nov 2016 12:23:16 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrJIsWRmVeSWpSXmKPExsUixO6iqFuaIh1hMPWYicXytduYHBg9liz5 yRTAGMVlk5Kak1mWWqRvl8CV0fXiImtBJ1dF22WZBsYWji5GTg4JAROJk6fvMncxcnEICVxm lHje9I0VJCEk8IpJovexMYgtLJApcfvZfTYQW0RAUOLejNNMEDWNjBIrLlqA2GwCWhJzDv1n AbF5BewlLk1fzQhiswioSPQ2PAGLiwqkSWxft5sZokZQ4uRMiDingK3El7X3wPYyC5hJzNv8 kBnClpdo3jqbeQIj3ywkLbOQlM1CUraAkXkVo1xiTmmubm5iZk5xarJucXJiXl5qka6xXm5m iV5qSukmRkiI8e1gbF8vc4hRgINRiYd3hp90hBBrYllxZe4hRkkOJiVR3sUxQCG+pPyUyozE 4oz4otKc1OJDjBIczEoivJsSgXK8KYmVValF+TApaQ4WJXFetSXqfkIC6YklqdmpqQWpRTBZ GQ4OJQne1GSgRsGi1PTUirTMnBKENBMHJ8hwHqDhOiA1vMUFibnFmekQ+VOMilLivM+SgBIC IImM0jy4XlgKeMUoDvSKMK8NSDsPMH3Adb8CGswENNg8SQJkcEkiQkqqgZG5ZvkkR0Nv4Qv2 6f/fX/tlKs4XN7tuF7dqpGxqRfITv5hzXxfN2OrN2agXHci2Ucrh3aF1Cq6LO/eevbrBpd7x 5JLra1aWHrq3LErD7t+n8B/lsz8p/Dy7aXLR2Ysq4l42n14r63mxHdeNT7nx8fWej87nTE0D jj85FT3j90ebUIY3+Q7fT19WYinOSDTUYi4qTgQA6tgG4twCAAA=
Archived-At: <>
Subject: Re: [stir] Kathleen Moriarty's No Objection on draft-ietf-stir-certificates-11: (with COMMENT)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Nov 2016 16:23:20 -0000


On 11/2/16 9:01 PM, Sean Turner wrote:

>> I don't see any references to RFCs that update RFC5280, like RFC6818.  It
>> would be good to include these when 5280 is used for revocation methods
>> mentioned.  6818 is for CRLs.
> There’s only one RFC that updates 5280 - 6818 ;)  I guess this gets down to your philosophy on the updates header.  YMMV, but if an RFC updates a previous one then referring to the updated RFC really ought to pull in the all the updates because it’s expected that all implementations of the original RFC also implemented the updates.  Adding the additional references would be the cautious thing to do but I’m thinking it shouldn’t be required that we do that.  Also note we 2119-recommend OCSP :)

This *really* further opens up that can of worms!

IIUC you are taking the position that once an update to RFCnnnn is 
published then *every* implementation of RFCnnnn must/will immediately 
implement and deploy the update. That seems unrealistic.

The situation is slightly different when we are talking about a 
reference in a new document that will of necessity get a new 
implementation. Even so, it seems unwise to make such an assumption. It 
is cheap to add the reference to the updating document.