IETF Logo Mail Archive

[stir] Re: draft-ietf-stir-certificates-ocsp-11 ietf last call Secdir review

"Peterson, Jon" <Jon.Peterson@transunion.com> Tue, 04 November 2025 19:43 UTC

Return-Path: <Jon.Peterson@transunion.com>
X-Original-To: stir@mail2.ietf.org
Delivered-To: stir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 79F5382D4342; Tue, 4 Nov 2025 11:43:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=transunion.com header.b="DMKXzwHA"; dkim=pass (1024-bit key) header.d=transunion.onmicrosoft.com header.b="Sz1CvgaV"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hwO0d2p3aoG3; Tue, 4 Nov 2025 11:43:27 -0800 (PST)
Received: from mx0b-00030c01.pphosted.com (mx0b-00030c01.pphosted.com [67.231.153.155]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D2A3082D4300; Tue, 4 Nov 2025 11:43:24 -0800 (PST)
Received: from pps.filterd (m0375246.ppops.net [127.0.0.1]) by mx0a-00030c01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5A4JeEwV027645; Tue, 4 Nov 2025 13:43:17 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.com; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=tuppdkim; bh=PvgDRRV9tg1B+ngmp4WneiDJv oa82r10QmVeoELkpas=; b=DMKXzwHAQU7WibT8Vkhrz0h2aZaXp3rJIp2ecYITO TS4xpSrk3FdlANvXhwZUCNj/fpi7P1vABKs+OxD/UcQhsSjaEfxed0FtL0iAu7CP AWxqRnhrPA6iSTNWMHcU52NIobSM/60I8nDiCG1ShPht77X4LPU+f9PhhIjYRRWQ AxyZ0y5NaaRiqMr0I9H/3+jlmB0P5kwsaZn65pKVgU5GVyV1FlIQMc8FQZpGIbVt rr89livG8nTfK0AlMzwBtnFsJEcw9xkg2X3wxcJ6h5MKcs928G3bSKEiCS71bW5O r7bbdil/uANYV3JzJnU72u1xo1NU7JIQdUyt8XYo1Z4ow==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-00030c01.pphosted.com (PPS) with ESMTPS id 4a7q2dr7dh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 04 Nov 2025 13:43:16 -0600 (CST)
Received: from m0375246.ppops.net (m0375246.ppops.net [127.0.0.1]) by pps.reinject (8.18.1.12/8.18.0.8) with ESMTP id 5A4JfKN2030876; Tue, 4 Nov 2025 13:43:16 -0600
Received: from byapr05cu005.outbound.protection.outlook.com (mail-westusazon11010009.outbound.protection.outlook.com [52.101.85.9]) by mx0a-00030c01.pphosted.com (PPS) with ESMTPS id 4a7q2dr7dg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 04 Nov 2025 13:43:16 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=u1x9jPi5QtPQuNS3BOdvkc7PozY6bebnNWrUw+tEm1LWqsvaJsSgXSDVJgQZtOmxPrajsakKLAi9zT9+dszXUjx7gONFNs/umCoQiDcIlbHNvasbH8yD4iqpj3rVQVSucybeOlD4SLPkzVXEfG4NpA+EdQqYkDDnuEdXx+1gKxUZR3XkZINb3pdA7fqkYZGa37diVPUa32hhFWKq4+YOvgekfurt5oNEfwRr+HKMJbSsfpzOeA31LXhY39fPn9ysDwZ99yc0xtLP0zbjdE12T5w2c4pF7yuI0hguzb17jvwfHnJjU/UZPZhMSPMHjO8GbX+pxVgcbUrZa/5PbQqeNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PvgDRRV9tg1B+ngmp4WneiDJvoa82r10QmVeoELkpas=; b=nNFsSnOV4DnZwr8p57icvzNsjtPOCYLciCTBgwN5MP2OBoikhgGnasT8WOjdqYABJNvwpf2PyMf9yjD4hNyQf2bHuk5rRHX7snzdnWmEAhQKWdjrFA633dStTfFjclx76Gdi/amAx5kw9QtxSyC/aMb7jWdq/pJWSpvkCN0VskqSBzZRs8hRMrCVlbfE+c/fq3o/HKL7VhRiWbWnbwPDvwMIPmab3g5IqgEz/oCgt+xHuJCBqJxG+AKuJQUn3346HjnTVu7KHp5BswAx6cIOkzNEutzmejPUyei+9C8OwJroOThz1q2Q/kDz5Dw9Hyj3sfqupmtOaZYz0D4Ho554Eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=transunion.com; dmarc=pass action=none header.from=transunion.com; dkim=pass header.d=transunion.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transunion.onmicrosoft.com; s=selector2-transunion-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PvgDRRV9tg1B+ngmp4WneiDJvoa82r10QmVeoELkpas=; b=Sz1CvgaVc2Y2udzwyLMy8nwZEzvLKu1W9jB1TZiK0ESC/Ek/+teO8CiIEr1uOe49RE1buMvZPV10iOXSRXnn9/B4UKi5XPA7oXECBnLDXtgmdqU9v3MFzbn5ySzsqbb4qS81oJNp662MS/swxJZdjpR1e6cNbVZS/VHRQeqfKxI=
Received: from CO6PR17MB4978.namprd17.prod.outlook.com (2603:10b6:303:139::23) by CY8PR17MB6329.namprd17.prod.outlook.com (2603:10b6:930:9c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9298.7; Tue, 4 Nov 2025 19:43:10 +0000
Received: from CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::75f3:2d23:490a:feed]) by CO6PR17MB4978.namprd17.prod.outlook.com ([fe80::75f3:2d23:490a:feed%6]) with mapi id 15.20.9298.006; Tue, 4 Nov 2025 19:43:09 +0000
From: "Peterson, Jon" <Jon.Peterson@transunion.com>
To: Phillip Hallam-Baker <hallam@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: draft-ietf-stir-certificates-ocsp-11 ietf last call Secdir review
Thread-Index: AQHcBJdeqFEdO2IE9kKmwAHMbPj26bTjeTHH
Date: Tue, 04 Nov 2025 19:43:09 +0000
Message-ID: <CO6PR17MB4978C2D2B1E4D1CFA640157DFDC4A@CO6PR17MB4978.namprd17.prod.outlook.com>
References: <175424010056.872249.2305887615557531087@dt-datatracker-5bd446d5fd-c47nq>
In-Reply-To: <175424010056.872249.2305887615557531087@dt-datatracker-5bd446d5fd-c47nq>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_1e9f7f0e-7d96-445a-9c75-e41e40dff102_Enabled=True;MSIP_Label_1e9f7f0e-7d96-445a-9c75-e41e40dff102_SiteId=0685d760-4332-4f24-b2ea-ffbbc2383f15;MSIP_Label_1e9f7f0e-7d96-445a-9c75-e41e40dff102_SetDate=2025-11-04T19:28:24.4542211Z;MSIP_Label_1e9f7f0e-7d96-445a-9c75-e41e40dff102_Name=TransUnion - Internal;MSIP_Label_1e9f7f0e-7d96-445a-9c75-e41e40dff102_ContentBits=0;MSIP_Label_1e9f7f0e-7d96-445a-9c75-e41e40dff102_Method=Standard
x-ms-reactions: allow
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CO6PR17MB4978:EE_|CY8PR17MB6329:EE_
x-ms-office365-filtering-correlation-id: bfc4075b-5ab0-45a9-4664-08de1bda6242
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|366016|38070700021|8096899003;
x-microsoft-antispam-message-info: 73K9YegJhpSW1msoK+NpeTpJBwyqIorRIaqwkxe5sxNePEcPt3kscTkMxS/qBvf91FHPzCblYCmeFV2mSfQ6VcUojKeAZz8B8bJNojC64ZXtgtv2YyUbFAlVrWiPewS/+rxD62Ftwhx73Pm35gaKIK2EqXWZcROUb5or6EchUmRBw1ObtoJIoYArRJXZwKOc4EHE9InkrQ7fyqzcR39sDC9XdJ0nzaA3P970dptOBbPhIEIiDTijS0NMinOKg1ThJXS39QcbWGqtlFCMjXn7MuexTtT333jeTsXCRlDNH9EU5HZqV0maye7did5eY4elFjAkqO+MsGM7bHhXMgFgte/Qv6O5EqNgJHAcgEng3vP3Nvc/8Pzv6h7CcL2k05UlaUDh4jfrWnIkvtfJH2OJ5zq9zZ0mVVFkQH7FgbfKX8c8iuXZz9Bn+o1l5F30jg/QKGefCKbM6exZlyMo9cFCRKDHSs+nxrvpUwsrThrfF3a39RvH7LuPsvU2IlsJvcxrHr1MMPXCWa1fjyHWMSEUIxMEtSD/3cWkrI+LWyONuSLh/78Wiyzkeu0OP6+ps/nDs58osmVhN31cI3vtS7DLho44Uth8WNjWBMne9yvcKE75ouHgUIta2eKPKLQH87f6gUavn8O7nIw7wEZNMq2qHzyUIDQblC+umOxrq9hVyZ/fS9Fv63fDZBjmFDZ7LjyN3fUNP5d35tMtSfjjgULEiIDke8dFtfsXmEF2IivEsCuZ9oVWs+im4ssTXqjRcpCWQOWxb7pSGmD2EcnAfz6lv+dZ++qmEYPwOz3DbUC226BfUbGQ6ABMK5CHZoHv5r5aTnGF9lrpV2Z4QSApDS6sAyYZqXsSJVcyKQ3x6PZO4FXfLrFOQ832lUCEnumbGvJNVWC83kylgvHCqvmYV9GpFOizyzz4GIb35rR4BuuFQwMFKCa7HbDgMsRiw5yD77RNCNTL9XVB5cWfRIBjt8i530O99LWVZefEXCCmrZtlvgae7V3EcqPrR2oat8MUZyWTocezSflfPtp8Lt95amC78ceGRa9rtdmWKNVOrFNckOKF/5TSVrzmSO8xVrspOEyzcZpGuZHy37sH1ihlN1j+U7Ptxtl4tSoBCeNsZTtkDK1FnO7f5vl5yzpzsKTYiscw7mWOaeSuIaCCNUj1dHl6DVE1HvHGNR36ktzWXb46eP/pMK1EHqBxxveOk29uK1GM2qfzU5yPitgV0f8qP+7ApxC9JkcoRRCReqY/9j12OM8mUwgRTVw7Ovbrq5NEesCGzRC693n2OWKhskJraLTKKWjc/SpwoqapVkTRW7+K2r58nttJNBDorwd/Cr7y/tRbRx9/SguTWbrLIyPClDfhbsWETzqPiWZzOwptbQYlGyE5NAVCF92gEYeKVcXx4cxY0e61oyf/7dfHTvjBvgZYWIMsixTbDw0+opchzFvW0BYf87edEC4C9CnCSBFDfAZTNPhC+E5At8TA80RTqnTni0BXc6OljFHtXKCeM8PojgHiQUYOKIk/UDRFO7u2RFU1
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO6PR17MB4978.namprd17.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016)(38070700021)(8096899003);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: l5YLzu8CQK+BsiT9Uu+Hbr+Ny8981TPDtRaYcOZzr2d45q9ddny2s6uclDQ4lMulnf4mZMEXzhT0Dp0PWAfiFwdV9RSGnlR9qxkhnUQ5My5+VQojHXEPLbG3tYYeFbiJhpZMwuaPp153HS8baSvfoetVDwkpZjLYCeRrAEV4x6NpdjloUQjZ41Mq509UOIWbeFkEE66ZnW6tx4nndZ08KLUFPeVTiR4cMIyTbALIF6Qwy8oGoCV1EERBGmga119OI/70IC0YxsVMzRpHUW8cdS8sv8xrKcavcDi+AAFQl8uU79ncJlJe50zybeg9nzq3D1YqlritcsU66MLVwLr4iIHUSQZkjuC1V0v/wAPIkcYoOTF2QMxyLWA7ajvbvNZVJiH0oQ6YX8ISBdI9mbtttqAmK3uFb3cV2im7E9wEH3+u+rOdhLQJI7078TjRJ/AhVWwJcGhYUmYMDuB2qOf/xXaIVqrX1n6tI3Ky3gQlucOU7P7+BL6GjAtv8csYfeWbTQy41nJkVrPAVhmyn9NHGvNWvxPmJ2zKyUvACtNxB//zs0DMsViZEStiNIGSaI9oK8h2ZzY90CQ9AMavxyhqQ7CA0t7Nq5yh3JJldhfHIYkZ7s+Jt7NT7Snp0KNyeoYb13qahKQKFCfY2MbDegX0+aD7eZ0Z3lveZelqXojv/vwKbBXfEjNHHwnGqhQf8CJTH7wQmW3+VKaQZx8PdJsGPzJB2+4WREqMtB9AfrlwUI7rQJf8jbyf1q1ol8y/7wAGOMrMtHWOt8OFexaYRG9iOpLSDl6FAyj1Z0PkF4MwmGEbmbub1UusfvK+go633R7rZ4u53m5ap/UwgSg3Oj+v5x6Qa7fOqEGh8V+I2KCwoiLkEX5l7wejj+NM3XyZnS+tvgDNVJseEHT63EldRVM+PBGSTYeAzBs2r+qGh9ti8wh+RA4fKvVPA2PZG56aeNqp78NIJZzN0LksWMqrDX6CCiEdmYDe/V87GWkD9gJ/SaP13okKHaRR4vyCOo2bq/cM+R5iaL4ntU51pBX05ogTFD45bfJUP7bIr+3I5vm4zng4QGtJmpuElpzERL+BDJuliGwaaUQnEq3M4+QHUjGy7SCEh5UnBRws6zpqsRhVoKXn2vV9T9o9v9jyB3PHmEUODLOhe+z9DEyknzeK8k6b3WQhqDlIEpQHWoPH6AWqLjBP34XMGUpjhthhgnozpISlmNboRuwTQTb6sI5KeXUd7VhEotJVxA6aaNMWf0uicqW2Di98kMwI4hHONBn3c/2JrF9zVnFqofPGWV7pNneDt3lP45QIrxEDDmS18Y6kU3+K/nnw9uGKr2i5kjYO3hXOvF2XtYSZLL848ngRCBJxinZy5Z+MgU8gWdbqskOHCyk+end5cmAbDOf+Em8R1tz1kQZ5wGewA1h3wou/9gopA7ErnUu5KgNtv3NFnaLOlrUKPYnXxfcbOLRdePB+YeCvT52CwAinkezD3baPj9UmbNTbyVw31UZdGD5Jv6pzsGGQNHKHgE9J75HkXLbV3LB4GycthgOdEe8ID84Hf+cgRvOjx66J9aCpiddVujHyuGu3XAx5PuM+apF7m8GMf8ryjPsST0WO9bCrL7lNNVxj5llicgdKm6/yE2F41aKJ54g=
Content-Type: multipart/alternative; boundary="_000_CO6PR17MB4978C2D2B1E4D1CFA640157DFDC4ACO6PR17MB4978namp_"
MIME-Version: 1.0
X-OriginatorOrg: transunion.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO6PR17MB4978.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bfc4075b-5ab0-45a9-4664-08de1bda6242
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Nov 2025 19:43:09.8180 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0685d760-4332-4f24-b2ea-ffbbc2383f15
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /5lULbx8Pe9oBV7MHUe1DTKsiGsV3uJQecv8J1pBNIl26rOsMmzU2wXe20rympJp6hTR5vO4bPGIYU3qtBEkUM0N3HBwgdzykZESs62J6PI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR17MB6329
X-Proofpoint-GUID: ZgT36UmKBWTgSZMQ0rUvIjQJx1kED06H
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTA0MDE1NyBTYWx0ZWRfXw1nMKr0ZeqDq 0gBYf8nx6Kh1qtwZF7XeuU5+D+cJ2VR8/l1mCqoI4D1MHY82EvIuTffdVDjTxf3jmlBhlUR1DRp zGanEb6fziE31cq3mRtnu7SOhMOB6iUPBlDHy3X1fqJQ13EdxYVAeR1sZ/gZu2dGz6gPmxullw+ WZ41IFZQ3+S16OtgHwVXAUUP0rdoQls9URJKHLH/4Q2SSTuEbS+X23p23tZt2DTbfs5TiW66qTq p2iiUV2Q4/ctZCmTr7CGcoRgVnaOyHtEV8Qg4MUjJ1AcPk/NdyUl6mIKt1k9+Gq7VCDovfwfiHA rXR79MPL0Q6kiRqnHem8tvC2U4xuDXxEjqL9Qd7OPfkU+cjgTC9sT0WQk90S0+0sSZGGJExGx/6 xcT/1VpkH1eRXeICWhkpk8LLId0iTw==
X-Authority-Analysis: v=2.4 cv=FPcWBuos c=1 sm=1 tr=0 ts=690a5754 cx=c_pps a=A+iiJIZ7q7LOtbDGyL1ITQ==:117 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=6UeiqGixMTsA:10 a=9QfKlLONOboA:10 a=VkNPw1HP01LnGYTKEx00:22 a=RpNjiQI2AAAA:8 a=48vgC7mUAAAA:8 a=18OmGxYJSUOgoGkZ2iEA:9 a=QEXdDO2ut3YA:10 a=BvH3h5GMQfb-EasYkxwA:9 a=tqdMzFhGG8mD8GCBlf4leDhY3gs=:19 a=1Kpd35MGxjm5FXEY:21 a=_W_S_7VecoQA:10 a=YJwUl2ujW4Y_XnIir_F9:22
X-Proofpoint-ORIG-GUID: d6RKc5rJ-EsEIu-Z55XZBhmdu5dKn08H
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-04_03,2025-11-03_03,2025-10-01_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 malwarescore=0 clxscore=1011 lowpriorityscore=0 spamscore=0 impostorscore=0 adultscore=0 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2510240000 definitions=main-2511040157
Message-ID-Hash: GLLSIOHX6MTVYMGGH353CFRRJELUE6JB
X-Message-ID-Hash: GLLSIOHX6MTVYMGGH353CFRRJELUE6JB
X-MailFrom: Jon.Peterson@transunion.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-stir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-stir-certificates-ocsp.all@ietf.org" <draft-ietf-stir-certificates-ocsp.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "stir@ietf.org" <stir@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [stir] Re: draft-ietf-stir-certificates-ocsp-11 ietf last call Secdir review
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/rX0jVs3ZWcZ_-R_E1EhIYM9fWJE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Owner: <mailto:stir-owner@ietf.org>
List-Post: <mailto:stir@ietf.org>
List-Subscribe: <mailto:stir-join@ietf.org>
List-Unsubscribe: <mailto:stir-leave@ietf.org>

Thanks for the read, PHB. I’ve added some text to the -12 that fleshes out the Sec Cons along the lines you recommended.

Jon Peterson
TransUnion

From: Phillip Hallam-Baker via Datatracker <noreply@ietf.org>
Date: Sunday, August 3, 2025 at 12:55 PM
To: secdir@ietf.org <secdir@ietf.org>
Cc: draft-ietf-stir-certificates-ocsp.all@ietf.org <draft-ietf-stir-certificates-ocsp.all@ietf.org>, last-call@ietf.org <last-call@ietf.org>, stir@ietf.org <stir@ietf.org>
Subject: draft-ietf-stir-certificates-ocsp-11 ietf last call Secdir review

This Message Originated from Outside of the Organization
Do not click links or open attachments unless you can confirm the sender and know the content is safe.
Report Suspicious<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/GX53klZ1TQ0!YsOkliH5lxSFha_IwK_vTLPYhVfl0Tg8DVJBPXtaFlrD4aEmTHd6vX1TpGzeYhuL_yboSnRyOHjWtDcyNL1Pm_B5V9zNRubr3SQ4Qk_Y7SG1JEkOItQS2kSjTDh3Krt_o_5pYbE$>


Document: draft-ietf-stir-certificates-ocsp
Title: OCSP Usage for Secure Telephone Identity Certificates
Reviewer: Phillip Hallam-Baker
Review result: Has Issues

The Security Considerations section needs to be more than just
'this document is all about security'.

The privacy considerations section needs to be cited as the information
relating to certificate (and hence subscriber activity) leaking is also a
security consideration. Operators of the OCSP services need to take appropriate
measures.

Another dimension that needs to be considered is service. The loss of the OCSP
service potentially results in a subscriber being unable to place or receive a
call. The OSCP service may be a target for a DoS attack. While stapling
mitigates this, it does not eliminate it.

v2.36.0 | Report a Bug | By Email | System Status