Re: [TLS] Call for acceptance on multi-stapling
Yoav Nir <ynir@checkpoint.com> Tue, 24 April 2012 18:14 UTC
Return-Path: <ynir@checkpoint.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EE1D21F87C1 for <tls@ietfa.amsl.com>; Tue, 24 Apr 2012 11:14:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.563
X-Spam-Level:
X-Spam-Status: No, score=-10.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lxnrwmVPkob for <tls@ietfa.amsl.com>; Tue, 24 Apr 2012 11:14:48 -0700 (PDT)
Received: from michael.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id E477821F87AE for <tls@ietf.org>; Tue, 24 Apr 2012 11:14:47 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.ad.checkpoint.com [194.29.34.26]) by michael.checkpoint.com (8.13.8/8.13.8) with ESMTP id q3OIEfXX004621; Tue, 24 Apr 2012 21:14:41 +0300
X-CheckPoint: {4F96FA12-1-1B221DC2-5FFFF}
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Tue, 24 Apr 2012 21:14:39 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Nico Williams <nico@cryptonector.com>
Date: Tue, 24 Apr 2012 21:14:42 +0300
Thread-Topic: [TLS] Call for acceptance on multi-stapling
Thread-Index: Ac0iRhyCyIMU1X2EQmiNOn8i76KGiQ==
Message-ID: <C072775A-4C1B-47F5-9FF6-D2CE9CFE3978@checkpoint.com>
References: <CABcZeBNcLPfUsufqYY4xEmvHQT4nGF4hgdtB5Axn3tA9smqpcw@mail.gmail.com> <201204190356.q3J3uSbT023588@fs4113.wdf.sap.corp> <CABcZeBMK8BD690=CcFy+v3T1DHNTTJvQxEvKAz=TF=NSTv61dg@mail.gmail.com> <CAK3OfOg3Frb4kRL5_d=AKhFLSJOoGfsyJrfJm+8f6wwih98s1g@mail.gmail.com> <CABcZeBMq8d5kk8C_kfUaYU96TTx8f5K4kQNrduU-GTnrJfL6TQ@mail.gmail.com> <4F96B94B.8050900@free.fr> <CAK3OfOg9oveMLs7rQCqaYUrRpOsX679qX7dvejkzo=2NYWoNgA@mail.gmail.com>
In-Reply-To: <CAK3OfOg9oveMLs7rQCqaYUrRpOsX679qX7dvejkzo=2NYWoNgA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
x-cpdlp: 115a0d4ea8f21e26f37151a9adce3c8943c1f5770a
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Call for acceptance on multi-stapling
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 18:14:49 -0000
Hi Nico On Apr 24, 2012, at 5:39 PM, Nico Williams wrote: > On Tue, Apr 24, 2012 at 9:31 AM, Jean-Marc Desperrier <jmdesp@free.fr> wrote: >> Eric Rescorla a écrit : >> >>> It's also not entirely clear that short-lived certs >>> don't cause clients to choke. They shouldn't, but don't and shouldn't >>> aren't always the same. >> >> >> They make time synchronization problems at lot more acute. >> This can be interpreted as "causing them to choke", I'd expect the scale of >> the problem to be larger than the one with false start. > > They don't have to be short-lived, just fresh. I don't understand the distinction. If a relying party (in our case, the browser) requires that certificates are at most 24 hours old (presumably calculated by subtracting the current time from the notBefore field), what difference does it make if the notAfter field is 5 years in the future? Yoav
- [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling =JeffH
- Re: [TLS] Call for acceptance on multi-stapling Kyle Hamilton
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling peter.robinson
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Ryan Sleevi
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Tom Ritter
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Geoffrey Keating
- Re: [TLS] Call for acceptance on multi-stapling Tom Ritter
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Michael D'Errico
- Re: [TLS] Call for acceptance on multi-stapling Marsh Ray
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Marsh Ray
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Marsh Ray
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Nikos Mavrogiannopoulos
- Re: [TLS] Call for acceptance on multi-stapling Adam Langley
- Re: [TLS] Call for acceptance on multi-stapling Martin Rex
- Re: [TLS] Call for acceptance on multi-stapling Jean-Marc Desperrier
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Jean-Marc Desperrier
- Re: [TLS] Call for acceptance on multi-stapling Yoav Nir
- Re: [TLS] Call for acceptance on multi-stapling Nico Williams
- Re: [TLS] Call for acceptance on multi-stapling Eric Rescorla
- Re: [TLS] Call for acceptance on multi-stapling Yingxian Wang