IETF Logo Mail Archive

Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Mon, 08 March 2021 00:10 UTC

Return-Path: <prvs=270189b427=uri@ll.mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F2423A1F8A for <tls@ietfa.amsl.com>; Sun, 7 Mar 2021 16:10:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gZvfl2OyCxvh for <tls@ietfa.amsl.com>; Sun, 7 Mar 2021 16:10:02 -0800 (PST)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FCFE3A1F89 for <tls@ietf.org>; Sun, 7 Mar 2021 16:10:02 -0800 (PST)
Received: from LLE2K16-HYBRD01.mitll.ad.local (LLE2K16-HYBRD01.mitll.ad.local) by llmx3.ll.mit.edu (unknown) with ESMTPS id 12809p1W031453; Sun, 7 Mar 2021 19:09:51 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=GO61vPCJXCU8VRd8J9JcmGf0Qh2Rv8HMRM8j2Utj/E3J6ZQac0Gxc1mCbyEx3ZGJeWMH0soi165M2BQKV0bRSyzaVmHSz2fdMFSYwtRt0iWF07rLrtDn8WyjJwSWw4OeW0ztaCudhDCrzYnXBzPVCDmnYix3tAKgJapa3O7xwqTfpeO5fq2ZLB3/R1mNJ3wRzKXWI3m+iN1JJkEQfA1ywbvSrM3uD4dUEHnwYxZYZWC6UW/l6ey9QxgSdfHX3AzShF2L6x4hGam5FGIsjMuuh7SyxLyqboT5MiQTgaTanU0WfSPMNtV1ehh6AQZee3vkL3fHXWnczq+h7ezdbXSQIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=B9uSptz3LSWNKKKiwOpl4TXoWrbIlCjBNZ9tLvrOX7s=; b=aM2MrrsUoygNahmnARkQqqnayi4FY+Iu5M93QlmbHqGAvZgBHL8fpf5wrNRzbiTw+3TMg5t81JcoakMJteUmqR5gfAZF58AHoIkyMLmjeflJyHYMMeijnSeR9BLrDQLaoUJs04ipTpTppz5mPShiYWoNFvzGFwf2X7QdyiKv8eXUeg6cgCRD4N2Nw5w4Qbf6c2/vCf1EKXRtC3UL+BUiUT1/IoceweYD9ZyQTT4288jXssXzU9SHAD+IX45bcrm2vwwdXwSAdxR04XvWDYfDOx+6dVmuBFQ1urOEJeeArTpzkzRQ2dBIBypmAqqpC1I3ZDuz3RGylRDEqrinEt2phg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Nico Williams <nico@cryptonector.com>
CC: TLS List <tls@ietf.org>
Thread-Topic: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
Thread-Index: AQHXEeEgKe23eiCLoE+KwrPix1Q1lap1qA2AgAAjloD///6jAIAAVjGAgABa2YCAAAxsAIAA7tCAgADWUACAANPCgP//uIkAgABZ5wD//63nAAAK4wuA//+uuAA=
Date: Mon, 08 Mar 2021 00:08:33 +0000
Message-ID: <017B5AC7-47A1-4960-AED7-7627E4E25051@ll.mit.edu>
References: <CACsn0cmmKdR0-82DjrYZD5_CaF2bqwHnj07dM+Bnd-2aupU5QQ@mail.gmail.com> <CABcZeBP8wdmbO8DQPZ8e5CDZ76ioe3vzaJ+7YtQ74XZzcuxHmg@mail.gmail.com> <20210306061124.GY30153@localhost> <1615013752661.15146@cs.auckland.ac.nz> <20210306211036.GZ30153@localhost> <1615111060736.9067@cs.auckland.ac.nz> <20210307223534.GB30153@localhost> <12CE99EA-C55C-4327-A4DF-80734E6F1459@ll.mit.edu> <20210307234133.GD30153@localhost> <63BDDF29-1E45-4D08-B549-E2C4982939E7@ll.mit.edu> <20210307235926.GE30153@localhost>
In-Reply-To: <20210307235926.GE30153@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: cryptonector.com; dkim=none (message not signed) header.d=none;cryptonector.com; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3e78aa50-016e-49f9-e26e-08d8e1c64feb
x-ms-traffictypediagnostic: DM3P110MB0396:
x-microsoft-antispam-prvs: <DM3P110MB0396B31C91D8A8CC5FEA3A7690939@DM3P110MB0396.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:1443;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gCL1gXNi5vLEomKLQ2fkw4FV+Oosg+hV7AfcnWZ4AavTzVigjAjgNiVb7jyvy9of0HoYtfIkyZhjgyef2IT68pmIyVbWMdx8Hk8XNPyeGBCypDWPS9hZxpmhjLNLnTSm3E0x0IIXGV/Bv0wWRFFvnuM+CrUMpkl7PFfCbA28YqjNIPRt8PHqHHdW1+I6AclFc7DZNqkd2VtAHca4ukSvy0FUOKTKL9p32acnFODbatoEJqdeuHIRGF9gJagB77SrbjE/fuqf8q2voHEPQR+IN5WWG2J4gopzqbPr+tSEbkLUiyTIgjX+ApRy5CW5jn41+xHeslC7lg9RdRe3BT6Zn4el4y+HJHQZdxJJf7TAQH0mOP6s3xeeAlpQy12I28Kkg2cB9niFkF8ZGgmvjgatskQX9EaJqCkGoWsS0PlTVD/H56JgRFmYIjy+nViutaASIU0EE008j9ZOoAM/JosktatlzTiQsfymAIRy42UxuKZNqaldeUl0mmk1oEqyEqzywHBlQfnY8u8LuwcaiydyP4zGR06LhLRJ5yW2sktvgDSJPSuB4y8Lv3Z+rnlQUeJjftCosKFjhe4OQeFNs1jpMSoATqm9VR+3h7cT7YJwV2A=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM3P110MB0475.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(39850400004)(346002)(396003)(136003)(6506007)(76116006)(8676002)(26005)(186003)(2906002)(71200400001)(66946007)(2616005)(75432002)(478600001)(6916009)(4326008)(66556008)(5660300002)(33656002)(6512007)(86362001)(316002)(6486002)(66616009)(8936002)(64756008)(99936003)(66476007)(66446008)(219973002)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: DusO+mS8XzFLhP0fhBZ+Z0xHkvndCYjG75GUBnU8l9cKtfeoqZ8lgY90xGIC1zoybdtrvyFveymZ8W2zYmJuS07NvIRuRaYHNWJKOg4zTr1/DYNf96TaFhfYXNHLXg9mczQ2kd7xqV50gMoqDZzgBUSooa5PCAlrVQF3m+UwH7O4wyMT4oMWP+IapuPfIsSnBs7LjHmrS8PfcDc2PA+QfB19Ri3lH/mP1VA7xrMozTorhRW2JRGMitcewaBLuKbF1jmmY6GYjcGIhVUNQwdYTQBqZt1/yylM3+iMGdVQuQy36A/gJjplJ6MlrBPqqzkQNgcQ8Bx07aes9lfrZB1phveyXQm+PAk3yfnzeX2m0YNfn5Ltw+WGrax2IJ0z1dmlrw0t9NpqFo9f1WJuPJb6KCs+oqYuNaGK7/y4SGPHT5ZYx1KBRT4BTV6YzY4rDS2UmthB4YQqtsb4PT1qU7Py3qd2aVuZvXEBwRRN1lwXa1K7d3IZDZyXH982DaIy0/eRvFy1id9oGplLvNLqf7yweF30ux4FATh5EYZaHsrpDd0UpxxDDZVdtlTPzbUNnX3MQHAQKgJHGwmYpjlBqZ4Hj43/rkhIwSBBEaY/2elZZBV2/WI0V2mUKSXLNKIYoziwtbUcNk67bvNxjaE+T6f42VBAzX5skpGX6AKYCXljw2yGG0TUNuxOmUiV/uq/x3wc3X3mL31reZgzlEU1koyYQmpRYX5DMPf2RBYgbICyF6TY/UztsZcgc+70sWXYlXWOlzLfyvP+QzUSNGSF+kYdPua21dzckQECvLZnBEKUGZHkt9QqHRE7cj5VZFoWOs0iHhXn5ZsxCJg+joTk7D1Q/RB88xHVDUmQ5i/S3FZ4rWJXk0wzJ3cnpTLTptoobsI7MUBWY8mUem9+/+u6bawiLpJTTWWiFbgQ90vNlaTIFOdafHCaT6ZWD1Fl5Y4lK6GyPDsv8tHpEJZib/VyqQ4l7DEmuUpX6tfw0r6iTNEtiCvoR9RZdgY2qWNkeXRVVmGZ3GR661DvW3PCtgVMRe3f7PzkIBli6cjDGr31QKKQdF1N6DzoSsvzP4u1MyczJt0bBV9xWd/v9b4Vz7KveJeB+S04hq5QpMhfhbBICa8kLW0iZ+9Q2suec/KIISevZRhV79V+6nYRqwFnYp4+jTO7gqu2Bya5Uiukkp5Xo/IuWMhp8pih3M58qA+/psSzhNILYUjWA1oPCypqQofoVBua0HRcmmPdugPJJ+6Ky1VV8Zxcm1Tq0vtnMVhTH/fXD7yf
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3697988912_235546570"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM3P110MB0475.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e78aa50-016e-49f9-e26e-08d8e1c64feb
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2021 00:08:33.2498 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vE8n+4yAJ73kd1WJj+Bn9LsiRjdjmeOE20Gencu7m4dZi/aDC95MxnmEV5HhLnXX
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3P110MB0396
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-07_17:2021-03-03, 2021-03-07 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=929 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2009150000 definitions=main-2103070135
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ou1HvdJqi7Pi22cUAeG-bstBcws>
Subject: Re: [TLS] Question to TLS 1.3 and certificate revocation checks in long lasting connections
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 00:10:04 -0000

>    > You may claim that my environment does not represent yours. Sure,
 >   > fine. Similarly, *yours does NOT represent mine*.
>
>    I'm not telling you what to do.

By making a statement "this solution works" without any qualifiers, you essentially are.
The truth is - it works well for *some* environments, including yours. I've some where it would work too.
Unfortunately, I *also* have plenty where it cannot work.

>    . . . . .  It's reasonable to suspect that even someone I
>    know and I know is smart may not have all the relevant details.

My point is - we *both* may not have all the relevant details about each other's environments. Which is why I absolutely disagreed with your "this solution works" statement. 

>    Besides, your
>
>    >>> With all due respect, *absolutely not*.
>
>    followed by no explanation, seems like much more likely to be intended
>    to cause offense than "I'm not sure what it is you're imagining"
>    followed by an explanation.  I took it at face value however, and
>    followed up.  What a crime.

;-) OK, touche.

v2.23.0 | Report a Bug | By Email