Re: [TLS] draft-rescorla-tls-subcerts-01
"Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com> Mon, 24 April 2017 21:06 UTC
Return-Path: <thomas.fossati@nokia.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40DF7129456 for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 14:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.702
X-Spam-Level:
X-Spam-Status: No, score=-4.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TR2_5-BKtsgS for <tls@ietfa.amsl.com>; Mon, 24 Apr 2017 14:06:28 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50119.outbound.protection.outlook.com [40.107.5.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F97C1272E1 for <tls@ietf.org>; Mon, 24 Apr 2017 14:06:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FStkyxOplYq/3vyAA49KRkUckBacmsW0uJriBS3HL3o=; b=oYkl8yZOX4TZ4uo59HtWkNRaO0NLZFoBOXdYIxJ0hqJRocmySQFmOsN3jCUT+6uoQI7dEoiiV0H7Nn96ldcnh6bNfwTDH6eBG//t/8ilT7ZPZp3ia/t+iyeetG0AKxLbcoNiGlJXHTISkF71jaPH0n178wHsLIV/BTt0aUPmD4M=
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com (10.163.168.26) by VI1PR07MB1103.eurprd07.prod.outlook.com (10.163.168.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.6; Mon, 24 Apr 2017 21:06:26 +0000
Received: from VI1PR07MB1102.eurprd07.prod.outlook.com ([10.163.168.26]) by VI1PR07MB1102.eurprd07.prod.outlook.com ([10.163.168.26]) with mapi id 15.01.1047.019; Mon, 24 Apr 2017 21:06:25 +0000
From: "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Ilari Liusvaara <ilariliusvaara@welho.com>
CC: "<tls@ietf.org>" <tls@ietf.org>, "Fossati, Thomas (Nokia - GB/Cambridge, UK)" <thomas.fossati@nokia.com>
Thread-Topic: [TLS] draft-rescorla-tls-subcerts-01
Thread-Index: AQHSunqIZYO5VLtqn0+DOPOxbhXZyKHPpMuAgAUIN4CAAGwOgA==
Date: Mon, 24 Apr 2017 21:06:24 +0000
Message-ID: <7B28FF9C-7018-4552-B715-33442406D386@on.nokia.com>
References: <bea3cb60-fdfc-950f-f628-90eb87ed42ef@gmx.net> <20170421104857.GA20822@LK-Perkele-V2.elisa-laajakaista.fi> <c2a45dce-4c58-295f-3e16-335a424bc4c5@gmx.net>
In-Reply-To: <c2a45dce-4c58-295f-3e16-335a424bc4c5@gmx.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.20.0.170309
authentication-results: gmx.net; dkim=none (message not signed) header.d=none;gmx.net; dmarc=none action=none header.from=nokia.com;
x-originating-ip: [2.96.108.227]
x-microsoft-exchange-diagnostics: 1; VI1PR07MB1103; 7:rBDayBMf6KE/NfrjPshhkU9oxKqeX4dG6kh/Hi4RnJidk9lZ76b4+NsLr/HNru2fr7cHOcITng9QU7MtjQePUkJogFTExDDn1zM31jA8FplS+JCfOiaXLsVTED0Wn6v5my7nT5J2Z7fnWrVTsi7g4stF4QZn/H7h7wEceTcDwvxuYZBYThX9OmeR1dYadxJVMx7qPJPyZ1CybzTXmoG5CajzdQopiyzIuK/hIPMggp8PAPJjjtJhdq2XP5HCyg90TWnQmrDC3tfxgrv4KEt9eKfUVrKZ+VP3m721ZL1kKBZ38TkLOZayH8tS33ik8pGRJwOVKnTnxKnmuwZEm13Kaw==
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(6009001)(39850400002)(39400400002)(39410400002)(39840400002)(39860400002)(377454003)(24454002)(25786009)(3660700001)(50986999)(122556002)(2900100001)(86362001)(6246003)(53546009)(83506001)(7736002)(8676002)(38730400002)(99286003)(54356999)(53936002)(4326008)(6512007)(3280700002)(2906002)(76176999)(81166006)(8936002)(107886003)(230783001)(6436002)(77096006)(6486002)(4001350100001)(6506006)(305945005)(6116002)(33656002)(5660300001)(229853002)(189998001)(102836003)(2950100002)(66066001)(3846002); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB1103; H:VI1PR07MB1102.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-ms-office365-filtering-correlation-id: 702cc611-c51a-42cd-bd46-08d48b55c49c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423075)(201703031133081); SRVR:VI1PR07MB1103;
x-microsoft-antispam-prvs: <VI1PR07MB11039A0EC689F4825A250B4D801F0@VI1PR07MB1103.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(248736688235697);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123560025)(20161123562025)(20161123555025)(20161123564025)(6072148); SRVR:VI1PR07MB1103; BCL:0; PCL:0; RULEID:; SRVR:VI1PR07MB1103;
x-forefront-prvs: 0287BBA78D
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <3083DB47B12DEB498EF9C34A982A7479@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Apr 2017 21:06:24.9877 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB1103
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/uWsvBQ7rLOewggvCtRIOHeuymbA>
Subject: Re: [TLS] draft-rescorla-tls-subcerts-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2017 21:06:30 -0000
Hi Hannes, On 24/04/2017 16:39, "Hannes Tschofenig" <hannes.tschofenig@gmx.net> wrote: > On 04/21/2017 12:48 PM, Ilari Liusvaara wrote: > > Regarding clients, I think the draft specifies LURK as backup plan > > for clients that don't support subcerts (which causes some extra > > latency if triggered). > I didn't got that impression. Ilari is correct I think -- the fallback to LURK is what the draft in its current version seems to imply. > Isn't this something ACME was trying to solve as well? We have proposed an extension to ACME that handles the full lifecycle of the delegation, including the automatic renewal of the trail of short term certificates. It works in a pretty straightforward way and doesn't require any modification in the endpoints' stack. Cheers, t
- Re: [TLS] draft-rescorla-tls-subcerts-01 Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] draft-rescorla-tls-subcerts-01 Ilari Liusvaara
- [TLS] draft-rescorla-tls-subcerts-01 Hannes Tschofenig
- Re: [TLS] draft-rescorla-tls-subcerts-01 Salz, Rich
- Re: [TLS] draft-rescorla-tls-subcerts-01 Fossati, Thomas (Nokia - GB/Cambridge, UK)
- Re: [TLS] draft-rescorla-tls-subcerts-01 Ilari Liusvaara
- Re: [TLS] draft-rescorla-tls-subcerts-01 Salz, Rich
- Re: [TLS] draft-rescorla-tls-subcerts-01 Melinda Shore
- Re: [TLS] draft-rescorla-tls-subcerts-01 Hannes Tschofenig
- Re: [TLS] draft-rescorla-tls-subcerts-01 Fossati, Thomas (Nokia - GB/Cambridge, UK)