Re: [TLS] Status of X.509v3 TLS Feature Extension?
Phillip Hallam-Baker <hallam@gmail.com> Tue, 29 April 2014 22:17 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A5591A09F2 for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 15:17:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAA3v7R5TDKP for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 15:17:05 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 102901A0953 for <tls@ietf.org>; Tue, 29 Apr 2014 15:17:04 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id mc6so642579lab.15 for <tls@ietf.org>; Tue, 29 Apr 2014 15:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=k4nootKIVAlkOJueztT+XPhoP79COfw8xAInDSCXjPs=; b=UjZ9Pjkocb2gXG5txOZ8fLHPk69VZX1hiqo1PMbhE4LBxPVvesIZcDckc6mApvNHil E5ZBMKY9CGrlbFe0MhLswtFXZXaeMNhwbCWYlzoQpSQ+Gafyc9bqs9/NoSfeemikKvx/ ayRPCKKV0InXVzj+7wzDCVA83TLKVg1Pe9xypEPIDUi02kWXSujyYKlpD7TgkSNgBJ8t 03vgLq4xa6LoKG4HCrmDN1Z1/KUwLe5Tsp+VsfgH2GijatD7zGL1a9YBP/+qpACKNe12 eOYuerpupRX4oV5t9xrIDbLJRmj1ssQetgCHavthVq4IdROQDLbfUwjpX+jt5vkYDcew kFbQ==
MIME-Version: 1.0
X-Received: by 10.152.199.39 with SMTP id jh7mr252509lac.18.1398809823221; Tue, 29 Apr 2014 15:17:03 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Tue, 29 Apr 2014 15:17:03 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7130742B777@USMBX1.msg.corp.akamai.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120C61F669@USMBX1.msg.corp.akamai.com> <20140428180218.C805D1ACE1@ld9781.wdf.sap.corp> <m2r44hw86f.fsf@localhost.localdomain> <CF855F95.39E86%paul@marvell.com> <CAL9PXLzCOyi2eWF39+oj0uEFWoU4muYBNm3hRYuZ-vepPxgN+A@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7130742B777@USMBX1.msg.corp.akamai.com>
Date: Tue, 29 Apr 2014 18:17:03 -0400
Message-ID: <CAMm+LwjNDWqM1jTQHOwGAoycEHZtU3Ta3-mon2uxHb_AeV+i=g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/vVCpIPZSNqEMxT8XhxTxbFtY038
Cc: Geoffrey Keating <geoffk@geoffk.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Status of X.509v3 TLS Feature Extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 22:17:06 -0000
On Tue, Apr 29, 2014 at 5:28 PM, Salz, Rich <rsalz@akamai.com> wrote: >> It might well be that Must Staple is best done for just the leaf and that pushed CRLs are used for intermediate revocations. >> That's the deployment model that I think is mostly likely. > > +1 If we revoke an intermediate that doesn't have a name constraint in then I can't see how we would not be doing some pretty aggressive pushing out of the CRL. Name constraints might change that calculus at some point in the future, but not for quite a long time. -- Website: http://hallambaker.com/
- [TLS] Status of X.509v3 TLS Feature Extension? Klemens Baum
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Tom Ritter
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Russ Housley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Watson Ladd
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Viktor Dukhovni
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Adam Langley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Martin Rex
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Martin Rex
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Stephen Checkoway
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Geoffrey Keating
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Peter Gutmann
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Stephen Checkoway
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Geoffrey Keating
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Phillip Hallam-Baker
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Rob Stradling
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Paul Lambert
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Adam Langley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Adam Langley
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Salz, Rich
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Nico Williams
- Re: [TLS] Status of X.509v3 TLS Feature Extension? Phillip Hallam-Baker