IETF Logo Mail Archive

Re: [TLS] Status of X.509v3 TLS Feature Extension?

Phillip Hallam-Baker <hallam@gmail.com> Tue, 29 April 2014 22:17 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A5591A09F2 for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 15:17:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAA3v7R5TDKP for <tls@ietfa.amsl.com>; Tue, 29 Apr 2014 15:17:05 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 102901A0953 for <tls@ietf.org>; Tue, 29 Apr 2014 15:17:04 -0700 (PDT)
Received: by mail-la0-f42.google.com with SMTP id mc6so642579lab.15 for <tls@ietf.org>; Tue, 29 Apr 2014 15:17:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=k4nootKIVAlkOJueztT+XPhoP79COfw8xAInDSCXjPs=; b=UjZ9Pjkocb2gXG5txOZ8fLHPk69VZX1hiqo1PMbhE4LBxPVvesIZcDckc6mApvNHil E5ZBMKY9CGrlbFe0MhLswtFXZXaeMNhwbCWYlzoQpSQ+Gafyc9bqs9/NoSfeemikKvx/ ayRPCKKV0InXVzj+7wzDCVA83TLKVg1Pe9xypEPIDUi02kWXSujyYKlpD7TgkSNgBJ8t 03vgLq4xa6LoKG4HCrmDN1Z1/KUwLe5Tsp+VsfgH2GijatD7zGL1a9YBP/+qpACKNe12 eOYuerpupRX4oV5t9xrIDbLJRmj1ssQetgCHavthVq4IdROQDLbfUwjpX+jt5vkYDcew kFbQ==
MIME-Version: 1.0
X-Received: by 10.152.199.39 with SMTP id jh7mr252509lac.18.1398809823221; Tue, 29 Apr 2014 15:17:03 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Tue, 29 Apr 2014 15:17:03 -0700 (PDT)
In-Reply-To: <2A0EFB9C05D0164E98F19BB0AF3708C7130742B777@USMBX1.msg.corp.akamai.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120C61F669@USMBX1.msg.corp.akamai.com> <20140428180218.C805D1ACE1@ld9781.wdf.sap.corp> <m2r44hw86f.fsf@localhost.localdomain> <CF855F95.39E86%paul@marvell.com> <CAL9PXLzCOyi2eWF39+oj0uEFWoU4muYBNm3hRYuZ-vepPxgN+A@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C7130742B777@USMBX1.msg.corp.akamai.com>
Date: Tue, 29 Apr 2014 18:17:03 -0400
Message-ID: <CAMm+LwjNDWqM1jTQHOwGAoycEHZtU3Ta3-mon2uxHb_AeV+i=g@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/vVCpIPZSNqEMxT8XhxTxbFtY038
Cc: Geoffrey Keating <geoffk@geoffk.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Status of X.509v3 TLS Feature Extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Apr 2014 22:17:06 -0000

On Tue, Apr 29, 2014 at 5:28 PM, Salz, Rich <rsalz@akamai.com> wrote:
>> It might well be that Must Staple is best done for just the leaf and that pushed CRLs are used for intermediate revocations.
>> That's the deployment model that I think is mostly likely.
>
> +1

If we revoke an intermediate that doesn't have a name constraint in
then I can't see how we would not be doing some pretty aggressive
pushing out of the CRL.

Name constraints might change that calculus at some point in the
future, but not for quite a long time.

-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email