[Trans] Precertificate format
Melinda Shore <melinda.shore@gmail.com> Mon, 08 September 2014 18:50 UTC
Return-Path: <melinda.shore@gmail.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 776FA1A0307 for <trans@ietfa.amsl.com>; Mon, 8 Sep 2014 11:50:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pHMdYoIeV0dc for <trans@ietfa.amsl.com>; Mon, 8 Sep 2014 11:50:32 -0700 (PDT)
Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0043A1A0306 for <trans@ietf.org>; Mon, 8 Sep 2014 11:50:31 -0700 (PDT)
Received: by mail-pa0-f48.google.com with SMTP id hz1so6348769pad.21 for <trans@ietf.org>; Mon, 08 Sep 2014 11:50:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=RXmqN0MANXR/4CBf7lSutaRCpn1Iy2A9bvTdp7U9EPs=; b=pyl+wskXa+2RZNFSzasBrZmdDdT75vMU1OBSAPX1gY5wKcPNwA63kAklY4LL5qwJuc oxQ1rNt5uQohThPzrPCtW1vBWVbAh4upv/gTCniU3KFDHVxlPdHGslg6AAUoUyBIuxKp d2/iUEwDPV4DUN6Njna0WlkMntyMKL7m9AzTqZ/vkhWDxi10wCeA7/5dhC/vA83Cdq4S 1uudFBGfwiqeyGOu9kjko7X9QyuzLKHBitzgWXs0giyOn8V0OxbEvdzqOPnGFjR7KDvK CWM/Ue75IO6CBnOBajYNj1BuZNA8pXog0Sbpbjf40vmULBGv2HqjLBT+CMw3hAGZYL+O 6Dbw==
X-Received: by 10.66.240.197 with SMTP id wc5mr28813898pac.87.1410202231639; Mon, 08 Sep 2014 11:50:31 -0700 (PDT)
Received: from spandex.local (69-161-3-58-rb2.sol.dsl.dynamic.acsalaska.net. [69.161.3.58]) by mx.google.com with ESMTPSA id e11sm9681613pdm.47.2014.09.08.11.50.30 for <trans@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 08 Sep 2014 11:50:31 -0700 (PDT)
Message-ID: <540DFA75.2040000@gmail.com>
Date: Mon, 08 Sep 2014 10:50:29 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: "trans@ietf.org" <trans@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/dzLRR90ajWnseZvL8xVZR-Rt8v4
Subject: [Trans] Precertificate format
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2014 18:50:33 -0000
It seems as if we've been talking about precertificate format for quite some time, without coming to resolution. Let's try to find agreement on how to handle it and close issue 26. The ticket, with description, is here: http://trac.tools.ietf.org/wg/trans/trac/ticket/26 The fundamental problem is that because precertificates are currently encoded as X.509 structures we have the potential for two certificates to exist with the same issuer and same serial number. Because the precertificate is not usable as a TLS certificate in practice, this may not be an issue. However, it's a clear violation of section 4.1.2.2 in 5280 (and to be honest I'm a little fuzzy on its implications for CRL processing). So, are you all comfortable with letting the X.509 representation stand, or do you have an alternative proposal? Thanks, Melinda
- [Trans] Precertificate format Melinda Shore
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Melinda Shore
- Re: [Trans] Precertificate format Brian Smith
- Re: [Trans] Precertificate format Rick Andrews
- Re: [Trans] Precertificate format Hill, Brad
- Re: [Trans] Precertificate format Matt Palmer
- Re: [Trans] Precertificate format Matt Palmer
- Re: [Trans] Precertificate format Eran Messeri
- Re: [Trans] Precertificate format Tomas Gustavsson
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Carl Wallace
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Hill, Brad
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Brian Smith
- Re: [Trans] Precertificate format Hill, Brad
- Re: [Trans] Precertificate format Brian Smith
- Re: [Trans] Precertificate format Brian Smith
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Brian Smith
- Re: [Trans] Precertificate format Kyle Hamilton
- Re: [Trans] Precertificate format Watson Ladd
- Re: [Trans] Precertificate format Tomas Gustavsson
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Melinda Shore
- Re: [Trans] Precertificate format Melinda Shore
- Re: [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Jeremy Rowley
- Re: [Trans] Precertificate format Erwann Abalea
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Erwann Abalea
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Rob Stradling
- Re: [Trans] Precertificate format Erwann Abalea
- [Trans] Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Melinda Shore
- Re: [Trans] Precertificate format Stephen Davidson
- Re: [Trans] Precertificate format Ben Laurie
- [Trans] Fwd: Precertificate format Erwann Abalea
- Re: [Trans] Fwd: Precertificate format Ben Laurie
- Re: [Trans] Precertificate format Stephen Kent
- Re: [Trans] Precertificate format Russ Housley
- Re: [Trans] Precertificate format Rob Stradling