IETF Logo Mail Archive

Re: [Uta] (extra) WGLC for draft-ietf-uta-tls-bcp-07.txt

Rick Andrews <Rick_Andrews@symantec.com> Tue, 09 December 2014 21:40 UTC

Return-Path: <Rick_Andrews@symantec.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0305C1A036E for <uta@ietfa.amsl.com>; Tue, 9 Dec 2014 13:40:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaqwcDeLaNsS for <uta@ietfa.amsl.com>; Tue, 9 Dec 2014 13:40:21 -0800 (PST)
Received: from tus1smtoutpex01.symantec.com (tus1smtoutpex01.symantec.com [216.10.195.241]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0488C1A0119 for <uta@ietf.org>; Tue, 9 Dec 2014 13:40:20 -0800 (PST)
X-AuditID: d80ac3f1-f79ef6d000002cd2-4a-54876c44c674
Received: from ecl1mtahubpin01.ges.symantec.com (ecl1mtahubpin01.ges.symantec.com [10.48.69.201]) by tus1smtoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id 6D.A4.11474.44C67845; Tue, 9 Dec 2014 21:40:20 +0000 (GMT)
Received: from [155.64.220.137] (helo=TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM) by ecl1mtahubpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from <Rick_Andrews@symantec.com>) id 1XySW2-0008IU-P5; Tue, 09 Dec 2014 21:40:18 +0000
Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.147]) by TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM ([155.64.220.137]) with mapi; Tue, 9 Dec 2014 13:40:04 -0800
From: Rick Andrews <Rick_Andrews@symantec.com>
To: Richard Moore <richmoore44@gmail.com>, "uta@ietf.org" <uta@ietf.org>
Date: Tue, 09 Dec 2014 13:40:02 -0800
Thread-Topic: [Uta] (extra) WGLC for draft-ietf-uta-tls-bcp-07.txt
Thread-Index: AdAT6tVy7AoVTBemQmqnuQDZlnxwoQADXcig
Message-ID: <544B0DD62A64C1448B2DA253C011414607D8761DA5@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM>
References: <5462AF4E.1070907@sunet.se> <54633EDB.6000805@cs.tcd.ie> <CAFewVt5YrcNT7kz6cD_gbMgB_7FO_Ao_0SLy-zpYMCNPo+FD_w@mail.gmail.com> <546421C9.3020904@andyet.net> <546433D2.8050900@sunet.se> <546495E1.9070601@cs.tcd.ie> <54657000.2050604@gmail.com> <547D1D91.5080208@andyet.net> <D5078E1A-C366-4EDD-BC5B-B298991F5E14@gmail.com> <547E578F.4090502@andyet.net> <CAFewVt5q54T2vxVcRSa6fFvWsxHJGxVAOKOdfV3knOi_SA8yQg@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C71D547A9CC3@USMBX1.msg.corp.akamai.com> <CA+K9O5REYk_p85LOx3xmPpCcQA8FefyETaFeuVZDwX5dOB3ZyA@mail.gmail.com> <544B0DD62A64C1448B2DA253C011414607D85B314E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <CAMp7mVsvdMJAJQYB5n_B-7YRBa9Lav7mzqr1mQec736YgjfTnQ@mail.gmail.com>
In-Reply-To: <CAMp7mVsvdMJAJQYB5n_B-7YRBa9Lav7mzqr1mQec736YgjfTnQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_544B0DD62A64C1448B2DA253C011414607D8761DA5TUS1XCHEVSPIN_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrFIsWRmVeSWpSXmKPExsXCZeB6Utclpz3E4Ha3jMWbV7/ZLE4dbWZ0 YPLYOesuu8eSJT+ZApiiuGxSUnMyy1KL9O0SuDLutexnK5ilW7H45G+mBsYJGl2MnBwSAiYS bza1skHYYhIX7q0Hsrk4hATeMUrs7t3HDOG8YpS4fnASK4SzklHi4IwzjCAtbAJ6ElseX2EH sUUEPCRWXtzJDGKzCKhIrGk5DFYjLOAoMW36PBaIGieJi58+sEHYRhKNGw6A1fAKREksurEE avUzVomPT1eCNXAKBEqsfTQFzGYEuu/7qTVMIDazgLjErSfzmSDuFpBYsuc8M4QtKvHy8T9W iHpRiTvt6xkh6vMlzh2czAyxTFDi5MwnLBMYRWchGTULSdksJGUQcR2JBbs/sUHY2hLLFr5m hrHPHHjMhCy+gJF9FaNMSWmxYXFuSX5pSUFqhYGhXnFlbiIw/pL1kvNzNzECY/AG1+GPOxiP 7nU8xCjAwajEw9sX0h4ixJpYBlR5iFGCg1lJhHctC1CINyWxsiq1KD++qDQntfgQozQHi5I4 b2lEfoiQQHpiSWp2ampBahFMlomDU6qB8eXPWpk/Ne8s7D7LH1faKKN75ka18MPSGwXy3lxL ZoaV/Zvmfmjdz+vr1BL1fd4rLFR79Ki7/0/i21b1ztTs4sUnWfI0Llx9NDsnZ8/d50lnThj1 TWE0/93fsrnv1Nz1P1/O3z+ngunkR+XZX+c9SUg3/cbrmHnV4KDW+vOxrxws0pxWey6+3ajE UpyRaKjFXFScCADSt5O1vQIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/1mpOe29jpIkzNu0bKR3P8JDpp7E
Subject: Re: [Uta] (extra) WGLC for draft-ietf-uta-tls-bcp-07.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2014 21:40:23 -0000

Rich, if the device itself does cert validation, yes, I would agree with you. But there may be other options where head ends or some other kind of proxy (more capable than the devices themselves) perform validation on behalf of downstream devices. In such cases, CRLs might be more efficient than issuing many unique OCSP requests.

From: Richard Moore [mailto:richmoore44@gmail.com]
Sent: Monday, December 08, 2014 1:21 PM
To: uta@ietf.org
Subject: Re: [Uta] (extra) WGLC for draft-ietf-uta-tls-bcp-07.txt



On 8 December 2014 at 20:33, Rick Andrews <Rick_Andrews@symantec.com<mailto:Rick_Andrews@symantec.com>> wrote:
Still, I wouldn't remove the discussion of CRLs. It's possible that they will prove better than alternatives in some IoT applications.


Really? I'm not sure how small devices will even be able to hold the CRLs given the size let alone process them? I'd have thought something along the lines of the must-staple certificate extension would be a lot more practical there.

Rich.

v2.23.0 | Report a Bug | By Email