Re: [TLS] Consensus call for certificate URL extension

To: <jsalowey at cisco.com>, <tls at ietf.org>
Subject: Re: [TLS] Consensus call for certificate URL extension
From: <Pasi.Eronen at nokia.com>
Date: Wed, 24 Sep 2008 11:41:46 +0300
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE5069401B0 at xmb-sjc-225.amer.cisco.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <AC1CFD94F59A264488DC2BEC3E890DE5069401B0 at xmb-sjc-225.amer.cisco.com>
Sender: tls-bounces at ietf.org
Thread-index: AckdOECbfdU7CxSbTMO5eNhYIbQb0QA6Jt2Q
Thread-topic: [TLS] Consensus call for certificate URL extension

<not wearing any hats>

I'd be fine with (B), or with just deprecating the whole
extension (without creating a new extension to replace it).

Given the amount of use this extension has received so far 
(i.e. none), I don't think creating a new extension, or
otherwise adding more functionality (such as Alfred's
proposal for hash agility in #46) would be useful. 

Best regards,
Pasi 

> -----Original Message-----
> From: tls-bounces at ietf.org [mailto:tls-bounces at ietf.org] On 
> Behalf Of ext Joseph Salowey (jsalowey)
> Sent: 23 September, 2008 07:53
> To: tls at ietf.org
> Subject: [TLS] Consensus call for certificate URL extension
> 
> We need to close this open issue.  I think there are two basic options
> that address the security issues that have been raised:
> 
> A) Deprecate the current extension and create a similar new extension
> with the hash mandatory.
> 
> B) Make the hash mandatory in the current extension.  This should not
> cause deployment problems because there are no known deployments that
> make the hash optional.
> 
> In either case, we can include hash agility as described in
> http://trac.tools.ietf.org/wg/tls/trac/ticket/46. If there is 
> support in
> the working group for the use case where the certificate is updated
> offline then we can possibly work on a new extension in a new document
> that incorporates ideas expressed on the list.
> 
> Please express you preference on the list for one of these options by
> 10/6/2008.
> 
> Thanks,
> 
> Joe
> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls
> 
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Consensus call for certificate URL extension
  - From: Joseph Salowey (jsalowey)

Prev by Date: [TLS] New version of draft-ietf-tls-psk-new-mac-aes-gcm
Next by Date: Re: [TLS] Consensus call for certificate URL extension
Previous by thread: Re: [TLS] Consensus call for certificate URL extension
Next by thread: Re: [TLS] Consensus call for certificate URL extension
Index(es):
- Date
- Thread

Re: [TLS] Consensus call for certificate URL extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.