IETF Logo Mail Archive

Re: [lamps] Draft LAMPS Recharter

Ryan Sleevi <ryan-ietf@sleevi.com> Wed, 02 May 2018 21:06 UTC

Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2023412DA23 for <spasm@ietfa.amsl.com>; Wed, 2 May 2018 14:06:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vY-0H4X05X0M for <spasm@ietfa.amsl.com>; Wed, 2 May 2018 14:06:20 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669BC12420B for <spasm@ietf.org>; Wed, 2 May 2018 14:06:20 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTP id E5C7820051C39 for <spasm@ietf.org>; Wed, 2 May 2018 14:06:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=9MforRsQ6QEDEqWtQnuKwEd6OCw=; b= k8ArDHqpdPCBXWtP7KMoTIicfMHRrsOG7iwqdOQLTQKoLmhzSjlvA+c61FZP9QJr mT3IAk0wg8egX/uxmyygj+qQ4z6+nriCMzP5UxgChU0zgK7m5mnJy8+rNXVoZLoc muFxe7va3xcx+Rq9o0WmRXYpeK4+Ms5zA50jXRTZpHw=
Received: from mail-io0-f176.google.com (mail-io0-f176.google.com [209.85.223.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTPSA id D691920051C36 for <spasm@ietf.org>; Wed, 2 May 2018 14:06:19 -0700 (PDT)
Received: by mail-io0-f176.google.com with SMTP id t23-v6so19155036ioc.10 for <spasm@ietf.org>; Wed, 02 May 2018 14:06:19 -0700 (PDT)
X-Gm-Message-State: ALQs6tCaGe4NbgZXoiBiiglZTM0nRM/HIirTV0iKSrmLbUQA7XOXEGB7 +mcg085roLYH+GIdrOL7GyA4eOXvufLtCbLHYjk=
X-Google-Smtp-Source: AB8JxZoXAUpvCzGbMW3MjTv8KN7Tz5aAV2J8WYkRl+d+bamFp61L6grZl895g3YqLiKnx+IZiWIc6HE6dtLDSRSg3lQ=
X-Received: by 2002:a6b:d312:: with SMTP id s18-v6mr18736792iob.284.1525295179291; Wed, 02 May 2018 14:06:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:985a:0:0:0:0:0 with HTTP; Wed, 2 May 2018 14:06:18 -0700 (PDT)
In-Reply-To: <94C70910-6BA3-4364-BE43-3316AE1E51C6@vigilsec.com>
References: <1D329233-AFCE-421B-81FE-EDDC30386260@vigilsec.com> <94C70910-6BA3-4364-BE43-3316AE1E51C6@vigilsec.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Wed, 02 May 2018 17:06:18 -0400
X-Gmail-Original-Message-ID: <CAErg=HF40T1CLuu=5GebtsvFMphtSRyK+O5TpTn0pTz1v9jMgQ@mail.gmail.com>
Message-ID: <CAErg=HF40T1CLuu=5GebtsvFMphtSRyK+O5TpTn0pTz1v9jMgQ@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: LAMPS <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000056eade056b3f7533"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/dGRFjQqz9fCzCUzdibOadMIF_BY>
Subject: Re: [lamps] Draft LAMPS Recharter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 May 2018 21:06:22 -0000

On Wed, May 2, 2018 at 10:41 AM, Russ Housley <housley@vigilsec.com> wrote:

> Based on the discussion in London and the "Potential Topics for LAMPS
> Recharter" mail thread.  We propose the attached charter text.  Please
> review and comment.
>
> Russ & Tim
>
> = = = = = = = = =
>
> 3. Specify the use of short-lived X.509 certificates for which no
> revocation information is made available by the Certification Authority.
> Short-lived certificates have a lifespan that is shorter than the time
> needed to detect, report, and distribute revocation information, as a
> result revoking them pointless.
>

I didn't see much discussion on the list in support for this, but
apologies, I missed the discussion in SECDISPATCH when this draft was
discussed.

Is this being envisioned for the use in the PKI typically called the "Web
PKI", or is this being seen as a draft for private use cases? I have read
the draft, and do not feel this was clearly and unambiguously answered.

I ask because, for various policy reasons, I would expect that undertaking
this work may result in policies that explicitly prohibit it from being
deployed on the Web PKI.

As a practical matter, the draft acknowledges an alternative design
(namely, OCSP stapling), but its two objections to this work do not hold.
As a consequence, I have concerns about the motivations for and the
alternatives considered, and thus don't think LAMPS needs to consider such
work in scope at this time.

v2.23.0 | Report a Bug | By Email