[OAUTH-WG] Re: Status List Feature Request

Wed, 26 Feb 2025 08:48:20 -0800 

(chair hat off)

Hi Filip, Hi all,
this sounds like feature creep to me. I brought this work on status lists to the attention of the IETF LAMPS group, and there was zero interest from the PKI community in this type of solution. The PKIX community already has a wide range of established solutions for revocation and status checking.
Steffen could propose such an extension within LAMPS, if he cares about it. LAMPS is the place to define extensions to X.509 certificates. 

Ciao
Hannes


Am 26.02.2025 um 17:18 schrieb Filip Skokan:
I believe it is inappropriate and wildly out of scope for an oauth document to define X.509 extensions, which IIUC is needed in order to define the Status Claim for X.509? The important thing to make sure is that the document does not preclude a future X.509 extension being drafted (wherever its appropriate place may be) that makes use of the status list, and that already appears to be the case. 

S pozdravem,
*Filip Skokan*
On Fri, 7 Feb 2025 at 14:57, Christian Bormann <chris.bormann=40gmx...@dmarc.ietf.org> wrote: 

    Hi all,

    While going through the feedback and issues on github, there was
    one bigger discussion point that we would like to bring to the
    mailing list. Steffen Schwalm asked for support for X.509
    Certificate revocation with the Status List - in that case the
    Status List describing the status of an X.509 Certificate
    (relevant issue
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243).
    That would mean defining an extension to X.509 to embed the
    relevant information for a Status List (URI and index) and
    creating validation rules etc.

    While we understand the general motivation as is discussed in more
    detail in the issue, it would be somewhat of a change of scope for
    the Status List draft. We felt it might be out of scope of the
    OAuth Working Group and rather in scope of other working groups
    like lamps? Any comments/opinions would be appreciated!

    Best Regards,

    Christian Bormann

    _______________________________________________
    OAuth mailing list -- oauth@ietf.org
    To unsubscribe send an email to oauth-le...@ietf.org


_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org


_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to