On Tue, Aug 09, 2022 at 04:12:37PM -0700, Eric Rescorla wrote: > n Tue, Aug 9, 2022 at 4:08 PM Benjamin Kaduk <bka...@akamai.com> wrote: > > > On Tue, Aug 09, 2022 at 03:59:01PM -0700, Eric Rescorla wrote: > > > > > > Be that as it may, the browsers generally require conformance to the BRs > > > (see, for > > > instance > > > > > https://urldefense.com/v3/__https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/__;!!GjvTz_vk!UPmxyrKmaL10wJG8moM9lRB_dy37NNBtZYo3xVxxNx1_6JSsjXC25--ngicIeypX3KAVLzA$ > > > > > S 2.3, > > > > > https://urldefense.com/v3/__https://www.chromium.org/Home/chromium-security/root-ca-policy/__;!!GjvTz_vk!UPmxyrKmaL10wJG8moM9lRB_dy37NNBtZYo3xVxxNx1_6JSsjXC25--ngicIeypXz_sK-Pc$ > > S 1) > > > so what the BRs say is relevant in this discussion. > > > > While it seems almost inevitable that the Web PKI will be used for some > > deployments of NTS, it also seems that NTS as a protocol is quite > > untethered to > > browser behavior or the Web PKI. So while I agree that the CABF BRs are > > relevant, they probably ought not be treated as the sole authority. > > > > Fair enough. I would make several points: > > 1. Peter's message was not qualified to NTS. He wrote > "For commercial CAs, the expiry time is a billing mechanism, not a security > mechanism. " > > So I was attempting to respond to the bigger picture.
Ok. > 2. It seems quite likely that many of the NTS certificates will be from > WebPKI CAs, > just because that's what's easy to get, and so you can't count on them > providing > revocation after expiry. Agreed, that's my "almost inevitable". > 3. Are you aware of some other set of rules for certificate issuance that > require > revocation after the certificate has expired? No. And to be honest I would be somewhat surprised to learn of one, since one of the big gains of having an expiration at all (vs just tracking revocation information) is to simplify the database of revocation information by allowing for pruning after expiry. Perhaps some sort of "official records" system might need it, but that's pure speculation. Private parties not part of a broader PKI can of course use whatever policies and procedures they want. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
