Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>, Russ Housley <housley@xxxxxxxxxxxx>
Subject: Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
From: "Salz, Rich" <rsalz@xxxxxxxxxx>
Date: Thu, 10 Jan 2019 19:15:37 +0000
Cc: LAMPS WG <spasm@xxxxxxxx>, "draft-ietf-lamps-hash-of-root-key-cert-extn@xxxxxxxx" <draft-ietf-lamps-hash-of-root-key-cert-extn@xxxxxxxx>, IETF <ietf@xxxxxxxx>
In-reply-to: <8736q0fqy8.fsf@fifthhorseman.net>
References: <154594881588.11855.12133790922363153381.idtracker@ietfa.amsl.com> <1AB99D11-5B25-4A97-9FFD-17E318ADD739@vpnc.org> <87va35o7pe.fsf@fifthhorseman.net> <38891959-38F6-4FA5-B7B1-ACB50921E300@vigilsec.com> <87k1jlnxnu.fsf@fifthhorseman.net> <2AB77CF4-ADD6-4EE6-ABB2-BCDAC4BF6631@vigilsec.com> <87imyxh8fy.fsf@fifthhorseman.net> <175B8CA7-17E8-48EC-BEFA-9E5D4B685B48@akamai.com> <87y37tf71a.fsf@fifthhorseman.net> <B7E3EAEB-90EE-46D7-9481-ED1234A7424A@akamai.com> <8736q0fqy8.fsf@fifthhorseman.net>
User-agent: Microsoft-MacOutlook/10.15.0.190108

    > If both checks succeed, then the potential Root CA certificate is
    > added to the trust anchor store and the current Root CA certificate is
    > removed.

I suggest adding "after an appropriate amount of time (such as no old certificate chains being in use)."

Does that solve the issue?

Follow-Ups:
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Russ Housley

References:
- Re: Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Paul Hoffman
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Russ Housley
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Salz, Rich
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Daniel Kahn Gillmor
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Salz, Rich
- Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
  - From: Daniel Kahn Gillmor

Prev by Date: Rtgdir last call review of draft-ietf-ccamp-alarm-module-06
Next by Date: Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
Previous by thread: Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
Next by thread: Re: [lamps] Last Call: <draft-ietf-lamps-hash-of-root-key-cert-extn-02.txt> (Hash Of Root Key Certificate Extension) to Informational RFC
Index(es):
- Date
- Thread

[Index of Archives] [IETF Annoucements] [IETF] [IP Storage] [Yosemite News] [Linux SCTP] [Linux Newbies] [Mhonarc] [Fedora Users]