X.509 already has its own revocation infrastructure (in fact, more than one
kind!). We needn’t complicate this spec to add another one for X.509.
-- Mike
From: Brian Campbell <[email protected]>
Sent: Wednesday, February 26, 2025 4:46 PM
To: Filip Skokan <[email protected]>
Cc: Christian Bormann <[email protected]>; oauth
<[email protected]>
Subject: [OAUTH-WG] Re: Status List Feature Request
I concur with Filip's perspective.
On Wed, Feb 26, 2025, 4:21 PM Filip Skokan
<[email protected]<mailto:[email protected]>> wrote:
I believe it is inappropriate and wildly out of scope for an oauth document to
define X.509 extensions, which IIUC is needed in order to define the Status
Claim for X.509? The important thing to make sure is that the document does not
preclude a future X.509 extension being drafted (wherever its appropriate place
may be) that makes use of the status list, and that already appears to be the
case.
S pozdravem,
Filip Skokan
On Fri, 7 Feb 2025 at 14:57, Christian Bormann
<[email protected]<mailto:[email protected]>> wrote:
Hi all,
While going through the feedback and issues on github, there was one bigger
discussion point that we would like to bring to the mailing list. Steffen
Schwalm asked for support for X.509 Certificate revocation with the Status List
- in that case the Status List describing the status of an X.509 Certificate
(relevant issue
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243). That
would mean defining an extension to X.509 to embed the relevant information for
a Status List (URI and index) and creating validation rules etc.
While we understand the general motivation as is discussed in more detail in
the issue, it would be somewhat of a change of scope for the Status List draft.
We felt it might be out of scope of the OAuth Working Group and rather in scope
of other working groups like lamps? Any comments/opinions would be appreciated!
Best Regards,
Christian Bormann
_______________________________________________
OAuth mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to
[email protected]<mailto:[email protected]>
_______________________________________________
OAuth mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to
[email protected]<mailto:[email protected]>
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately by
e-mail and delete the message and any file attachments from your computer.
Thank you.
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
