[cabf_validation] Random value vs Freshness value

Tim Hollebeek tim.hollebeek at digicert.com
Thu Dec 7 08:12:38 MST 2017


I looked into it and you’re right.  I’ve updated the branch.

 

From: Jacob Hoffman-Andrews [mailto:jsha at letsencrypt.org] 
Sent: Wednesday, December 6, 2017 4:23 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/Browser Forum Validation WG List <validation at cabforum.org>
Subject: Re: [cabf_validation] Random value vs Freshness value

 

I think Required Website Content should be "a Freshness Value or a Request Token," rather than "a Secret Value or a Request Token" as you have it here, right?

 

On Wed, Dec 6, 2017 at 1:59 PM, Tim Hollebeek via Validation <validation at cabforum.org <mailto:validation at cabforum.org> > wrote:

 

https://github.com/cabforum/documents/compare/master...timfromdigicert:timfromdigicert-splitrandomvalue

 

This is the smallest change that can be made.  I think it makes things a lot clearer, as the motivation for various requirements makes more sense (e.g. Secret Values must only be sent to the intended recipients, and Freshness Values must actually be fresh [1]).

 

Duplicate language about Secret Values and Freshness Values could actually be moved to a common location above the methods, instead appearing in each method.  Now that we are using two different terms for two different things, the requirements are actually uniform across the methods, with the exception of the bug noted above.

 

-Tim

 

[1] There’s actually a bug in method 10, where the Freshness Value has no freshness requirement.  Should we fix that?

 


_______________________________________________
Validation mailing list
Validation at cabforum.org <mailto:Validation at cabforum.org> 
https://cabforum.org/mailman/listinfo/validation

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20171207/5dceef12/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20171207/5dceef12/attachment.p7s>


More information about the Validation mailing list