IETF Logo Mail Archive

Re: [certid] open issue: wildcards in component fragments

ArkanoiD <ark@eltex.net> Thu, 07 October 2010 12:56 UTC

Return-Path: <ark@eltex.net>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F28E03A6E6F for <certid@core3.amsl.com>; Thu, 7 Oct 2010 05:56:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tFRKbp6H7jcQ for <certid@core3.amsl.com>; Thu, 7 Oct 2010 05:56:56 -0700 (PDT)
Received: from lebedev-225.itcwin.com (unknown [88.201.200.225]) by core3.amsl.com (Postfix) with ESMTP id E79D93A6D27 for <certid@ietf.org>; Thu, 7 Oct 2010 05:56:55 -0700 (PDT)
Received: from lebedev-225.itcwin.com (ark@localhost.my.domain [127.0.0.1]) by lebedev-225.itcwin.com (8.14.3/8.14.3) with ESMTP id o97CvtQW002859; Thu, 7 Oct 2010 16:57:55 +0400 (MSD)
Received: (from ark@localhost) by lebedev-225.itcwin.com (8.14.3/8.14.3/Submit) id o97Cvshw007302; Thu, 7 Oct 2010 16:57:54 +0400 (MSD)
X-Authentication-Warning: lebedev-225.itcwin.com: ark set sender to ark@eltex.net using -f
Date: Thu, 7 Oct 2010 16:57:54 +0400
From: ArkanoiD <ark@eltex.net>
To: Peter Saint-Andre <stpeter@stpeter.im>
Message-ID: <20101007125754.GA11638@eltex.net>
References: <4CACEEBC.8010109@stpeter.im>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <4CACEEBC.8010109@stpeter.im>
User-Agent: Mutt/1.4.2.3i
Cc: IETF cert-based identity <certid@ietf.org>
Subject: Re: [certid] open issue: wildcards in component fragments
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2010 12:56:57 -0000

Are there any such certificates "in the wild"? Do current clients support it?
If there aren't any and it is not supported anyways, let's keep status quo and do not make things more complicated than needed. For www1, www2 etc one may use extra name component and that's all.

On Wed, Oct 06, 2010 at 03:48:44PM -0600, Peter Saint-Andre wrote:
> 
> (e.g., baz*.example.net is not allowed and MUST NOT be taken to match
>    baz1.example.net and baz2.example.net)
> 
> This is in clear contradiction to the wildcard matching specified
> in rfc-2818 Section 3.1.  And without any rationale for this U-Turn,
> that seems to be entirely inappropriate for a BCP.
>

v2.8.7 | Report a Bug | By Email