[certid] open issues
Peter Saint-Andre <stpeter@stpeter.im> Thu, 08 April 2010 21:38 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id C6B0828C0E9 for <certid@core3.amsl.com>;
Thu, 8 Apr 2010 14:38:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.27
X-Spam-Level:
X-Spam-Status: No, score=-2.27 tagged_above=-999 required=5 tests=[AWL=0.329,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KcP+IIhj01h5 for
<certid@core3.amsl.com>; Thu, 8 Apr 2010 14:38:43 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com
(Postfix) with ESMTP id A9AE83A67F5 for <certid@ietf.org>;
Thu, 8 Apr 2010 14:38:43 -0700 (PDT)
Received: from dhcp-64-101-72-158.cisco.com (dhcp-64-101-72-158.cisco.com
[64.101.72.158]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with
ESMTPSA id C91CF40E15 for <certid@ietf.org>;
Thu, 8 Apr 2010 15:38:39 -0600 (MDT)
Message-ID: <4BBE4CDE.5000703@stpeter.im>
Date: Thu, 08 Apr 2010 15:38:38 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms020600080803030003010707"
Subject: [certid] open issues
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2010 21:38:44 -0000
I'd like to come up with a complete list of the open issues related to draft-saintandre-tls-server-id-check. Please reply to this thread with additional open issues, then I will start a separate thread about each. Here's what I have so far: 1. Why exclude iPAddress from the scope? 2. Why exclude self-signed certs from the scope? 3. Should we forbid wildcards altogether? 4. Should we provide more guidance regarding wildcards? (For example, encourage issuance only for Class 2 certs.) 5. We need to document the security considerations for wildcards. 6. Should we move the text about CNs to a non-normative note? 7. Should we remove the rule about allowing a domain name in the CN only as the leftmost RDN? 8. We need to document the security considerations for CNs. 9. We need to specify how to handle internationalized domain names. (For example, specify IDNA2003 or IDNA2008 or straight punycode or some combination of recommendations.) 10. We need to specify matching rules for the uniformResourceIdentifier SAN. 11. We need to specify matching rules for the SRVName SAN. 12. We need to separate the domain checking rules from the service type checking rules. Anything else? Peter -- Peter Saint-Andre https://stpeter.im/
- [certid] open issues Peter Saint-Andre
- Re: [certid] open issues Alexey Melnikov
- Re: [certid] open issues Bruno Harbulot