Re: [certid] Review of draft-saintandre-tls-server-id-check
Stefan Santesson <stefan@aaa-sec.com> Thu, 09 September 2010 19:39 UTC
Return-Path: <stefan@aaa-sec.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 8A12C3A68EC for <certid@core3.amsl.com>;
Thu, 9 Sep 2010 12:39:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.533
X-Spam-Level:
X-Spam-Status: No, score=-102.533 tagged_above=-999 required=5 tests=[AWL=0.716,
BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1,
USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQ0PjbbvWC6N for
<certid@core3.amsl.com>; Thu, 9 Sep 2010 12:38:58 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.115]) by core3.amsl.com
(Postfix) with ESMTP id 5AA9C3A68E3 for <certid@ietf.org>;
Thu, 9 Sep 2010 12:38:22 -0700 (PDT)
Received: from s19.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se
(Postfix) with ESMTP id D15773A6849 for <certid@ietf.org>;
Thu, 9 Sep 2010 21:37:03 +0200 (CEST)
Received: (qmail 71161 invoked from network); 9 Sep 2010 19:36:55 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.5])
(stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>)
by s19.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for
<shuque@isc.upenn.edu>; 9 Sep 2010 19:36:55 -0000
User-Agent: Microsoft-Entourage/12.26.0.100708
Date: Thu, 09 Sep 2010 21:36:54 +0200
From: Stefan Santesson <stefan@aaa-sec.com>
To: Shumon Huque <shuque@isc.upenn.edu>
Message-ID: <C8AF03F6.EC6E%stefan@aaa-sec.com>
Thread-Topic: [certid] Review of draft-saintandre-tls-server-id-check
Thread-Index: ActQVltWPSULorgnYEC0PcrppggBrg==
In-Reply-To: <20100909183829.GA4332@isc.upenn.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: Bernard Aboba <bernard_aboba@hotmail.com>, daedulus@btconnect.com,
IETF cert-based identity <certid@ietf.org>, ietf@ietf.org
Subject: Re: [certid] Review of draft-saintandre-tls-server-id-check
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 19:39:17 -0000
On 10-09-09 8:38 PM, "Shumon Huque" <shuque@isc.upenn.edu> wrote: > Earlier in RFC 4985, it says: > > The SRVName, if present, MUST contain a service name and a domain > name in the following form: > > _Service.Name > > The content of the components of this name form MUST be consistent > with the corresponding definition of these components in an SRV RR > according to RFC 2782 > > I think this was actually clear enough. The subsequent statement that > Name is "The DNS domain name of the domain where the specified service > is located." (which could mean any of a number of things) confused the > issue, and probably should not have been in the document. Agreed, but since it will be an errata, the text must be corrected. Do you agree with my proposal? "The DNS domain name of a domain for which the certified subject is authorized to provide the identified service." /Stefan
- [certid] Fwd: Review of draft-saintandre-tls-serv… Paul Hoffman
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Bernard Aboba
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… James Schaad
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Paul Hoffman
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Richard L. Barnes
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Martin Rex
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] [TLS] Review of draft-saintandre-tls… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] [TLS] Review of draft-saintandre-tls… James Schaad
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- [certid] Why require EKU for certid? Paul Hoffman
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] [TLS] Why require EKU for certid? Jim Schaad
- Re: [certid] Why require EKU for certid? Martin Rex
- Re: [certid] Why require EKU for certid? Henry B. Hotz
- [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] CN-ID and name constraints Martin Rex
- Re: [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] CN-ID and name constraints Martin Rex
- Re: [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] CN-ID and name constraints (oops) Matt McCutchen
- Re: [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Jim Schaad
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] Why require EKU for certid? Paul Hoffman
- Re: [certid] Why require EKU for certid? Stefan Santesson
- Re: [certid] Why require EKU for certid? Paul Hoffman
- Re: [certid] Why require EKU for certid? Martin Rex
- Re: [certid] Why require EKU for certid? Stefan Santesson
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Jim Schaad
- Re: [certid] CN-ID and name constraints Carl Wallace