Re: [certid] representation and verification of identity in certificates
Paul Hoffman <phoffman@imc.org> Wed, 10 March 2010 16:37 UTC
Return-Path: <phoffman@imc.org>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 9C00E3A6BE6 for <certid@core3.amsl.com>;
Wed, 10 Mar 2010 08:37:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rkh043LJmXGu for
<certid@core3.amsl.com>; Wed, 10 Mar 2010 08:37:12 -0800 (PST)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227])
by core3.amsl.com (Postfix) with ESMTP id 4A76B3A6BDB for <certid@ietf.org>;
Wed, 10 Mar 2010 08:37:09 -0800 (PST)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net
[75.101.30.90]) (authenticated bits=0) by balder-227.proper.com
(8.14.2/8.14.2) with ESMTP id o2AGbAk7057092 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Wed, 10 Mar 2010 09:37:13 -0700 (MST) (envelope-from phoffman@imc.org)
Mime-Version: 1.0
Message-Id: <p06240802c7bd7ad918d9@[10.20.30.158]>
In-Reply-To: <87d3zclgva.fsf@mocca.josefsson.org>
References: <4B969728.3090907@stpeter.im> <87d3zclgva.fsf@mocca.josefsson.org>
Date: Wed, 10 Mar 2010 08:37:11 -0800
To: Simon Josefsson <simon@josefsson.org>, certid@ietf.org
From: Paul Hoffman <phoffman@imc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [certid] representation and verification of identity in
certificates
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 16:37:13 -0000
At 9:29 AM +0100 3/10/10, Simon Josefsson wrote: >Did you consider discussing name check rules for OpenPGP based >certificate validation as well? That is currently an underspecified >area, and GnuTLS had to just pick one reasonable algorithm here. > >If this is not in scope, I think it would help to clarify the scope of >your document if the term 'X.509' was mentioned in the abstract and in >section '1.2 Scope'. Let's keep this to PKIX (not X.509, which lacks some of the alt attributes needed in the discussion) and also not include OpenPGP. Note, however, that we might learn something from the successes and failures in the OpenPGP world.
- Re: [certid] representation and verification of i… Simon Josefsson
- Re: [certid] representation and verification of i… Paul Hoffman
- Re: [certid] representation and verification of i… Peter Saint-Andre