Re: [certid] representation and verification of identity in certificates
Peter Saint-Andre <stpeter@stpeter.im> Wed, 10 March 2010 16:47 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id ADA523A6BDB for <certid@core3.amsl.com>;
Wed, 10 Mar 2010 08:47:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.567
X-Spam-Level:
X-Spam-Status: No, score=-2.567 tagged_above=-999 required=5 tests=[AWL=0.032,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9lxdHvflvBru for
<certid@core3.amsl.com>; Wed, 10 Mar 2010 08:47:00 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com
(Postfix) with ESMTP id A87833A6912 for <certid@ietf.org>;
Wed, 10 Mar 2010 08:47:00 -0800 (PST)
Received: from dhcp-64-101-72-245.cisco.com (dhcp-64-101-72-245.cisco.com
[64.101.72.245]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with
ESMTPSA id 298B040D3A for <certid@ietf.org>;
Wed, 10 Mar 2010 09:47:05 -0700 (MST)
Message-ID: <4B97CD04.3050700@stpeter.im>
Date: Wed, 10 Mar 2010 09:47:00 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3
MIME-Version: 1.0
To: certid@ietf.org
References: <4B969728.3090907@stpeter.im> <87d3zclgva.fsf@mocca.josefsson.org>
<p06240802c7bd7ad918d9@[10.20.30.158]>
In-Reply-To: <p06240802c7bd7ad918d9@[10.20.30.158]>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms020504080203070906090103"
Subject: Re: [certid] representation and verification of identity in
certificates
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 16:47:01 -0000
On 3/10/10 9:37 AM, Paul Hoffman wrote: > At 9:29 AM +0100 3/10/10, Simon Josefsson wrote: >> Did you consider discussing name check rules for OpenPGP based >> certificate validation as well? That is currently an >> underspecified area, and GnuTLS had to just pick one reasonable >> algorithm here. >> >> If this is not in scope, I think it would help to clarify the scope >> of your document if the term 'X.509' was mentioned in the abstract >> and in section '1.2 Scope'. > > Let's keep this to PKIX (not X.509, which lacks some of the alt > attributes needed in the discussion) and also not include OpenPGP. > Note, however, that we might learn something from the successes and > failures in the OpenPGP world. The authors have consciously limited the scope of the document, at times only because wiser heads insisted on it. While related problems are interesting (IPsec, OpenPGP, client certs), I think we'll need to work on those in separate documents. Perhaps someday we'll have a grand unified theory of identity in certs/keys/etc., but not yet. :) Peter -- Peter Saint-Andre https://stpeter.im/
- Re: [certid] representation and verification of i… Simon Josefsson
- Re: [certid] representation and verification of i… Paul Hoffman
- Re: [certid] representation and verification of i… Peter Saint-Andre