Re: [certid] CN fallback
"Scott Cantor" <cantor.2@osu.edu> Mon, 05 April 2010 23:27 UTC
Return-Path: <cantor.2@osu.edu>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 150EB3A67B1 for <certid@core3.amsl.com>;
Mon, 5 Apr 2010 16:27:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.45
X-Spam-Level: *
X-Spam-Status: No,
score=1.45 tagged_above=-999 required=5 tests=[BAYES_50=0.001,
MSGID_MULTIPLE_AT=1.449]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2sM7cBiOHKL for
<certid@core3.amsl.com>; Mon, 5 Apr 2010 16:27:00 -0700 (PDT)
Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com
[71.74.56.122]) by core3.amsl.com (Postfix) with ESMTP id 9569B3A66B4 for
<certid@ietf.org>; Mon, 5 Apr 2010 16:26:56 -0700 (PDT)
X-Authority-Analysis: v=1.1 cv=HGzZEZllc7l+rGriDeLGo6RTzaxOKII9nWt1C4P+aSw=
c=1 sm=0 a=kj9zAlcOel0A:10 a=/Wh0N9815gtYTLoiNwER9g==:17
a=11aZisT8mu2pkpufOPIA:9 a=rCt-88JYvzid0dMs_ylyLRwNblAA:4 a=CjuIK1q_8ugA:10
a=/Wh0N9815gtYTLoiNwER9g==:117
X-Cloudmark-Score: 0
X-Originating-IP: 24.210.116.83
Received: from [24.210.116.83] ([24.210.116.83:7729] helo=SNOWDOG) by
hrndva-oedge01.mail.rr.com (envelope-from <cantor.2@osu.edu>) (ecelerity
2.2.2.39 r()) with ESMTP id A1/D2-20570-DB17ABB4;
Mon, 05 Apr 2010 23:26:54 +0000
From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Alexey Melnikov'" <alexey.melnikov@isode.com>,
"'Peter Saint-Andre'" <stpeter@stpeter.im>
References: <201003231544.05651.ludwig.nussel@suse.de>
<4BB3C21E.90502@stpeter.im> <4BBA5673.7020403@isode.com>
In-Reply-To: <4BBA5673.7020403@isode.com>
Date: Mon, 5 Apr 2010 19:27:01 -0400
Organization: The Ohio State University
Message-ID: <00d401cad517$7ee680c0$7cb38240$@2@osu.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcrVB0TYA4kKGCjlTJ+aW+n++iF8hwAD+lZg
Content-Language: en-us
Cc: certid@ietf.org
Subject: Re: [certid] CN fallback
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2010 23:27:01 -0000
>> or to remove it entirely, because I don't think it's >> a best current practice for secure authentication. >> > Personally, I don't think removing it is going to be a service to the > community, because this is the current practice, even if it is not the > best one. Since nothing's referencing this specification yet anyway, why not outline what people should do, rather than what they are doing? A previous note mentioned the fact that DNs are hierarchical paths into a directory. This, of course, is not true; X.500 does not exist as a global/going concern, so DNs are in fact misleading in this context. Let's stop pretending otherwise. -- Scott
- [certid] CN fallback Ludwig Nussel
- Re: [certid] CN fallback Peter Saint-Andre
- Re: [certid] CN fallback Alexey Melnikov
- Re: [certid] CN fallback Scott Cantor
- Re: [certid] CN fallback Alexey Melnikov
- Re: [certid] CN fallback Scott Cantor
- Re: [certid] CN fallback RL 'Bob' Morgan
- Re: [certid] CN fallback Scott Cantor
- Re: [certid] CN fallback Ludwig Nussel
- [certid] open issue: iPAddress Peter Saint-Andre
- Re: [certid] CN fallback Michael Ströder
- Re: [certid] open issue: iPAddress Michael Ströder
- Re: [certid] CN fallback Michael Ströder