Re: [certid] Need to define "most specific RDN"
Ludwig Nussel <ludwig.nussel@suse.de> Fri, 16 July 2010 08:24 UTC
Return-Path: <ludwig.nussel@suse.de>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 83A423A6949 for <certid@core3.amsl.com>;
Fri, 16 Jul 2010 01:24:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.649
X-Spam-Level:
X-Spam-Status: No, score=-103.649 tagged_above=-999 required=5
tests=[BAYES_50=0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4,
USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WjVSeesdff+d for
<certid@core3.amsl.com>; Fri, 16 Jul 2010 01:24:47 -0700 (PDT)
Received: from mx2.suse.de (cantor2.suse.de [195.135.220.15]) by
core3.amsl.com (Postfix) with ESMTP id 8B2723A69A9 for <certid@ietf.org>;
Fri, 16 Jul 2010 01:24:47 -0700 (PDT)
Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.221.2]) by
mx2.suse.de (Postfix) with ESMTP id 4FED88655F for <certid@ietf.org>;
Fri, 16 Jul 2010 10:24:58 +0200 (CEST)
From: Ludwig Nussel <ludwig.nussel@suse.de>
To: certid@ietf.org
Date: Fri, 16 Jul 2010 10:24:52 +0200
User-Agent: KMail/1.13.3 (Linux/2.6.34-9-desktop; KDE/4.4.3; x86_64; ; )
References: <201006301746.o5UHkIsE019133@fs4113.wdf.sap.corp>
<4C3FB02F.3090006@bolyard.me> <4C3FEE41.5050209@velox.ch>
In-Reply-To: <4C3FEE41.5050209@velox.ch>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201007161024.53340.ludwig.nussel@suse.de>
Subject: Re: [certid] Need to define "most specific RDN"
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 08:24:48 -0000
Kaspar Brand wrote: > On 16.07.2010 03:04, Nelson B Bolyard wrote: > > Can you name any browser or other important network client made in the > > last 8 years (since RFC 3280 was published) that does SSL3 and/or TLS > > but doesn't recognize DNS names in SANs? > > "important" is a debatable term, but I'm pretty sure that as soon as you > leave the browser camp, you'll encounter quite a few... I didn't have to > search for a long time, actually: take wget as an example. Well, I got the impression that clients using openssl are generally in a bad shape. The complicated low level API, sparse docu and insecure defaults create many pitfalls for the newcomer. I hope that with the new RFC a common library that does the server id checks could be developed though. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
- [certid] Need to define "most specific RDN" Paul Hoffman
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Need to define "most specific RDN" Bruno Harbulot
- Re: [certid] Need to define "most specific RDN" Paul Hoffman
- Re: [certid] Need to define "most specific RDN" Peter Sylvester
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Kurt Zeilenga
- Re: [certid] Need to define "most specific RDN" Peter Sylvester
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Need to define "most specific RDN" Martin Rex
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Need to define "most specific RDN" Love Hörnquist Åstrand
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Need to define "most specific RDN" =JeffH
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Ludwig Nussel
- Re: [certid] Need to define "most specific RDN" Peter Sylvester
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Paul Hoffman
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Nelson B Bolyard
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Martin Rex
- Re: [certid] Need to define "most specific RDN" Nelson B Bolyard
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Ludwig Nussel
- Re: [certid] Need to define "most specific RDN" Nelson B Bolyard
- Re: [certid] Need to define "most specific RDN" Paul Tiemann
- Re: [certid] Need to define "most specific RDN" Martin Rex
- Re: [certid] Need to define "most specific RDN" Nelson B Bolyard
- Re: [certid] Need to define "most specific RDN" Kaspar Brand
- Re: [certid] Need to define "most specific RDN" Martin Rex
- Re: [certid] Need to define "most specific RDN" Martin Rex
- Re: [certid] Need to define "most specific RDN" Shumon Huque
- Re: [certid] Need to define "most specific RDN" Martin Rex
- Re: [certid] Need to define "most specific RDN" Shumon Huque
- Re: [certid] Need to define "most specific RDN" Peter Sylvester
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Need to define "most specific RDN" Peter Saint-Andre
- Re: [certid] Name constraints and legacy clients Matt McCutchen
- Re: [certid] Name constraints and legacy clients Matt McCutchen
- Re: [certid] Name constraints and legacy clients Paul Tiemann