Re: [certid] [cabfman] fyi: newly revised version: draft-saintandre-tls-server-id-check
"Jeffrey A. Williams" <jwkckid1@ix.netcom.com> Wed, 20 October 2010 21:16 UTC
Return-Path: <jwkckid1@ix.netcom.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 347F13A680C for <certid@core3.amsl.com>;
Wed, 20 Oct 2010 14:16:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.447
X-Spam-Level:
X-Spam-Status: No, score=0.447 tagged_above=-999 required=5 tests=[AWL=-1.364,
BAYES_50=0.001, FU_ENDS_2_WRDS=0.255, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.097, MIME_HTML_ONLY=1.457]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PDvQcSWC3kAC for
<certid@core3.amsl.com>; Wed, 20 Oct 2010 14:16:08 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net
(elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by core3.amsl.com
(Postfix) with ESMTP id D4F513A681E for <certid@ietf.org>;
Wed, 20 Oct 2010 14:16:07 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com;
b=f7MG3/VWrN4FUABvbydnvKu1BYSGvLZmVUW02E/d5Cyz+RAWAIqUJL6HyR9qHQZ2;
h=Message-ID:Date:From:Reply-To:To:Subject:Cc:Mime-Version:Content-Transfer-Encoding:X-Mailer:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [209.86.224.41] (helo=elwamui-mouette.atl.sa.earthlink.net) by
elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from
<jwkckid1@ix.netcom.com>) id 1P8g2W-0003uY-Cc; Wed, 20 Oct 2010 17:17:40 -0400
Received: from 99.93.224.206 by webmail.earthlink.net with HTTP;
Wed, 20 Oct 2010 17:17:39 -0400
Message-ID: <16547012.1287609460099.JavaMail.root@elwamui-mouette.atl.sa.earthlink.net>
Date: Wed, 20 Oct 2010 16:17:39 -0500 (GMT-05:00)
From: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
To: "Eddy Nigg (StartCom Ltd.)" <eddy_nigg@startcom.org>, "Hodges,
Jeff" <jeff.hodges@paypal-inc.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
Content-Type: text/html; charset=UTF-8
X-ELNK-Trace: c8e3929e1e9c87a874cfc7ce3b1ad11381c87f5e519606887b4729d025e40e695412977339131041350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.41
Cc: certid@ietf.org
Subject: Re: [certid] [cabfman] fyi: newly
revised version: draft-saintandre-tls-server-id-check
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: "Jeffrey A. Williams" <jwkckid1@ix.netcom.com>
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2010 21:16:10 -0000
-----Original Message-----
From: "Eddy Nigg (StartCom Ltd.)"
Sent: Oct 20, 2010 2:46 PM
To: "Hodges, Jeff"
Cc: certid@ietf.org
Subject: Re: [certid] [cabfman] fyi: newly revised version: draft-saintandre-tls-server-id-check
On 10/20/2010 08:28 PM, From Hodges, Jeff:
o Move away from including and checking strings that look like domain names in the subject's Common Name.
I applaud this recommendation since this has never been part of the standard in first place and only was meant as a temporary bridge during moving from x.509 version 2 to version 3.Good point.
o Move away from the issuance of so-called wildcard certificates (e.g., a certificate containing an identifier for "*.example.com").
However I'm not sure why wild cards should be prohibited, since this is perfectly standard compliant. There are valid use-cases for wild cards and in fact some of the biggest companies on the Internet are prevented from using EV certificates exactly because of this prohibition (to use wild cards with EV). I suggest to reconsider this recommendation.
I agree here.
Regards Signer: Eddy Nigg, COO/CTO http://www.startcom.org" target="_blank" rel="nofollow">StartCom Ltd. XMPP: startcom@startcom.org Blog: http://blog.startcom.org" target="_blank" rel="nofollow">Join the Revolution! Twitter: http://twitter.com/eddy_nigg" target="_blank" rel="nofollow">Follow Me
Regards,
Jeffrey A. Williams
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com
Phone: 214-244-4827
- Re: [certid] [cabfman] fyi: newly revised version… Eddy Nigg (StartCom Ltd.)
- Re: [certid] [cabfman] fyi: newly revised version… Jeffrey A. Williams
- Re: [certid] [cabfman] fyi: newly revised version… Peter Saint-Andre
- Re: [certid] [cabfman] fyi: newly revised version… Eddy Nigg (StartCom Ltd.)