IETF Logo Mail Archive

Re: [certid] Comments on draft-saintandre-tls-server-id-check-04

Peter Sylvester <peter.sylvester@edelweb.fr> Fri, 04 June 2010 09:36 UTC

Return-Path: <peter.sylvester@edelweb.fr>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40F013A6964 for <certid@core3.amsl.com>; Fri, 4 Jun 2010 02:36:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.451
X-Spam-Level:
X-Spam-Status: No, score=0.451 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMBW4mhXacPj for <certid@core3.amsl.com>; Fri, 4 Jun 2010 02:36:43 -0700 (PDT)
Received: from ganymede.on-x.com (ganymede.on-x.com [92.103.215.11]) by core3.amsl.com (Postfix) with ESMTP id B4B2A3A6863 for <certid@ietf.org>; Fri, 4 Jun 2010 02:36:42 -0700 (PDT)
Received: from varuna.puteaux.on-x (varuna.puteaux.on-x [192.168.10.6]) by ganymede.on-x.com (Postfix) with ESMTP id 5097188 for <certid@ietf.org>; Fri, 4 Jun 2010 11:35:41 +0200 (CEST)
Received: from smtps.on-x.com (mintaka.puteaux.on-x [192.168.14.11]) by varuna.puteaux.on-x (Postfix) with ESMTP id 3623D1707B for <certid@ietf.org>; Fri, 4 Jun 2010 11:35:41 +0200 (CEST)
Received: from [192.168.0.31] (gut75-3-82-227-163-182.fbx.proxad.net [82.227.163.182]) by smtps.on-x.com (Postfix) with ESMTP id 3503A77D8 for <certid@ietf.org>; Fri, 4 Jun 2010 11:35:41 +0200 (CEST)
Message-ID: <4C08C8EC.1050200@edelweb.fr>
Date: Fri, 04 Jun 2010 11:35:40 +0200
From: Peter Sylvester <peter.sylvester@edelweb.fr>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
References: <201005311518.o4VFIHAw022209@fs4113.wdf.sap.corp> <4C08244D.9010809@bolyard.me>
In-Reply-To: <4C08244D.9010809@bolyard.me>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] Comments on draft-saintandre-tls-server-id-check-04
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jun 2010 09:36:44 -0000

> The phrease "the (most specific) Common Name field in the subject field"
> is not plural.  There is at most one Common Name attribute in the name
> that is *the* most specific one.  The words "most specific" refer to its
> position in the list of RDNs, which are arranged (as encoded in the
> certificate Name field) from most general (first) to most specific
> (last).  So, the most specific Common Name is the last of the Common
> Name attributes in the sequence of RDNs, as encoded in the certificate.
>    
You can have two AVAs of the same type in the on RDN, i.e.
two common names in the same RDN. There the interpretation
of most-significant is not clear.

There term of 2818 itself is wrong, there is no such thing
a 'Common Name field'.

If one puts no more than one AVA of type CN into an
RDN, and only one of such RDN, the result is ok.
The "(most specific)" is a kind of hint not to put more
than one unless you want to attack like a \0 :-)

/P

PS: I "like" the *.ietf.org cert use by the server  'ietf.org'  :-)

v2.8.7 | Report a Bug | By Email