IETF Logo Mail Archive

Re: [certid] [Spam] Re: URI match

"Erik Andersen" <era@x500.eu> Thu, 01 April 2010 09:40 UTC

Return-Path: <era@x500.eu>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 12E9E3A67E7 for <certid@core3.amsl.com>; Thu, 1 Apr 2010 02:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.14
X-Spam-Level: **
X-Spam-Status: No, score=2.14 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_DK=1.009]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xxGYJQTvqJyg for <certid@core3.amsl.com>; Thu, 1 Apr 2010 02:40:12 -0700 (PDT)
Received: from mail01.dandomain.dk (mail01.dandomain.dk [194.150.112.201]) by core3.amsl.com (Postfix) with ESMTP id 340853A6811 for <certid@ietf.org>; Thu, 1 Apr 2010 02:40:03 -0700 (PDT)
Received: from Morten ([94.191.249.166]) by mail01.dandomain.dk (DanDomain Mailserver) with ASMTP id JNP17532; Thu, 01 Apr 2010 11:40:32 +0200
From: "Erik Andersen" <era@x500.eu>
To: <certid@ietf.org>, "Directory list" <x500standard@freelists.org>
References: <201003231500.05187.ludwig.nussel@suse.de> <4BB3C8D6.5030402@stpeter.im> <022c01cad12c$747102d0$5d530870$@2@osu.edu>
In-Reply-To: <022c01cad12c$747102d0$5d530870$@2@osu.edu>
Date: Thu, 1 Apr 2010 11:40:27 +0200
Message-ID: <002401cad17f$60048080$200d8180$@eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-index: AcrRH0oMYdKldPf1R0GoZtGAtcH9KAADLOagABS1oqA=
Content-language: da
Subject: Re: [certid] [Spam] Re: URI match
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2010 09:40:14 -0000

It seems that there is general requirement for URI matching. URIs are not
only used in subjectAltName, but are used in X.500 in general, i.e., for
RFID support. Defining uniformResourceIdentifier as just an IA5String may
also be a simplification.

Erik Andersen
Andersen's L-Service
Elsevej 48,
DK-3500 Vaerloese
Denmark
Mobile: +45 2097 1490
e-amail: era@x500.eu
Skype: andersen-erik
http://www.x500.eu/
http://www.x500standard.com/

-----Oprindelig meddelelse-----
Fra: certid-bounces@ietf.org [mailto:certid-bounces@ietf.org] På vegne af
Scott Cantor
Sendt: 1. april 2010 01:47
Til: certid@ietf.org
Emne: [Spam] Re: [certid] URI match

>> So, without defining further constraints an URI in subjAltnames is
>> rather useless, isn't it?
> 
> No, because we're trying to be inclusive regarding SANs at this point,
> and SIP certificates (as one example) prefer uniformResourceIdentifier.
> 
> However, I will work to clean this up some more in -04.

Somewhat paraphrasing a question that I think was asked at the app area open
meeting last week, is it the intention to encourage new protocols/services
that adopt/reference this proposal to favor matching based on URIs where
possible or appropriate?

That's something I'm in favor of, and I think worrying about what users
think they're connecting to is really beside the point; users don't get this
stuff. Our software is supposed to do the right things for them so that they
don't have to.

-- Scott


_______________________________________________
certid mailing list
certid@ietf.org
https://www.ietf.org/mailman/listinfo/certid

v2.8.7 | Report a Bug | By Email