Re: [certid] [Spam] Re: URI match
"Erik Andersen" <era@x500.eu> Thu, 01 April 2010 09:40 UTC
Return-Path: <era@x500.eu>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 12E9E3A67E7 for <certid@core3.amsl.com>;
Thu, 1 Apr 2010 02:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.14
X-Spam-Level: **
X-Spam-Status: No,
score=2.14 tagged_above=-999 required=5 tests=[BAYES_50=0.001,
DNS_FROM_OPENWHOIS=1.13, HELO_EQ_DK=1.009]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xxGYJQTvqJyg for
<certid@core3.amsl.com>; Thu, 1 Apr 2010 02:40:12 -0700 (PDT)
Received: from mail01.dandomain.dk (mail01.dandomain.dk [194.150.112.201]) by
core3.amsl.com (Postfix) with ESMTP id 340853A6811 for <certid@ietf.org>;
Thu, 1 Apr 2010 02:40:03 -0700 (PDT)
Received: from Morten ([94.191.249.166]) by mail01.dandomain.dk (DanDomain
Mailserver) with ASMTP id JNP17532; Thu, 01 Apr 2010 11:40:32 +0200
From: "Erik Andersen" <era@x500.eu>
To: <certid@ietf.org>, "Directory list" <x500standard@freelists.org>
References: <201003231500.05187.ludwig.nussel@suse.de> <4BB3C8D6.5030402@stpeter.im>
<022c01cad12c$747102d0$5d530870$@2@osu.edu>
In-Reply-To: <022c01cad12c$747102d0$5d530870$@2@osu.edu>
Date: Thu, 1 Apr 2010 11:40:27 +0200
Message-ID: <002401cad17f$60048080$200d8180$@eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-index: AcrRH0oMYdKldPf1R0GoZtGAtcH9KAADLOagABS1oqA=
Content-language: da
Subject: Re: [certid] [Spam] Re: URI match
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2010 09:40:14 -0000
It seems that there is general requirement for URI matching. URIs are not only used in subjectAltName, but are used in X.500 in general, i.e., for RFID support. Defining uniformResourceIdentifier as just an IA5String may also be a simplification. Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@x500.eu Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ -----Oprindelig meddelelse----- Fra: certid-bounces@ietf.org [mailto:certid-bounces@ietf.org] På vegne af Scott Cantor Sendt: 1. april 2010 01:47 Til: certid@ietf.org Emne: [Spam] Re: [certid] URI match >> So, without defining further constraints an URI in subjAltnames is >> rather useless, isn't it? > > No, because we're trying to be inclusive regarding SANs at this point, > and SIP certificates (as one example) prefer uniformResourceIdentifier. > > However, I will work to clean this up some more in -04. Somewhat paraphrasing a question that I think was asked at the app area open meeting last week, is it the intention to encourage new protocols/services that adopt/reference this proposal to favor matching based on URIs where possible or appropriate? That's something I'm in favor of, and I think worrying about what users think they're connecting to is really beside the point; users don't get this stuff. Our software is supposed to do the right things for them so that they don't have to. -- Scott _______________________________________________ certid mailing list certid@ietf.org https://www.ietf.org/mailman/listinfo/certid
- [certid] URI match Ludwig Nussel
- Re: [certid] URI match Bruno Harbulot
- Re: [certid] URI match Peter Saint-Andre
- Re: [certid] URI match Scott Cantor
- Re: [certid] [Spam] Re: URI match Erik Andersen
- Re: [certid] [Spam] Re: URI match Scott Cantor
- Re: [certid] URI match Shumon Huque
- Re: [certid] [Spam] Re: URI match Shumon Huque
- Re: [certid] [Spam] Re: URI match Peter Saint-Andre
- Re: [certid] [Spam] Re: URI match Shumon Huque