Re: [certid] CN-ID and name constraints
"Carl Wallace" <CWallace@cygnacom.com> Thu, 30 September 2010 19:56 UTC
Return-Path: <CWallace@cygnacom.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 562523A6E67 for <certid@core3.amsl.com>;
Thu, 30 Sep 2010 12:56:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.517
X-Spam-Level:
X-Spam-Status: No, score=-6.517 tagged_above=-999 required=5 tests=[AWL=0.082,
BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L7o2wjBTPKjg for
<certid@core3.amsl.com>; Thu, 30 Sep 2010 12:55:59 -0700 (PDT)
Received: from mail73.messagelabs.com (mail73.messagelabs.com
[216.82.249.243]) by core3.amsl.com (Postfix) with SMTP id C4CC93A6E4A for
<certid@ietf.org>; Thu, 30 Sep 2010 12:55:58 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: CWallace@cygnacom.com
X-Msg-Ref: server-13.tower-73.messagelabs.com!1285876600!96074785!2
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [65.242.48.17]
Received: (qmail 1880 invoked from network); 30 Sep 2010 19:56:44 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (65.242.48.17) by
server-13.tower-73.messagelabs.com with SMTP; 30 Sep 2010 19:56:44 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Thu, 30 Sep 2010 15:52:52 -0400
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D480112C82E@scygexch1.cygnacom.com>
In-Reply-To: <00a201cb60d9$972bc930$c5835b90$@augustcellars.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [certid] CN-ID and name constraints
Thread-Index: AQE5mp2IHf/sQTeACWXye7dK1f19xwGNyQZRAom+LdwCIxKAuwF2kqUGlBD0PxD///53EA==
References: <201009250309.o8P39Sc7016343@fs4113.wdf.sap.corp> <1285450341.1940.79.camel@mattlaptop2.local><4CA3B1B0.2040106@stpeter.im><006901cb6024$97c85990$c7590cb0$@augustcellars.com><4CA4E4D6.2020209@stpeter.im>
<00a201cb60d9$972bc930$c5835b90$@augustcellars.com>
From: "Carl Wallace" <CWallace@cygnacom.com>
To: "Jim Schaad" <ietf@augustcellars.com>,
"Peter Saint-Andre" <stpeter@stpeter.im>
Cc: certid@ietf.org
Subject: Re: [certid] CN-ID and name constraints
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2010 19:56:01 -0000
> -----Original Message----- > From: certid-bounces@ietf.org [mailto:certid-bounces@ietf.org] On > Behalf Of Jim Schaad > Sent: Thursday, September 30, 2010 3:57 PM > To: 'Peter Saint-Andre' > Cc: certid@ietf.org > Subject: Re: [certid] CN-ID and name constraints > > I would consider this to be an application specific behavior and not > part of the general validity processing that would be part of 5280. If > it was to happen anyplace I think this is where it should be > recommended. As a means of enabling this type of processing, RFC 5280 could be amended to output name constraints state similar to the way policy state is output now.
- [certid] Fwd: Review of draft-saintandre-tls-serv… Paul Hoffman
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Bernard Aboba
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… James Schaad
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Paul Hoffman
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Richard L. Barnes
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Martin Rex
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] [TLS] Review of draft-saintandre-tls… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] [TLS] Review of draft-saintandre-tls… James Schaad
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Stefan Santesson
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Shumon Huque
- Re: [certid] Review of draft-saintandre-tls-serve… Dave Cridland
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- Re: [certid] Review of draft-saintandre-tls-serve… Peter Saint-Andre
- [certid] Why require EKU for certid? Paul Hoffman
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] [TLS] Why require EKU for certid? Jim Schaad
- Re: [certid] Why require EKU for certid? Martin Rex
- Re: [certid] Why require EKU for certid? Henry B. Hotz
- [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] CN-ID and name constraints Martin Rex
- Re: [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] CN-ID and name constraints Martin Rex
- Re: [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] CN-ID and name constraints (oops) Matt McCutchen
- Re: [certid] CN-ID and name constraints Matt McCutchen
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Jim Schaad
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] Why require EKU for certid? Paul Hoffman
- Re: [certid] Why require EKU for certid? Stefan Santesson
- Re: [certid] Why require EKU for certid? Paul Hoffman
- Re: [certid] Why require EKU for certid? Martin Rex
- Re: [certid] Why require EKU for certid? Stefan Santesson
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] Why require EKU for certid? Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Peter Saint-Andre
- Re: [certid] CN-ID and name constraints Jim Schaad
- Re: [certid] CN-ID and name constraints Carl Wallace