[certid] version -04 of CertID draft
Peter Saint-Andre <stpeter@stpeter.im> Fri, 30 April 2010 18:22 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 856913A6BBC for <certid@core3.amsl.com>; Fri, 30 Apr 2010 11:22:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.046
X-Spam-Level:
X-Spam-Status: No, score=-1.046 tagged_above=-999 required=5 tests=[AWL=-1.047, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffUJSG9BSZCt for <certid@core3.amsl.com>; Fri, 30 Apr 2010 11:22:33 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id CDE4A28C28A for <certid@ietf.org>; Fri, 30 Apr 2010 11:20:48 -0700 (PDT)
Received: from dhcp-64-101-72-158.cisco.com (dhcp-64-101-72-158.cisco.com [64.101.72.158]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id AFF2F40E16 for <certid@ietf.org>; Fri, 30 Apr 2010 12:20:34 -0600 (MDT)
Message-ID: <4BDB1F71.2050207@stpeter.im>
Date: Fri, 30 Apr 2010 12:20:33 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms020906030809050505090403"
Subject: [certid] version -04 of CertID draft
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 18:22:35 -0000
Jeff and I would like to apologize for the delay in publishing an updated version of draft-saintandre-tls-server-id-check, which we have just posted: http://www.ietf.org/id/draft-saintandre-tls-server-id-check-04.txt However, we have been hard at work and we think that version -04 is much improved because it clears up a number of matters that were ambiguous in previous versions. In particular: 1. We have replaced the vague notion of a "reference identity" with the more precise concept of an ordered list of reference identifiers, which can be directly matched against the presented identifiers from the server certificate (where "identifiers" are things like dNSName, SRVName, and uniformResourceIdentifier). 2. We have explained more clearly the assumptions behind this work, including the concept of an application server. 3. We have tightened up the matching process and comparison rules with regard to both DNS domain names and service types. 4. We have more clearly explained certificate subjectNames, DNs, RDNs, CNs, etc. Although open issues remain (e.g., we need to move clearly describe the threat model), the -04 version is a major revision of the spec and we expect the diffs going forward to be much smaller. We will now actively seek out feedback from certification authorities, application developers, and service operators, then work quickly to close any remaining open issues. Our goal is to deliver this specification to the IESG by the end of June at the latest so that we don't hold up advancement of specs that depend on this one (draft-daboo-srv-email, draft-ietf-xmpp-rfc3920bis, etc.). Peter -- Peter Saint-Andre https://stpeter.im/
- [certid] version -04 of CertID draft Peter Saint-Andre
- Re: [certid] version -04 of CertID draft Kaspar Brand
- Re: [certid] version -04 of CertID draft ArkanoiD
- Re: [certid] version -04 of CertID draft Peter Saint-Andre