IETF Logo Mail Archive

[certid] version -04 of CertID draft

Peter Saint-Andre <stpeter@stpeter.im> Fri, 30 April 2010 18:22 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 856913A6BBC for <certid@core3.amsl.com>; Fri, 30 Apr 2010 11:22:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.046
X-Spam-Level:
X-Spam-Status: No, score=-1.046 tagged_above=-999 required=5 tests=[AWL=-1.047, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffUJSG9BSZCt for <certid@core3.amsl.com>; Fri, 30 Apr 2010 11:22:33 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id CDE4A28C28A for <certid@ietf.org>; Fri, 30 Apr 2010 11:20:48 -0700 (PDT)
Received: from dhcp-64-101-72-158.cisco.com (dhcp-64-101-72-158.cisco.com [64.101.72.158]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id AFF2F40E16 for <certid@ietf.org>; Fri, 30 Apr 2010 12:20:34 -0600 (MDT)
Message-ID: <4BDB1F71.2050207@stpeter.im>
Date: Fri, 30 Apr 2010 12:20:33 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms020906030809050505090403"
Subject: [certid] version -04 of CertID draft
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 18:22:35 -0000

Jeff and I would like to apologize for the delay in publishing an
updated version of draft-saintandre-tls-server-id-check, which we have
just posted:

http://www.ietf.org/id/draft-saintandre-tls-server-id-check-04.txt

However, we have been hard at work and we think that version -04 is much
improved because it clears up a number of matters that were ambiguous in
previous versions. In particular:

1. We have replaced the vague notion of a "reference identity" with the
more precise concept of an ordered list of reference identifiers, which
can be directly matched against the presented identifiers from the
server certificate (where "identifiers" are things like dNSName,
SRVName, and uniformResourceIdentifier).

2. We have explained more clearly the assumptions behind this work,
including the concept of an application server.

3. We have tightened up the matching process and comparison rules with
regard to both DNS domain names and service types.

4. We have more clearly explained certificate subjectNames, DNs, RDNs,
CNs, etc.

Although open issues remain (e.g., we need to move clearly describe the
threat model), the -04 version is a major revision of the spec and we
expect the diffs going forward to be much smaller. We will now actively
seek out feedback from certification authorities, application
developers, and service operators, then work quickly to close any
remaining open issues. Our goal is to deliver this specification to the
IESG by the end of June at the latest so that we don't hold up
advancement of specs that depend on this one (draft-daboo-srv-email,
draft-ietf-xmpp-rfc3920bis, etc.).

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.23.0 | Report a Bug | By Email