Re: [certid] representation and verification of identity in certificates
Simon Josefsson <simon@josefsson.org> Wed, 10 March 2010 08:29 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id E54A93A6B30 for <certid@core3.amsl.com>;
Wed, 10 Mar 2010 00:29:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.657
X-Spam-Level:
X-Spam-Status: No, score=-2.657 tagged_above=-999 required=5 tests=[AWL=-0.058,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 63aFuyk0VMg4 for
<certid@core3.amsl.com>; Wed, 10 Mar 2010 00:29:16 -0800 (PST)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [83.241.177.39]) by
core3.amsl.com (Postfix) with ESMTP id D3D003A65A6 for <certid@ietf.org>;
Wed, 10 Mar 2010 00:29:12 -0800 (PST)
Received: from mocca (c80-216-24-99.bredband.comhem.se [80.216.24.99])
(authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1)
with ESMTP id o2A8TDvI027961 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA
bits=128 verify=NOT) for <certid@ietf.org>; Wed, 10 Mar 2010 09:29:15 +0100
X-Hashcash: 1:22:100310:certid@ietf.org::lJuMdaalAf8y82pG:1KuK
From: Simon Josefsson <simon@josefsson.org>
To: certid@ietf.org
References: <4B969728.3090907@stpeter.im>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:100310:pkix@ietf.org::6cavMDLHHuR5vpfP:18pL
X-Hashcash: 1:22:100310:stpeter@stpeter.im::wBn/xe51mCd5+5ww:1TU4
X-Hashcash: 1:22:100310:tls@ietf.org::LqCp2NvvHcUIucsu:6Bcu
X-Hashcash: 1:22:100310:saag@ietf.org::Ao6UHRCKmd+Q+yFc:7wGd
X-Hashcash: 1:22:100310:apps-discuss@ietf.org::F22/hip8DfV2Iy5L:/83n
Date: Wed, 10 Mar 2010 09:29:13 +0100
In-Reply-To: <4B969728.3090907@stpeter.im> (Peter Saint-Andre's message of
"Tue, 09 Mar 2010 11:44:56 -0700")
Message-ID: <87d3zclgva.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: clamav-milter 0.95.3 at yxa-v
X-Virus-Status: Clean
Subject: Re: [certid] representation and verification of identity in
certificates
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2010 08:29:17 -0000
Peter Saint-Andre <stpeter@stpeter.im> writes: > A small, informal design team has been working on an I-D that attempts > to define recommended procedures for representing and verifying server > identities in X.509 certificates intended for use in applications that > employ TLS. We have just published version -03 of that I-D: > > http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-03 Thanks for this document, it is useful. Did you consider discussing name check rules for OpenPGP based certificate validation as well? That is currently an underspecified area, and GnuTLS had to just pick one reasonable algorithm here. If this is not in scope, I think it would help to clarify the scope of your document if the term 'X.509' was mentioned in the abstract and in section '1.2 Scope'. /Simon
- Re: [certid] representation and verification of i… Simon Josefsson
- Re: [certid] representation and verification of i… Paul Hoffman
- Re: [certid] representation and verification of i… Peter Saint-Andre