IETF Logo Mail Archive

Re: [certid] Domain Components

Michael Ströder <michael@stroeder.com> Mon, 21 June 2010 17:52 UTC

Return-Path: <michael@stroeder.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C7CF83A6AAA for <certid@core3.amsl.com>; Mon, 21 Jun 2010 10:52:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.023
X-Spam-Level:
X-Spam-Status: No, score=0.023 tagged_above=-999 required=5 tests=[AWL=-0.278, BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NcZYlpV45g3m for <certid@core3.amsl.com>; Mon, 21 Jun 2010 10:52:52 -0700 (PDT)
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) by core3.amsl.com (Postfix) with ESMTP id DEAB13A6805 for <certid@ietf.org>; Mon, 21 Jun 2010 10:52:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by srv1.stroeder.com (Postfix) with ESMTP id A387A4E104; Mon, 21 Jun 2010 19:52:53 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1]) by localhost (srv1.stroeder.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unUh6uBcMyAh; Mon, 21 Jun 2010 19:52:51 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2]) by srv1.stroeder.com (Postfix) with ESMTP id 6095B4E103; Mon, 21 Jun 2010 19:52:49 +0200 (CEST)
Message-ID: <4C1FA6F0.1040001@stroeder.com>
Date: Mon, 21 Jun 2010 19:52:48 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100504 Lightning/1.0b1 SeaMonkey/2.0.5
MIME-Version: 1.0
To: Paul Hoffman <phoffman@imc.org>
References: <4C12A27D.3070308@stpeter.im> <p0624086ac8386db66483@[10.20.30.158]> <4C1CA2B8.9080103@isode.com> <p0624082ac8427d3d733f@[10.20.30.158]> <4C1CD30B.4090200@isode.com> <4C1CD73B.6000602@stroeder.com> <p0624082ec8428aeca84e@[10.20.30.158]>
In-Reply-To: <p0624082ec8428aeca84e@[10.20.30.158]>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: IETF cert-based identity <certid@ietf.org>
Subject: Re: [certid] Domain Components
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2010 17:52:52 -0000

Paul Hoffman wrote:
> At 4:42 PM +0200 6/19/10, Michael Ströder wrote:
>> Alexey Melnikov wrote:
>>> Paul Hoffman wrote:
>>>> No, I'm saying that the order in which you are supposed to take the
>>>> DCs has historically been unclear. "Most significant" means different
>>>> things to different people.
>>>>
>>> I probably sound like a broken record, but the order is very clear for
>>> LDAP. I don't see why is this going to be different for X.509 certificates.
>>
>> Yes, I concur RFC 2247 is pretty clear and is meant to be applied to X.500
>> names as well.
> 
> ...and you think that all (or even typical) PKIX implementers read either
> of those documents?

Some of them do.

If you dig in mailing list archives you will find that I know enough about
deficiencies of real-world software. And I tracked down quite a few bugs in
software of "major" PKI vendors some of them related to DN (string) handling.

But what does that tell us? To give up writing or referencing RFCs?

Ciao, Michael.

v2.8.7 | Report a Bug | By Email