IETF Logo Mail Archive

Re: [certid] version -11

Peter Saint-Andre <stpeter@stpeter.im> Mon, 29 November 2010 23:23 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D2C113A6BCF for <certid@core3.amsl.com>; Mon, 29 Nov 2010 15:23:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.449
X-Spam-Level:
X-Spam-Status: No, score=-102.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j5+EI59W7TXI for <certid@core3.amsl.com>; Mon, 29 Nov 2010 15:23:02 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id ACC553A6BCD for <certid@ietf.org>; Mon, 29 Nov 2010 15:23:01 -0800 (PST)
Received: from dhcp-64-101-72-234.cisco.com (dhcp-64-101-72-234.cisco.com [64.101.72.234]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 3295D4009B; Mon, 29 Nov 2010 16:35:16 -0700 (MST)
Message-ID: <4CF4361A.8010802@stpeter.im>
Date: Mon, 29 Nov 2010 16:24:10 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <4CF0ABD4.3030300@KingsMountain.com> <p06240802c916d999b48f@[10.20.30.249]>
In-Reply-To: <p06240802c916d999b48f@[10.20.30.249]>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms070904070702040908040509"
Cc: IETF cert-based identity <certid@ietf.org>, =JeffH <Jeff.Hodges@KingsMountain.com>
Subject: Re: [certid] version -11
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2010 23:23:06 -0000

On 11/27/10 8:52 AM, Paul Hoffman wrote:
> At 10:57 PM -0800 11/26/10, =JeffH wrote:
>> Thanks for the prompt review :)
>>
>>> - The sentence that was added to 2.3 beginning with "However..." needs clarification.
>>> Current:
>>>    However, the Common Name might contain a human-readable string for
>>>    the service, rather than a string whose form matches that of a fully-
>>>    qualified DNS domain name:
>>>
>>> Proposed:
>>>    However, the Common Name might contain a human-readable string for
>>>    the service, rather than a string whose form matches that of a fully-
>>>    qualified DNS domain name, and a certificate with such a Common Name
>>>    SHOULD have a subjectAltName that contains the fully-qualified domain
>>>    name:
>>
>> Nominally agree.
>>
>> Those sections (2.*) are effectively a non-normative, so perhaps the "SHOULD" ought to be "will typically".
> 
> Ah, I had missed that. "will typically" works for me.

In our working copy I now have:

   However, the Common Name might contain a human-readable string for
   the service, rather than a string whose form matches that of a fully-
   qualified DNS domain name (a certificate with such a Common Name will
   typically have at least one subjectAltName entry that contains the
   fully-qualified domain name):

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.8.7 | Report a Bug | By Email