Re: [certid] open issue: iPAddress
Michael Ströder <michael@stroeder.com> Mon, 19 April 2010 08:37 UTC
Return-Path: <michael@stroeder.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 5A7923A68E4 for <certid@core3.amsl.com>;
Mon, 19 Apr 2010 01:37:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.323
X-Spam-Level:
X-Spam-Status: No, score=0.323 tagged_above=-999 required=5 tests=[AWL=0.022,
BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvleRPukEksa for
<certid@core3.amsl.com>; Mon, 19 Apr 2010 01:37:57 -0700 (PDT)
Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) by
core3.amsl.com (Postfix) with ESMTP id 1FE3A3A68C3 for <certid@ietf.org>;
Mon, 19 Apr 2010 01:37:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by srv1.stroeder.com
(Postfix) with ESMTP id 159934E0E8 for <certid@ietf.org>;
Mon, 19 Apr 2010 10:37:47 +0200 (CEST)
X-Virus-Scanned: amavisd-new at stroeder.com
Received: from srv1.stroeder.com ([127.0.0.1]) by localhost (srv1.stroeder.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SddSwk5isZUe for
<certid@ietf.org>; Mon, 19 Apr 2010 10:37:45 +0200 (CEST)
Received: from [10.1.0.2] (unknown [10.1.0.2]) by srv1.stroeder.com (Postfix)
with ESMTP id 646A74E0DA for <certid@ietf.org>;
Mon, 19 Apr 2010 10:37:41 +0200 (CEST)
Message-ID: <4BCBEF46.5030306@stroeder.com>
Date: Mon, 19 Apr 2010 07:51:02 +0200
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <michael@stroeder.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 SeaMonkey/2.0.4
MIME-Version: 1.0
To: certid@ietf.org
References: <201003231544.05651.ludwig.nussel@suse.de> <4BB3C21E.90502@stpeter.im> <201004091443.52205.ludwig.nussel@suse.de>
<4BBF5868.2070202@stpeter.im>
In-Reply-To: <4BBF5868.2070202@stpeter.im>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] open issue: iPAddress
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 08:37:58 -0000
Peter Saint-Andre wrote: > I'd like more feedback on this issue. I'm open to adding text about > iPAddress because Ludwig is probably right that certificates (e.g., > certs issued by private CAs) sometimes include iPAddress, but on the > other hand I've never seen a public CA do that. I would not distinguish between whether certs are issued by a "public" or "private" CA at all because the distinction is somewhat blurry and it won't help deciding on whether to add something to the draft or not. Personally I'd like to see guidance about iPAddress and the order of checking iPAddress and dNSName (or CN) in the document. Ciao, Michael.
- [certid] CN fallback Ludwig Nussel
- Re: [certid] CN fallback Peter Saint-Andre
- Re: [certid] CN fallback Alexey Melnikov
- Re: [certid] CN fallback Scott Cantor
- Re: [certid] CN fallback Alexey Melnikov
- Re: [certid] CN fallback Scott Cantor
- Re: [certid] CN fallback RL 'Bob' Morgan
- Re: [certid] CN fallback Scott Cantor
- Re: [certid] CN fallback Ludwig Nussel
- [certid] open issue: iPAddress Peter Saint-Andre
- Re: [certid] CN fallback Michael Ströder
- Re: [certid] open issue: iPAddress Michael Ströder
- Re: [certid] CN fallback Michael Ströder