IETF Logo Mail Archive

Re: [certid] Review of draft-saintandre-tls-server-id-check

"Bernard Aboba" <bernard_aboba@hotmail.com> Wed, 08 September 2010 22:29 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7052E3A6991; Wed, 8 Sep 2010 15:29:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.736
X-Spam-Level:
X-Spam-Status: No, score=-101.736 tagged_above=-999 required=5 tests=[AWL=0.863, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yin-jEbLrDqL; Wed, 8 Sep 2010 15:29:05 -0700 (PDT)
Received: from blu0-omc2-s20.blu0.hotmail.com (blu0-omc2-s20.blu0.hotmail.com [65.55.111.95]) by core3.amsl.com (Postfix) with ESMTP id 74FE83A682E; Wed, 8 Sep 2010 15:29:05 -0700 (PDT)
Received: from BLU137-DS12 ([65.55.111.73]) by blu0-omc2-s20.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 8 Sep 2010 15:29:33 -0700
X-Originating-IP: [131.107.0.117]
X-Originating-Email: [bernard_aboba@hotmail.com]
Message-ID: <BLU137-DS1284A1A426BD21260B97DD93720@phx.gbl>
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
To: "'Peter Saint-Andre'" <stpeter@stpeter.im>, "'t.petch'" <daedulus@btconnect.com>
References: <BLU137-W32189ED2D1B0FDFCBF639F93840@phx.gbl>, <00c301cb4dcc$f7be44a0$4001a8c0@gateway.2wire.net> <BLU137-W154CAC092887C97B8F0B6493700@phx.gbl> <00b701cb4f2d$a1c29e40$4001a8c0@gateway.2wire.net> <4C8809D4.9010603@stpeter.im>
In-Reply-To: <4C8809D4.9010603@stpeter.im>
Date: Wed, 8 Sep 2010 15:29:31 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQENyKL5Lgta0fr6nt5F+jUK6VKoNgLYVKvYAiLGiAcCHKynaQJkDbg/lDfaXrA=
Content-Language: en-us
X-OriginalArrivalTime: 08 Sep 2010 22:29:33.0376 (UTC) FILETIME=[4F982400:01CB4FA5]
X-Mailman-Approved-At: Wed, 08 Sep 2010 18:10:59 -0700
Cc: 'IETF cert-based identity' <certid@ietf.org>, ietf@ietf.org
Subject: Re: [certid] Review of draft-saintandre-tls-server-id-check
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Sep 2010 22:29:07 -0000

Peter said:

"Aha, I see the source of confusion. I think the first sentence of Section 5.1 is better written as follows:

   When the connecting application is an interactive client,
   construction of the reference identifier SHOULD be based on the
   source domain and service type provided by a human user (e.g. when
   specifying the server portion of the user's account name on the
   server or when explicitly configuring the client to connect to a
   particular host or URI as in [SIP-LOC]) and SHOULD NOT be based on a
   target domain derived from the user inputs in an automated fashion
   (e.g., a host name or domain name discovered through DNS resolution
   of the source domain).

We want to make sure that the reference identifier is based on the source (user-provided) domain, not the target (automatically-derived) domain, except perhaps in several well-defined and carefully-limited scenarios.

Peter"

[BA] IMHO, this text is much clearer.  Thanks!

--
Peter Saint-Andre
https://stpeter.im/

v2.8.7 | Report a Bug | By Email