Re: [certid] DC should be MUST NOT
Peter Saint-Andre <stpeter@stpeter.im> Wed, 30 June 2010 14:53 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 394993A685C for <certid@core3.amsl.com>;
Wed, 30 Jun 2010 07:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.339
X-Spam-Level:
X-Spam-Status: No, score=-2.339 tagged_above=-999 required=5 tests=[AWL=0.260,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sG+vJTldzPFd for
<certid@core3.amsl.com>; Wed, 30 Jun 2010 07:53:27 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com
(Postfix) with ESMTP id 539783A65A5 for <certid@ietf.org>;
Wed, 30 Jun 2010 07:53:27 -0700 (PDT)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129])
(Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id
31D0540E57; Wed, 30 Jun 2010 08:53:37 -0600 (MDT)
Message-ID: <4C2B5A6F.6000107@stpeter.im>
Date: Wed, 30 Jun 2010 08:53:35 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Scott Cantor <cantor.2@osu.edu>
References: <4C2A7062.2070207@stpeter.im>
<201006301319.o5UDJZQj029339@fs4113.wdf.sap.corp>
<02f001cb1860$d1b4b880$751e2980$@osu.edu>
In-Reply-To: <02f001cb1860$d1b4b880$751e2980$@osu.edu>
X-Enigmail-Version: 1.0.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms020600070206010307070907"
Cc: certid@ietf.org
Subject: Re: [certid] DC should be MUST NOT
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 14:53:28 -0000
On 6/30/10 8:30 AM, Scott Cantor wrote: >> I would really appreciate a "MUST not use DC-ID for server endpoint >> identification", which also happens to be the current practice and >> what had previously been specified. rfc-2818 doesn't mention DC= at all. > > +1 > > The last thing we need is *another* way to do what existing methods already > address. That seems to be the consensus here, and I concur. IMHO we don't even necessarily need to say anything about why we're prohibiting DC=, given that we're working to document best current practices and there's not even a current practice (let alone a best one) to use DC=. Peter -- Peter Saint-Andre https://stpeter.im/
- [certid] DC should be MUST NOT Paul Hoffman
- Re: [certid] DC should be MUST NOT Bruno Harbulot
- Re: [certid] DC should be MUST NOT Peter Saint-Andre
- Re: [certid] DC should be MUST NOT Martin Rex
- Re: [certid] DC should be MUST NOT Scott Cantor
- Re: [certid] DC should be MUST NOT Peter Saint-Andre
- Re: [certid] DC should be MUST NOT Paul Hoffman
- Re: [certid] DC should be MUST NOT Martin Rex
- Re: [certid] DC should be MUST NOT Peter Sylvester
- Re: [certid] DC should be MUST NOT =JeffH