IETF Logo Mail Archive

Re: [certid] weird CN-IDs (subjectCommonName) in SSL Labs Survey Data

=JeffH <Jeff.Hodges@KingsMountain.com> Tue, 19 October 2010 17:22 UTC

Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B77D3A68C2 for <certid@core3.amsl.com>; Tue, 19 Oct 2010 10:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.114
X-Spam-Level:
X-Spam-Status: No, score=-102.114 tagged_above=-999 required=5 tests=[AWL=0.151, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u29OWP+4kSJf for <certid@core3.amsl.com>; Tue, 19 Oct 2010 10:22:54 -0700 (PDT)
Received: from cpoproxy2-pub.bluehost.com (cpoproxy2-pub.bluehost.com [67.222.39.38]) by core3.amsl.com (Postfix) with SMTP id 8CA333A68C0 for <certid@ietf.org>; Tue, 19 Oct 2010 10:22:54 -0700 (PDT)
Received: (qmail 13850 invoked by uid 0); 19 Oct 2010 17:24:25 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by cpoproxy2.bluehost.com with SMTP; 19 Oct 2010 17:24:25 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User; b=ACaf/3Ea3zLYWEm2xLmEJmRRnsFcKNUvpbmNvajhGau1ofzsvRFuHISy91UpeXy7frKDcynINAPpL/aXFwWQMNWkiVwJC0HfINuZkZ2dh+29GD/NuFWruavYNuPTXydW;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.136.179]) by box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Jeff.Hodges@KingsMountain.com>) id 1P8FvF-00012M-Ie; Tue, 19 Oct 2010 11:24:25 -0600
Message-ID: <4CBDD448.1060004@KingsMountain.com>
Date: Tue, 19 Oct 2010 10:24:24 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: IETF cert-based identity <certid@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com} {sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [certid] weird CN-IDs (subjectCommonName) in SSL Labs Survey Data
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2010 17:22:56 -0000

a further note on the regex..

   /[Cc][Nn]=(?!([\-\w\*]+\.)+[\-\w]+)/

regex aficionados will note that there are subtle issues with the regex -- e.g. 
"([\-\w\*]+\.)+[\-\w]+)" -- the latter component doesn't /precisely/ describe 
DNS LDH domain name syntax. for instance, \w matches underscore, and thus the 
regex matches labels with underscore appearing anywhere in them, but (current) 
DNS LDH domain name syntax allows for underscore in only the first char 
position of a label. The regex also doesn't check for other first-char-of-label 
restrictions, and also matches wildcards anywhere in labels (which is a 
subtlety we've been debating).

However, I feel that for my present back-of-the-envelope quick looksee in the 
subject name data, that thar regex above is Good Enough.

Of course if others want to be more precise, go for it.

=JeffH

v2.8.7 | Report a Bug | By Email