Re: [certid] Please explicitly disallow unvetted info in subject
Martin Rex <mrex@sap.com> Thu, 10 June 2010 17:45 UTC
Return-Path: <mrex@sap.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 4501428C12A for <certid@core3.amsl.com>;
Thu, 10 Jun 2010 10:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.69
X-Spam-Level:
X-Spam-Status: No, score=-7.69 tagged_above=-999 required=5 tests=[AWL=-0.041,
BAYES_50=0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wy2kdRK5Vs6s for
<certid@core3.amsl.com>; Thu, 10 Jun 2010 10:45:50 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by
core3.amsl.com (Postfix) with ESMTP id 26AC528C10D for <certid@ietf.org>;
Thu, 10 Jun 2010 10:45:49 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id
o5AHjn3U008940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256
verify=OK); Thu, 10 Jun 2010 19:45:49 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201006101745.o5AHjn7N022071@fs4113.wdf.sap.corp>
To: nelson@bolyard.me (Nelson B Bolyard)
Date: Thu, 10 Jun 2010 19:45:49 +0200 (MEST)
In-Reply-To: <4C112371.3000104@bolyard.me> from "Nelson B Bolyard" at Jun 10,
10 10:40:01 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Cc: certid@ietf.org
Subject: Re: [certid] Please explicitly disallow unvetted info in subject
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2010 17:45:51 -0000
Nelson B Bolyard wrote: > > > CAs vouch and are liable for every single bit in the ToBeSigned part > > of a certificate, no matter what stupid things they claim in any weird > > and ineffective "certificate practice statement" (CPS). > > I think you'll find that lots of lawyers disagree. To the contrary, they > would claim that the expectation that CAs do anything other than what their > CPSes say is the stupid part. In most jurisdictions, there's no law that > says what CAs must do, so CAs are bound by contract, and the contracts all > cite the CPSes. It is the CAs who asked the browser vendors to ship their certs preconfigured as trusted! How many "certificate practice statements" (CPS) have you had to click through before your browser allowed you to establish a TLS-protected communication? For every user, where the count is "none", there is _no_ CPS in effect. -Martin
- [certid] Please explicitly disallow unvetted info… Nelson B Bolyard
- Re: [certid] Please explicitly disallow unvetted … Paul Hoffman
- Re: [certid] Please explicitly disallow unvetted … Sean Turner
- Re: [certid] Please explicitly disallow unvetted … Martin Rex
- Re: [certid] Please explicitly disallow unvetted … Nelson B Bolyard
- Re: [certid] Please explicitly disallow unvetted … Bruno Harbulot
- Re: [certid] Please explicitly disallow unvetted … Martin Rex
- Re: [certid] Please explicitly disallow unvetted … Scott Cantor
- Re: [certid] Please explicitly disallow unvetted … Nelson B Bolyard
- Re: [certid] Please explicitly disallow unvetted … Moudrick M. Dadashov
- Re: [certid] Please explicitly disallow unvetted … Peter Saint-Andre