Re: [certid] Comments on draft-saintandre-tls-server-id-check-03

Love Hörnquist Åstrand <lha@apple.com> Thu, 13 May 2010 00:39 UTC

Return-Path: <lha@apple.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5335D3A69CE for <certid@core3.amsl.com>; Wed, 12 May 2010 17:39:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.299
X-Spam-Level:
X-Spam-Status: No, score=-106.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzXXyOa-DGfi for <certid@core3.amsl.com>; Wed, 12 May 2010 17:39:42 -0700 (PDT)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by core3.amsl.com (Postfix) with ESMTP id 237C63A69C6 for <certid@ietf.org>; Wed, 12 May 2010 17:39:41 -0700 (PDT)
Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out3.apple.com (Postfix) with ESMTP id 1B532926BC97 for <certid@ietf.org>; Wed, 12 May 2010 17:39:32 -0700 (PDT)
X-AuditID: 1180711d-b7c17ae00000693e-b9-4beb4a430440
Received: from elliott.apple.com (elliott.apple.com [17.151.62.13]) by relay13.apple.com (Apple SCV relay) with SMTP id 2C.9B.26942.34A4BEB4; Wed, 12 May 2010 17:39:32 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=us-ascii
Received: from nutcracker.apple.com (nutcracker.apple.com [17.201.21.139]) by elliott.apple.com (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPSA id <0L2C00G6O1TVA150@elliott.apple.com> for certid@ietf.org; Wed, 12 May 2010 17:39:31 -0700 (PDT)
From: =?iso-8859-1?Q?Love_H=F6rnquist_=C5strand?= <lha@apple.com>
In-reply-to: <4BEB3870.10904@KingsMountain.com>
Date: Wed, 12 May 2010 17:39:31 -0700
Message-id: <EA2C58D8-5747-4F94-AE40-B6CC61A1768C@apple.com>
References: <4BEB3870.10904@KingsMountain.com>
To: =JeffH <Jeff.Hodges@KingsMountain.com>
X-Mailer: Apple Mail (2.1147.1)
X-Brightmail-Tracker: AAAAAQAAAZE=
Cc: IETF cert-based identity <certid@ietf.org>
Subject: Re: [certid] Comments on draft-saintandre-tls-server-id-check-03
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 00:39:43 -0000

12 maj 2010 kl. 16:23 skrev =JeffH:

> ..which is ambiguous because X.501 does not explicitly state which RDN in the DN sequence is the most specific (it's implied) and there allegedly exist non-trivial slices of current practice don't necessarily follow that stipulation anyway (for whatever reasons).

rfc5280 claims that dn are hierarchical, and it make sense when you apply name constraints on the subject DN (permitted/excluded subtree).

Love