Re: [certid] version -07
=JeffH <Jeff.Hodges@KingsMountain.com> Sat, 03 July 2010 05:46 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 730563A657C for <certid@core3.amsl.com>;
Fri, 2 Jul 2010 22:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.248
X-Spam-Level:
X-Spam-Status: No, score=0.248 tagged_above=-999 required=5 tests=[AWL=-0.087,
BAYES_50=0.001, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id znicpy1x4s5N for
<certid@core3.amsl.com>; Fri, 2 Jul 2010 22:46:24 -0700 (PDT)
Received: from cpoproxy1-pub.bluehost.com (cpoproxy1-pub.bluehost.com
[69.89.21.11]) by core3.amsl.com (Postfix) with SMTP id A5A3D3A67B3 for
<certid@ietf.org>; Fri, 2 Jul 2010 22:46:23 -0700 (PDT)
Received: (qmail 15088 invoked by uid 0); 3 Jul 2010 05:46:35 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by
cpoproxy1.bluehost.com with SMTP; 3 Jul 2010 05:46:35 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com;
h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User;
b=Fr0lPRM7DfqqNuCWiAJvB4MCNmfvVnZUz3Z0kPRbcNx9a2fcIHJRjJOpNANbpItiuN+j16hwbdld4Wy8zfT5KQQR8GIwYYvgXzfLcxWnSs4epZeiBti4Zm7v5hfUIrFy;
Received: from c-24-4-122-173.hsd1.ca.comcast.net ([24.4.122.173]
helo=[192.168.11.10]) by box514.bluehost.com with esmtpsa
(TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from
<Jeff.Hodges@KingsMountain.com>) id 1OUvYh-00025P-BP for certid@ietf.org;
Fri, 02 Jul 2010 23:46:35 -0600
Message-ID: <4C2ECEB6.7080209@KingsMountain.com>
Date: Fri, 02 Jul 2010 22:46:30 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: IETF cert-based identity <certid@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com}
{sentby:smtp auth 24.4.122.173 authed with jeff.hodges+kingsmountain.com}
Subject: Re: [certid] version -07
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2010 05:46:27 -0000
As PaulH said ... finally decloaking after being off this topic for a while.
Apologies for latency.
Peter, thanks for updating the draft!
All -- good discussion on the list, thanks for all the thoughtful contributions
-- the spec is much better for it.
Yes, I have various bits of feedback on -07, some described below. this is
without a careful review though, and is driven by reading through the recent
threads on certid@ and checking -07 for how the issues were addressed. I concur
with the decisions taken. It seems that all raised issues were nominally
addressed in -07, so the below are (subtle-but-important) nits.
=JeffH
------
[ the below items aren't necessarily difficult to clean up, I'm just noting
them for the record for now ]
* It seems to me coming to this new revision of the spec somewhat "fresh", that
the concepts being addressed could build more cleanly from (especially) section
1.1 (intro/motivation), section 2 Names, and section 3 Representation of Server
Identity. I can take a whack at making concrete suggestions by early/mid this
next week.
* need to explicitly define (at least) the below terms/phrases in section 1.3
if we are going to use them..
attribute-type-and-value pair
DER encoding
Internet application ..or.. application service ..or.. ?
service provider
subjectAltName (this term is used in section 1.3 but isn't itself defined
until seciton 2.2)
* I think we need to review the terms/phrases we use to reference cert
components and aspects thereof. I think we're being inconsistent and at times
ambiguous (need to do careful review). unfortunately other specs we depend on
use non-congruent terminology it seems.
E.g. in just sections 2.2 and 3 we use these various terms/phrases wrt
"subjectAltName"...
subjectAltName extension
subjectAltName extension types
subjectAltNames
subjectAltName entry
SubjectAltName field
subjectAltName identifier
subjectAltName identifier types
subjectAltName identifier of type
[the GeneralName structure in] the subjectAltName
..and then including the rest of the spec we also use (in addition to the above)..
application-specific subjectAltName extensions
subjectAltName extension of type
subjectAltName extensions of type
Obviously various of the above terms/phrases are redundant and we ought to
clean this up.
---
end
- [certid] version -07 Peter Saint-Andre
- Re: [certid] version -07 Peter Saint-Andre
- Re: [certid] version -07 Shumon Huque
- Re: [certid] version -07 =JeffH
- Re: [certid] version -07 Kaspar Brand
- Re: [certid] version -07 Peter Saint-Andre
- Re: [certid] version -07 Peter Saint-Andre