IETF Logo Mail Archive

Re: [certid] DC should be MUST NOT

Peter Sylvester <peter.sylvester@edelweb.fr> Wed, 30 June 2010 15:58 UTC

Return-Path: <peter.sylvester@edelweb.fr>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 45CD33A6A15 for <certid@core3.amsl.com>; Wed, 30 Jun 2010 08:58:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.588
X-Spam-Level:
X-Spam-Status: No, score=-1.588 tagged_above=-999 required=5 tests=[AWL=1.011, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q7rA3Dutjg5j for <certid@core3.amsl.com>; Wed, 30 Jun 2010 08:58:19 -0700 (PDT)
Received: from ganymede.on-x.com (ganymede.on-x.com [92.103.215.11]) by core3.amsl.com (Postfix) with ESMTP id 418513A699F for <certid@ietf.org>; Wed, 30 Jun 2010 08:58:19 -0700 (PDT)
Received: from varuna.puteaux.on-x (varuna.puteaux.on-x [192.168.10.6]) by ganymede.on-x.com (Postfix) with ESMTP id 8BFF4138 for <certid@ietf.org>; Wed, 30 Jun 2010 17:58:29 +0200 (CEST)
Received: from smtps.on-x.com (mintaka.puteaux.on-x [192.168.14.11]) by varuna.puteaux.on-x (Postfix) with ESMTP id 8127817048 for <certid@ietf.org>; Wed, 30 Jun 2010 17:58:29 +0200 (CEST)
Received: from [192.168.0.10] (gut75-3-82-227-163-182.fbx.proxad.net [82.227.163.182]) by smtps.on-x.com (Postfix) with ESMTP id 61B7E782B for <certid@ietf.org>; Wed, 30 Jun 2010 17:58:29 +0200 (CEST)
Message-ID: <4C2B69A1.5040505@edelweb.fr>
Date: Wed, 30 Jun 2010 17:58:25 +0200
From: Peter Sylvester <peter.sylvester@edelweb.fr>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
References: <4C2A7062.2070207@stpeter.im> <201006301319.o5UDJZQj029339@fs4113.wdf.sap.corp> <02f001cb1860$d1b4b880$751e2980$@osu.edu> <p0624081bc8510e45cddc@[10.20.30.158]>
In-Reply-To: <p0624081bc8510e45cddc@[10.20.30.158]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] DC should be MUST NOT
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 15:58:20 -0000

On 06/30/2010 05:08 PM, Paul Hoffman wrote:
> At 10:30 AM -0400 6/30/10, Scott Cantor wrote:
>    
>>> I would really appreciate a "MUST not use DC-ID for server endpoint
>>> identification", which also happens to be the current practice and
>>> what had previously been specified.  rfc-2818 doesn't mention DC= at all.
>>>        
>> +1
>>
>> The last thing we need is *another* way to do what existing methods already
>> address.
>>      
> Another +1
>    
+1,  RFC 5280 already "warns"  about that.

    In addition, implementations of this specification MUST be prepared
    to receive the domainComponent attribute, as defined in [RFC4519].
    The Domain Name System (DNS) provides a hierarchical resource
    labeling system.  This attribute provides a convenient mechanism for
    organizations that wish to use DNs that parallel their DNS names.

    This is not a replacement for the dNSName component of the
    alternative name extensions.  Implementations are not required to
    convert such names into DNS names.

v2.8.7 | Report a Bug | By Email