Re: [certid] Comments on draft-saintandre-tls-server-id-check-04
Peter Sylvester <peter.sylvester@edelweb.fr> Sat, 29 May 2010 17:47 UTC
Return-Path: <peter.sylvester@edelweb.fr>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id E4E1F3A6847 for <certid@core3.amsl.com>;
Sat, 29 May 2010 10:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.901
X-Spam-Level:
X-Spam-Status: No, score=0.901 tagged_above=-999 required=5 tests=[AWL=0.900,
BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPs1SzvzgvwD for
<certid@core3.amsl.com>; Sat, 29 May 2010 10:47:46 -0700 (PDT)
Received: from ganymede.on-x.com (ganymede.on-x.com [92.103.215.11]) by
core3.amsl.com (Postfix) with ESMTP id E42F73A6832 for <certid@ietf.org>;
Sat, 29 May 2010 10:47:45 -0700 (PDT)
Received: from varuna.puteaux.on-x (varuna.puteaux.on-x [192.168.10.6]) by
ganymede.on-x.com (Postfix) with ESMTP id AAA97150 for <certid@ietf.org>;
Sat, 29 May 2010 19:37:33 +0200 (CEST)
Received: from smtps.on-x.com (mintaka.puteaux.on-x [192.168.14.11]) by
varuna.puteaux.on-x (Postfix) with ESMTP id 787C3170C1 for <certid@ietf.org>;
Sat, 29 May 2010 19:47:14 +0200 (CEST)
Received: from [192.168.0.17] (gut75-3-82-227-163-182.fbx.proxad.net
[82.227.163.182]) by smtps.on-x.com (Postfix) with ESMTP id ED12977D8 for
<certid@ietf.org>; Sat, 29 May 2010 19:47:10 +0200 (CEST)
Message-ID: <4C015310.5030708@edelweb.fr>
Date: Sat, 29 May 2010 19:46:56 +0200
From: Peter Sylvester <peter.sylvester@edelweb.fr>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
References: <4BEB3870.10904@KingsMountain.com>
<4BED0E6E.1090303@edelweb.fr> <4C003D15.4060408@stpeter.im>
<4C00FEC0.3080808@edelweb.fr>
In-Reply-To: <4C00FEC0.3080808@edelweb.fr>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] Comments on draft-saintandre-tls-server-id-check-04
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 May 2010 17:47:47 -0000
some more details.
In 1.1:
There is the possibility to indicate several identities:
"Only a match between the client's reference identity and the server's
presented identity enables the client to be sure that the certificate
can legitimately be used to secure the connection."
==>
"In general, a match between the client's reference identity and one of the server's
presented identities is required to enable the client to be sure that the certificate
can legitimately be used to authenticate the connection."
(see: "The application server is identified by a name or names carried in
the subject field and/or the subjectAltName extension of the
certificate.")
"The Internet Public Key Infrastructure" sounds ambiguous quite right to me.
- The only thing of a PKI in question that is ever transmitted
and visible in the Internet might be the server's certificate.
- There is no "Internet PKI" (like the DNS).
"in the context of the Internet Public Key Infrastructure using X.509"
==>
"in the context of a Public Key Infrastructure using X.509".
Likewise, during TLS negotiation the server presents
its conception of the server's identity
Application protocols have traditionally specified their own rules
for representing and verifying server identities.
I suggest to replace "represent" by "present". (The word represent seems
to be used interchangeable with present in the current text). I'd prefer
even 'indicate' instead.
/PS
- [certid] Comments on draft-saintandre-tls-server-… Nelson B Bolyard
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… =JeffH
- Re: [certid] Comments on draft-saintandre-tls-ser… Nelson B Bolyard
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… =JeffH
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… =JeffH
- Re: [certid] Comments on draft-saintandre-tls-ser… Sean Turner
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… Love Hörnquist Åstrand
- Re: [certid] Comments on draft-saintandre-tls-ser… ArkanoiD
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… =JeffH
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… Love Hörnquist Åstrand
- Re: [certid] Comments on draft-saintandre-tls-ser… Joe Orton
- Re: [certid] Comments on draft-saintandre-tls-ser… Kaspar Brand
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Sylvester
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Sylvester
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Sylvester
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… ArkanoiD
- Re: [certid] Comments on draft-saintandre-tls-ser… Henry B. Hotz
- Re: [certid] Comments on draft-saintandre-tls-ser… Matt McCutchen
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… Nelson B Bolyard
- Re: [certid] Comments on draft-saintandre-tls-ser… Sean Turner
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Saint-Andre
- Re: [certid] Comments on draft-saintandre-tls-ser… Peter Sylvester
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… Nelson B Bolyard
- Re: [certid] Comments on draft-saintandre-tls-ser… Martin Rex
- Re: [certid] Comments on draft-saintandre-tls-ser… Nelson B Bolyard
- [certid] Moving RFC 2818 to Historic (was Comment… Alexey Melnikov
- Re: [certid] Moving RFC 2818 to Historic (was Com… Peter Saint-Andre
- Re: [certid] Moving RFC 2818 to Historic (was Com… Sean Turner
- Re: [certid] Moving RFC 2818 to Historic (was Com… Alexey Melnikov
- Re: [certid] Comments on draft-saintandre-tls-ser… Henry B. Hotz