Re: [certid] Bad certificate handling
=JeffH <Jeff.Hodges@KingsMountain.com> Mon, 27 September 2010 23:22 UTC
Return-Path: <Jeff.Hodges@KingsMountain.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 0EEB43A6B7E for <certid@core3.amsl.com>;
Mon, 27 Sep 2010 16:22:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.133
X-Spam-Level:
X-Spam-Status: No, score=-102.133 tagged_above=-999 required=5 tests=[AWL=0.132,
BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b86xbOmgGxqr for
<certid@core3.amsl.com>; Mon, 27 Sep 2010 16:22:23 -0700 (PDT)
Received: from cpoproxy2-pub.bluehost.com (cpoproxy2-pub.bluehost.com
[67.222.39.38]) by core3.amsl.com (Postfix) with SMTP id 14B0B3A6A40 for
<certid@ietf.org>; Mon, 27 Sep 2010 16:22:22 -0700 (PDT)
Received: (qmail 23246 invoked by uid 0); 27 Sep 2010 23:23:02 -0000
Received: from unknown (HELO box514.bluehost.com) (74.220.219.114) by
cpoproxy2.bluehost.com with SMTP; 27 Sep 2010 23:23:02 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kingsmountain.com;
h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:Content-Type:Content-Transfer-Encoding:X-Identified-User;
b=HqC+kII1KptWou0BgI+cscLDPPGO4D3ojpg0RN337LFmiYSE4PqHWi6CH/fprmzTQLIsJ4kOLuKGAbRF9dxJVpJ+bUmW1FIBckGgdLlvrLiH1hvfOixWW1StyaESlhpb;
Received: from outbound4.ebay.com ([216.113.168.128] helo=[10.244.49.202]) by
box514.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69)
(envelope-from <Jeff.Hodges@KingsMountain.com>) id 1P0N2E-0005pm-EO;
Mon, 27 Sep 2010 17:23:02 -0600
Message-ID: <4CA12756.6070301@KingsMountain.com>
Date: Mon, 27 Sep 2010 16:23:02 -0700
From: =JeffH <Jeff.Hodges@KingsMountain.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20100411)
MIME-Version: 1.0
To: Matt McCutchen <matt@mattmccutchen.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Identified-User: {11025:box514.bluehost.com:kingsmou:kingsmountain.com}
{sentby:smtp auth 216.113.168.128 authed with jeff.hodges+kingsmountain.com}
Cc: IETF cert-based identity <certid@ietf.org>
Subject: Re: [certid] Bad certificate handling
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Sep 2010 23:22:24 -0000
Matt replied.. > > On Fri, 2010-09-24 at 16:01 -0700, =JeffH wrote: >> > > Given all this, I suggest we change the last part of the last sentence of >> > > the "Security Note" quoted above to something like.. >> > > >> > > ..., by forcing the user to view the entire certification path >> > > and only then allowing the user to choose whether to accept the >> > > certificate on a temporary or permanent basis. See [WSC-UI] for >> > > further guidance. >> > > >> > > ..and leave it at that in -tls-server-id-check. We should also consider >> > > making [WSC-UI] a normative reference now that it is at Recommendation >> > > maturity level. >> > >> > OK. I suggest s/to choose whether //; the point is that the user >> > accepts the certificate. >> >> I tend to think we ought to at least mention the notion that the cert can be >> accepted either temporarily or permanently. > > And that remains after my proposed edit. If you want to emphasize that > it's the user's choice, try this: > > "...and only then allowing the user to accept the certificate on a > temporary or permanent basis, at his/her option." > > The problem with the current text is that its negation could be that > someone else does the choosing, when it should be that the certificate > is not accepted. ah, ok, thx, I'd misunderstood your proposed edit, thx for clarification. =JeffH
- Re: [certid] Bad certificate handling =JeffH
- Re: [certid] Bad certificate handling Matt McCutchen
- Re: [certid] Bad certificate handling =JeffH
- Re: [certid] Bad certificate handling Martin Rex
- Re: [certid] Bad certificate handling Matt McCutchen
- Re: [certid] Bad certificate handling Matt McCutchen
- Re: [certid] Bad certificate handling Jeffrey A. Williams
- Re: [certid] Bad certificate handling Martin Rex
- Re: [certid] Bad certificate handling ArkanoiD
- Re: [certid] Bad certificate handling =JeffH
- Re: [certid] Bad certificate handling Peter Saint-Andre