IETF Logo Mail Archive

Re: [core] #255: Authority Name issues with SNI and X.509 certificate

Carsten Bormann <cabo@tzi.org> Fri, 07 December 2012 11:32 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A105C21F853A for <core@ietfa.amsl.com>; Fri, 7 Dec 2012 03:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.249
X-Spam-Level:
X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDgemlGgoHwq for <core@ietfa.amsl.com>; Fri, 7 Dec 2012 03:32:00 -0800 (PST)
Received: from informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) by ietfa.amsl.com (Postfix) with ESMTP id 9A8F221F8534 for <core@ietf.org>; Fri, 7 Dec 2012 03:31:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from smtp-fb3.informatik.uni-bremen.de (smtp-fb3.informatik.uni-bremen.de [134.102.224.120]) by informatik.uni-bremen.de (8.14.3/8.14.3) with ESMTP id qB7BVoOb006977; Fri, 7 Dec 2012 12:31:50 +0100 (CET)
Received: from [10.0.1.2] (reingewinn.informatik.uni-bremen.de [134.102.218.123]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp-fb3.informatik.uni-bremen.de (Postfix) with ESMTPSA id 20634B37; Fri, 7 Dec 2012 12:31:50 +0100 (CET)
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
Content-Type: text/plain; charset="iso-8859-1"
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <4034ECC2-DB03-4A90-96F2-852AFEC120DF@sensinode.com>
Date: Fri, 07 Dec 2012 12:31:49 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <2EED6C7B-2959-4D76-9B0C-D9F4CFDCE3DE@tzi.org>
References: <057.2ba8550a3f0f2269f9c67df979775e71@trac.tools.ietf.org> <072.2a70bed72563131fa2d435816fba64e8@trac.tools.ietf.org> <CAByMhx-sLhdo-pCXxi75WS_pdzAbEAt9jkuCSSXpbvx+F9MQKQ@mail.gmail.com> <4034ECC2-DB03-4A90-96F2-852AFEC120DF@sensinode.com>
To: Zach Shelby <zach@sensinode.com>
X-Mailer: Apple Mail (2.1499)
Cc: core@ietf.org
Subject: Re: [core] #255: Authority Name issues with SNI and X.509 certificate
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/core>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2012 11:32:00 -0000

On Dec 7, 2012, at 12:11, Zach Shelby <zach@sensinode.com> wrote:

> We will still need do more editorial work on that section. 

Indeed.  I wonder whether we should be doing what I wrote in the commit comment:
Extract the cert-based section and develop it on a separate axis.  
It will be more unstable than the base document until we have found all the right places to connect to and caused any necessary updates.

To Thomas' question: If you need to fit it into DNS, one way to put an EUI-64 into a DNS context is to do, say, a base32 encode of the identifier and use it as a DNS label.
In a DNS-based system, it's up to the provisioning mechanisms to come up with these names, so there may not even be a need to standardize such a mapping.
For more general applications, draft-farrell-decade-ni is a good source of (URI-based) names (too bad that it will be stuck in the RFC editor queue for another year or so).

It is the lack of clarity about the range of provisioning mechanisms that cause us most of the trouble here.
Reminds me that I still have a SOLACE draft to write...

Grüße, Carsten

v2.23.0 | Report a Bug | By Email