Re: Authority name (was: [Crisp] I-D ACTION:draft-ietf-crisp-iris-xpc-04.txt)

Andrew Newton <andy@hxr.us> Tue, 25 July 2006 13:03 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5MZX-0006nO-RD; Tue, 25 Jul 2006 09:03:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G5MZW-0006nG-K2 for crisp@ietf.org; Tue, 25 Jul 2006 09:03:38 -0400
Received: from zeke.toscano.org ([69.31.8.124] helo=zeke.ecotroph.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G5MZU-0005AF-CC for crisp@ietf.org; Tue, 25 Jul 2006 09:03:38 -0400
Received: from [10.0.1.102] ([::ffff:70.174.142.181]) (AUTH: PLAIN anewton, TLS: TLSv1/SSLv3,128bits,RC4-SHA) by zeke.ecotroph.net with esmtp; Tue, 25 Jul 2006 09:03:46 -0400 id 0158812E.44C616B2.00000DAA
In-Reply-To: <487354f10607250439n111cfa19n5573839c8d7206f9@mail.gmail.com>
References: <487354f10607250439n111cfa19n5573839c8d7206f9@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <5581DE91-47C7-421F-A8D0-B3D09B0D8392@hxr.us>
Content-Transfer-Encoding: 7bit
From: Andrew Newton <andy@hxr.us>
Subject: Re: Authority name (was: [Crisp] I-D ACTION:draft-ietf-crisp-iris-xpc-04.txt)
Date: Tue, 25 Jul 2006 09:03:35 -0400
To: Robert Martin-Legene <rlegene@gmail.com>
X-Mailer: Apple Mail (2.752.2)
X-Spam-Score: 0.1 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Cc: crisp@ietf.org
X-BeenThere: crisp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Cross Registry Information Service Protocol <crisp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/crisp>, <mailto:crisp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:crisp@ietf.org>
List-Help: <mailto:crisp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/crisp>, <mailto:crisp-request@ietf.org?subject=subscribe>
Errors-To: crisp-bounces@ietf.org

On Jul 25, 2006, at 7:39 AM, Robert Martin-Legene wrote:

> And why is it there anyway?
>
> Clues?

It's purpose is to signal the server about which registry it intends  
to address the query.  And the client knows it based on the query.   
For example, if the client is looking up domain name example.dk at  
the dk registry, the authority is dk since the query is the intended  
target of the dk registry.

What the server does with the information is up to the server.  For a  
server serving only one registry, it might very well ignore this  
information.

There is one more aspect to a client knowing its target authority,  
and that has to do with server authentication and TLS.  If the server  
knows it is supposed to be connecting to dk but gets back a  
certificate for sitefinder.com, then it can pretty well assume that  
something went wrong even if the certificate is valid.  And this type  
of check is not done for you by the TLS stack.

-andy


_______________________________________________
Crisp mailing list
Crisp@ietf.org
https://www1.ietf.org/mailman/listinfo/crisp