Re: [dispatch] [RAI] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04

Iñaki Baz Castillo <ibc@aliax.net> Wed, 29 January 2014 18:18 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7349F1A0383 for <dispatch@ietfa.amsl.com>; Wed, 29 Jan 2014 10:18:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZgOzww0pMNww for <dispatch@ietfa.amsl.com>; Wed, 29 Jan 2014 10:18:03 -0800 (PST)
Received: from mail-qc0-f173.google.com (mail-qc0-f173.google.com [209.85.216.173]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7CA1A02C0 for <dispatch@ietf.org>; Wed, 29 Jan 2014 10:18:03 -0800 (PST)
Received: by mail-qc0-f173.google.com with SMTP id i8so3295770qcq.18 for <dispatch@ietf.org>; Wed, 29 Jan 2014 10:18:00 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=yM3WkQMU0vXGa3i1TqYbNWLQiHyKFdyoBrmYr/2OO+8=; b=I7mE1do4F2Cs06/P0Qu3J8/VvpF49p2n+BgnDc0CxNUCPZStFS6VHp7feUDgcgQlz6 G7J/e7dYcY0V3a7aTZbe4NFUxkGPxtZeo8xg1dYnhv1J3+s//15Ze+ouq+v+/j90L3x9 gwwdRQSZ3bM33kJImWbGPNKR2SvVh7BOOlRKnEcBNMt23wlLLVjebD0Dlg0I4FkXLQaZ il6JX7HOL54FZOzZeXq3zzk5sHmTp25dmj5YdfOSrcmPMOnb0pPGjlaht/n6nfh1S2tS EytKjvC3RiX+iIvUk6x6EnZ9HNiPu/xC8AyUwk7/0ToPB/JriwTFc59y3anmTLkesdZa 59BA==
X-Gm-Message-State: ALoCoQl0Xg7whhQVHKCtv19OZ5A/upakV62A1cXJniSav9lckMS1ipSsjstpkE8ewij/3ItpwhEn
X-Received: by 10.140.96.17 with SMTP id j17mr13933965qge.112.1391019480390; Wed, 29 Jan 2014 10:18:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.96.101.232 with HTTP; Wed, 29 Jan 2014 10:17:40 -0800 (PST)
In-Reply-To: <1E320318-64CE-4F8B-AB76-8C4A5244379A@cisco.com>
References: <45B84D8F-AD8C-4B28-90DF-9B1C40771104@nostrum.com> <6833E320-7B45-4FC2-853B-62311DCF7E7B@nostrum.com> <A25E55DD-59E3-4F43-BE9A-6304378FAE0B@cisco.com> <CALiegf=mn1Lg6ihhf8hamn6rVpkLnF3ydGxm1tK1JaNMaioxoQ@mail.gmail.com> <CAEqTk6Q2Dv4a2P-8KJtK=xGZx=mmayt_YdagF2=JyoJ1oYQu7w@mail.gmail.com> <1E320318-64CE-4F8B-AB76-8C4A5244379A@cisco.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Wed, 29 Jan 2014 19:17:40 +0100
Message-ID: <CALiegfmWXmOYu2gQj8b6=JgC2CfZoFJqebM=E6OrJ6j-QwLepg@mail.gmail.com>
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Ben Campbell <ben@nostrum.com>, DISPATCH <dispatch@ietf.org>, "rai@ietf.org" <rai@ietf.org>, "draft-pd-dispatch-msrp-websocket.all@tools.ietf.org" <draft-pd-dispatch-msrp-websocket.all@tools.ietf.org>
Subject: Re: [dispatch] [RAI] MSRP Expert Review of draft-pd-dispatch-msrp-websocket-04
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2014 18:18:04 -0000

2014-01-29 Cullen Jennings (fluffy) <fluffy@cisco.com>om>:
> On Jan 29, 2014, at 10:16 AM, Peter Dunkley <peter.dunkley@crocodilertc.net> wrote:
>
>> Even if TLS is left as MUST all of the additional checks from the RFC cannot be enforced on the client because (in a browser) you don't have any access to that information.
>
> So help educate me on what is missing and lets go get that fixed in web sockets.


The browser inspects the certificate retrieved from the WS server in
the same way than when the browser connects to a HTTPS site. And the
certificate inspection means matching the server domain with the CN or
SubjectAltNames fields (DNS entries) and others usual checks.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>