Re: [Gen-art] applicability of draft-saintandre-tls-server-id-check (was: Gen-ART LC Review...)
Peter Saint-Andre <stpeter@stpeter.im> Wed, 08 December 2010 21:02 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 779AC3A688D; Wed, 8 Dec 2010 13:02:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.371
X-Spam-Level:
X-Spam-Status: No, score=-102.371 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7REn0aUG+nN; Wed, 8 Dec 2010 13:02:00 -0800 (PST)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 8FD603A686A; Wed, 8 Dec 2010 13:02:00 -0800 (PST)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id B5F0C4009B; Wed, 8 Dec 2010 14:15:20 -0700 (MST)
Message-ID: <4CFFF29E.6040804@stpeter.im>
Date: Wed, 08 Dec 2010 14:03:26 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: =JeffH <Jeff.Hodges@KingsMountain.com>
References: <4CFFEF35.3090200@KingsMountain.com>
In-Reply-To: <4CFFEF35.3090200@KingsMountain.com>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms050206070201010106000001"
Cc: Ben Campbell <ben@nostrum.com>, General Area Review Team <gen-art@ietf.org>, IETF cert-based identity <certid@ietf.org>
Subject: Re: [Gen-art] applicability of draft-saintandre-tls-server-id-check (was: Gen-ART LC Review...)
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 21:02:01 -0000
On 12/8/10 1:48 PM, =JeffH wrote: >> In general, I think this document is describing the tools available to >> protocol designers, not telling protocol designers which tools to use. > > Well, the original intent of this spec was to (simply, heh) specify how > to match one's reference ID to the presented ID (tho we hadn't yet > invented those terms) returned in the end-entity cert during TLS > handshake, so protocol designers/specifiers didn't have to re-invent it > (and do so differently) for each spec going forward. > > So I'd characterize it as listing (and defining degrees-of-freedom of) > the tools available (eg DNS-ID, SRV-ID, URI-ID, etc.), and then defining > how to perform matching given the tool. Yes, that is more accurate. As we discussed via IM, originally we thought it would be simple to lay down the law for all application protocols, but our prescriptions have become a bit more relaxed as we've realized how tangled the landscape is... Peter -- Peter Saint-Andre https://stpeter.im/
- [Gen-art] applicability of draft-saintandre-tls-s… =JeffH
- Re: [Gen-art] applicability of draft-saintandre-t… Peter Saint-Andre