IETF Logo Mail Archive

Re: [certid] Review of draft-saintandre-tls-server-id-check

Stefan Santesson <stefan@aaa-sec.com> Thu, 09 September 2010 19:39 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E35FC3A68E1 for <ietf@core3.amsl.com>; Thu, 9 Sep 2010 12:39:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.533
X-Spam-Level:
X-Spam-Status: No, score=-102.533 tagged_above=-999 required=5 tests=[AWL=0.716, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kjwkuj6xRyNI for <ietf@core3.amsl.com>; Thu, 9 Sep 2010 12:39:17 -0700 (PDT)
Received: from s87.loopia.se (s87.loopia.se [194.9.94.115]) by core3.amsl.com (Postfix) with ESMTP id 5AAE43A68F7 for <ietf@ietf.org>; Thu, 9 Sep 2010 12:38:22 -0700 (PDT)
Received: from s19.loopia.se (s34.loopia.se [194.9.94.70]) by s87.loopia.se (Postfix) with ESMTP id D1A973A7FF4 for <ietf@ietf.org>; Thu, 9 Sep 2010 21:37:03 +0200 (CEST)
Received: (qmail 71161 invoked from network); 9 Sep 2010 19:36:55 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO [192.168.1.5]) (stefan@fiddler.nu@[213.64.142.247]) (envelope-sender <stefan@aaa-sec.com>) by s19.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <shuque@isc.upenn.edu>; 9 Sep 2010 19:36:55 -0000
User-Agent: Microsoft-Entourage/12.26.0.100708
Date: Thu, 09 Sep 2010 21:36:54 +0200
Subject: Re: [certid] Review of draft-saintandre-tls-server-id-check
From: Stefan Santesson <stefan@aaa-sec.com>
To: Shumon Huque <shuque@isc.upenn.edu>
Message-ID: <C8AF03F6.EC6E%stefan@aaa-sec.com>
Thread-Topic: [certid] Review of draft-saintandre-tls-server-id-check
Thread-Index: ActQVltWPSULorgnYEC0PcrppggBrg==
In-Reply-To: <20100909183829.GA4332@isc.upenn.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: Bernard Aboba <bernard_aboba@hotmail.com>, IETF cert-based identity <certid@ietf.org>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 19:39:18 -0000

On 10-09-09 8:38 PM, "Shumon Huque" <shuque@isc.upenn.edu> wrote:

> Earlier in RFC 4985, it says:
> 
>    The SRVName, if present, MUST contain a service name and a domain
>    name in the following form:
> 
>       _Service.Name
> 
>    The content of the components of this name form MUST be consistent
>    with the corresponding definition of these components in an SRV RR
>    according to RFC 2782
> 
> I think this was actually clear enough. The subsequent statement that
> Name is "The DNS domain name of the domain where the specified service
> is located." (which could mean any of a number of things) confused the
> issue, and probably should not have been in the document.


Agreed, but since it will be an errata, the text must be corrected.

Do you agree with my proposal?

    "The DNS domain name of a domain for which the certified subject
     is authorized to provide the identified service."

/Stefan

v2.23.0 | Report a Bug | By Email