[IPsec] #117: Hash and URL interop
Tero Kivinen <kivinen@iki.fi> Fri, 30 October 2009 13:55 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 531153A67B6 for <ipsec@core3.amsl.com>; Fri, 30 Oct 2009 06:55:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.494
X-Spam-Level:
X-Spam-Status: No, score=-2.494 tagged_above=-999 required=5 tests=[AWL=0.105, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7LnMBSL1se7 for <ipsec@core3.amsl.com>; Fri, 30 Oct 2009 06:55:15 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id 319513A68D6 for <ipsec@ietf.org>; Fri, 30 Oct 2009 06:55:14 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.13.8) with ESMTP id n9UDtM7d011106 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Oct 2009 15:55:22 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id n9UDtL9F007786; Fri, 30 Oct 2009 15:55:21 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19178.61513.606708.918055@fireball.kivinen.iki.fi>
Date: Fri, 30 Oct 2009 15:55:21 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Yaron Sheffer <yaronf@checkpoint.com>
In-Reply-To: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDA1213EA9@il-ex01.ad.checkpoint.com>
References: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDA1213EA9@il-ex01.ad.checkpoint.com>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 6 min
X-Total-Time: 110 min
Cc: IPsecme WG <ipsec@ietf.org>
Subject: [IPsec] #117: Hash and URL interop
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2009 13:55:16 -0000
Yaron Sheffer writes: > To improve interoperability, allow only the "http" URL method. The > current text (end of sec. 3.6) implies that any method is allowed, > although HTTP MUST be supported. If that means adding MUST NOT for other URL methods, I do not think we want to do it. We alrady have one mandatory to implement URL method (http) and that should be enough to provide interoperability. If someone wants to create implementation which uses some other format in addition to http method for their own use, I do not see any reason why they should be forbidded to do so. Note, that HASH and URL formats are not limited to exactly one URL format for each hash. Implementation would are allowed to send multiple cert payloads, each having same HASH but different URLs having different methods. If implementation does not support certain URL method it just ignores the cert payload, and as multiple methods point to same certificate each of them have same hash, thus it does not matter which one of them the implementation uses to fetch the certificate. -- kivinen@iki.fi
- [IPsec] #117: Hash and URL interop Yaron Sheffer
- [IPsec] #117: Hash and URL interop Tero Kivinen
- Re: [IPsec] #117: Hash and URL interop Yaron Sheffer
- Re: [IPsec] #117: Hash and URL interop Paul Hoffman
- Re: [IPsec] #117: Hash and URL interop Yoav Nir
- Re: [IPsec] #117: Hash and URL interop Tero Kivinen
- Re: [IPsec] #117: Hash and URL interop Tero Kivinen
- Re: [IPsec] #117: Hash and URL interop Yaron Sheffer
- Re: [IPsec] #117: Hash and URL interop Tero Kivinen
- Re: [IPsec] #117: Hash and URL interop Scott C Moonen
- Re: [IPsec] #117: Hash and URL interop Paul Hoffman