Re: [keyassure] WebID at W3C and keyassure
Paul Hoffman <paul.hoffman@vpnc.org> Fri, 11 February 2011 00:48 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 83EB53A6823 for <keyassure@core3.amsl.com>; Thu, 10 Feb 2011 16:48:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.652
X-Spam-Level:
X-Spam-Status: No, score=-100.652 tagged_above=-999 required=5 tests=[AWL=-0.095, BAYES_05=-1.11, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mDVjFKBcOrgi for <keyassure@core3.amsl.com>; Thu, 10 Feb 2011 16:48:29 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id CA8F83A6B18 for <keyassure@ietf.org>; Thu, 10 Feb 2011 16:48:29 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1B0mgDL062329 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <keyassure@ietf.org>; Thu, 10 Feb 2011 17:48:43 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D54876A.4090302@vpnc.org>
Date: Thu, 10 Feb 2011 16:48:42 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: keyassure@ietf.org
References: <57722B1C-F0AE-42D9-8ABE-30223D4F0D51@bblfish.net> <201102102017.p1AKH7iR028493@new.toad.com> <19409B47-4FB1-4705-B670-5D2570EBE76B@bblfish.net>
In-Reply-To: <19409B47-4FB1-4705-B670-5D2570EBE76B@bblfish.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] WebID at W3C and keyassure
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2011 00:48:30 -0000
On 2/10/11 2:41 PM, Henry Story wrote: > Keyassure will probably use the DNS-ID typed subject alternative name > (SAN) or Issuer Alternative Name (IAN) in a *server* X509 certifactes > to identify the server as suggested is good practice by > http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-14#section-2.3 In > your earlier message, you said: > (I have not seen a draft spec yet, and am going from the group > description). Please do read the draft. What you say here, which predicates the rest of your message about similarities with the WebID work, is not at all correct. This is not to say that what WebID is doing can't work with the DANE effort, just that we are doing completely different things. DANE is about getting a temporary trust anchor for a particular port/transport/domainname triple for a server, whereas WebID is about identifying clients through an HTTPS lookup. There has been discussion of using DANE to get a temporary trust anchor for S/MIME clients, and that might be extended to doing so for TLS clients, but it would be done using the DNS protocol.
- [keyassure] WebID at W3C and keyassure Henry Story
- Re: [keyassure] WebID at W3C and keyassure Henry Story
- Re: [keyassure] WebID at W3C and keyassure Paul Hoffman
- Re: [keyassure] WebID at W3C and keyassure Henry Story
- Re: [keyassure] WebID at W3C and keyassure Phillip Hallam-Baker
- Re: [keyassure] WebID at W3C and keyassure Henry Story
- Re: [keyassure] WebID at W3C and keyassure Phillip Hallam-Baker
- Re: [keyassure] WebID at W3C and keyassure Jakob Schlyter
- Re: [keyassure] WebID at W3C and keyassure Phillip Hallam-Baker
- Re: [keyassure] WebID at W3C and keyassure Henry Story
- Re: [keyassure] WebID at W3C and keyassure Jakob Schlyter
- Re: [keyassure] WebID at W3C and keyassure Phillip Hallam-Baker