IETF Logo Mail Archive

Re: [keyassure] WebID at W3C and keyassure

Paul Hoffman <paul.hoffman@vpnc.org> Fri, 11 February 2011 00:48 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 83EB53A6823 for <keyassure@core3.amsl.com>; Thu, 10 Feb 2011 16:48:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.652
X-Spam-Level:
X-Spam-Status: No, score=-100.652 tagged_above=-999 required=5 tests=[AWL=-0.095, BAYES_05=-1.11, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mDVjFKBcOrgi for <keyassure@core3.amsl.com>; Thu, 10 Feb 2011 16:48:29 -0800 (PST)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id CA8F83A6B18 for <keyassure@ietf.org>; Thu, 10 Feb 2011 16:48:29 -0800 (PST)
Received: from MacBook-08.local (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p1B0mgDL062329 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <keyassure@ietf.org>; Thu, 10 Feb 2011 17:48:43 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Message-ID: <4D54876A.4090302@vpnc.org>
Date: Thu, 10 Feb 2011 16:48:42 -0800
From: Paul Hoffman <paul.hoffman@vpnc.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: keyassure@ietf.org
References: <57722B1C-F0AE-42D9-8ABE-30223D4F0D51@bblfish.net> <201102102017.p1AKH7iR028493@new.toad.com> <19409B47-4FB1-4705-B670-5D2570EBE76B@bblfish.net>
In-Reply-To: <19409B47-4FB1-4705-B670-5D2570EBE76B@bblfish.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [keyassure] WebID at W3C and keyassure
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Feb 2011 00:48:30 -0000

On 2/10/11 2:41 PM, Henry Story wrote:
> Keyassure will probably use the DNS-ID typed subject alternative name
> (SAN) or Issuer Alternative Name (IAN) in a *server* X509 certifactes
> to identify the server as suggested is good practice by
> http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-14#section-2.3

In
>
your earlier message, you said:

> (I have not seen a draft spec yet, and am going from the group
> description).

Please do read the draft. What you say here, which predicates the rest
of your message about similarities with the WebID work, is not at all
correct.

This is not to say that what WebID is doing can't work with the DANE 
effort, just that we are doing completely different things. DANE is 
about getting a temporary trust anchor for a particular 
port/transport/domainname triple for a server, whereas WebID is about 
identifying clients through an HTTPS lookup. There has been discussion 
of using DANE to get a temporary trust anchor for S/MIME clients, and 
that might be extended to doing so for TLS clients, but it would be done 
using the DNS protocol.

v2.23.0 | Report a Bug | By Email