Re: [kitten] BrowserID mutual auth

[Peter Saint-Andre <stpeter@stpeter.im>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/25/13 4:02 PM, Luke Howard wrote:
> 
> On 25/04/2013, at 10:55 PM, Sam Hartman <hartmans-ietf@mit.edu> 
> wrote:
> 
>> Yes. I'm fairly sure CAs will issue neither.
>> 
>> I'm definitely in favor of  SRV SAN over a URN for GSS service 
>> names. I thought you were talking about URI sans like 
>> xmpp://painless-security.com
> 
> No, that would introduce another set of mapping problems. URIs in
> GSS BrowserID look like urn:x-gss:spn where spn is a Kerberos-like 
> service name. For example, urn:x-gss:xmpp/painless-security.com.
> 
> Hopefully we can get a non-experimental URN assigned when we
> progress the draft (tips, anyone?)

Hi Luke,

I'm happy to help with that. It's really quite straightforward. See
RFC 3406 and draft-ietf-urnbis-rfc3406bis-urn-ns-reg-05.

Peter

P.S. Oh, and if I have my way, experimental URN namespaces will be
going away... :-)

http://tools.ietf.org/html/draft-ietf-urnbis-rfc3406bis-urn-ns-reg-05#section-5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRedcvAAoJEOoGpJErxa2p7EQQAKUMfLHVd9YOjO6HEPijUkeR
Bz+Kx5aMk2+wJLaf/kBP99olKshLUllXijRbFL8YRfkzdBpXie6eK49RB4Nw1zHe
9Ttz/ISbEaekzWwL9bO21RUhDwHVS7aEV0PqtUL8zAOzYaNyvOlwv0kBVlZ8iMBD
7t1txgnavZl5wcHUV0j/9oP+0dL0NcM4UYXk6rM5ipMIbTJD9g3y75VpLagm2iyq
1PsAZrmRmNJvI68CddHzEJvV9nBUskYPQJB4FHVFz439qExUrtC30Ax4++PPaIK9
gb2V3DEEh1ucrL9SFT7YlnBYYoy2H+dcCGyssLTTAiyrUxQoMR5/C977STRMEwU2
VWSas3imEFcLezWy1NQ7gC7ZsW98sRu4VnLYMaxgMABNb+iagBYOghYKL4MCC1Vz
51qQxYLztMu8vu1OgVNdpERGRjUbyBnP3Lwu0R85dnV9aEOBXhEzpVJ0GFEIwBW3
tjxVbE+B8gW7rCzg6lgzu6GwtrUTuFp5WsIlBoejJ/oF4zC/t2SXDh0g7iuLhGbh
n59NGQND4suqBgFylgic1NPJ/GCaD+XkNZ+IN20EP3p8UXCiG4ZfmS5C4M3tdOYX
hG13DKY3D2AbylBfeinRtIk/tJxaWYzb3kKPVio/IdefiafrR51PMTNAWCVZLLtC
EK78+YtcPocYeD6jdbKu
=St9Q
-----END PGP SIGNATURE-----