Re: [kitten] BrowserID mutual auth
mrex@sap.com (Martin Rex) Fri, 26 April 2013 16:59 UTC
Return-Path: <mrex@sap.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DACFE21F9A6C for <kitten@ietfa.amsl.com>; Fri, 26 Apr 2013 09:59:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.249
X-Spam-Level:
X-Spam-Status: No, score=-10.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YO1Bf2YPPtvr for <kitten@ietfa.amsl.com>; Fri, 26 Apr 2013 09:59:37 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id 005C621F99D1 for <kitten@ietf.org>; Fri, 26 Apr 2013 09:59:36 -0700 (PDT)
Received: from mail06.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id r3QGxZdT007494 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 26 Apr 2013 18:59:35 +0200 (MEST)
In-Reply-To: <5179D72F.1070209@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
Date: Fri, 26 Apr 2013 18:59:34 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130426165934.DFF0B1A6D6@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "kitten@ietf.org" <kitten@ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>, Nico Williams <Nico103@gmail.com>
Subject: Re: [kitten] BrowserID mutual auth
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 16:59:38 -0000
A simple comment on use of "urn" in cert SANs. It seems to be currently impossible to constrain "urn" SAN by name contraints in X.509v3 certs. >From a recent PKIX discussion: http://www.ietf.org/mail-archive/web/pkix/current/msg32574.html -Martin Peter Saint-Andre wrote: > > Luke Howard wrote: > > > > On 25/04/2013, at 10:55 PM, Sam Hartman <hartmans-ietf@mit.edu> > > wrote: > > > >> Yes. I'm fairly sure CAs will issue neither. > >> > >> I'm definitely in favor of SRV SAN over a URN for GSS service > >> names. I thought you were talking about URI sans like > >> xmpp://painless-security.com > > > > No, that would introduce another set of mapping problems. URIs in > > GSS BrowserID look like urn:x-gss:spn where spn is a Kerberos-like > > service name. For example, urn:x-gss:xmpp/painless-security.com. > > > > Hopefully we can get a non-experimental URN assigned when we > > progress the draft (tips, anyone?) > > Hi Luke, > > I'm happy to help with that. It's really quite straightforward. See > RFC 3406 and draft-ietf-urnbis-rfc3406bis-urn-ns-reg-05. > > Peter > > P.S. Oh, and if I have my way, experimental URN namespaces will be > going away... :-) > > http://tools.ietf.org/html/draft-ietf-urnbis-rfc3406bis-urn-ns-reg-05#section-5
- Re: [kitten] BrowserID mutual auth Martin Rex
- [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Martin Rex
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Larry Zhu
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Jim Schaad
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Peter Saint-Andre
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Jeffrey Hutzelman
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Sam Hartman
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Sam Hartman
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Sam Hartman
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Nico Williams
- Re: [kitten] BrowserID mutual auth Peter Saint-Andre
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Peter Saint-Andre
- Re: [kitten] BrowserID mutual auth Martin Rex
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard
- Re: [kitten] BrowserID mutual auth Luke Howard