Re: [pkix] Whitelisting
"Piyush Jain" <piyush@ditenity.com> Fri, 17 May 2013 15:06 UTC
Return-Path: <piyush@ditenity.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0334121F961F for <pkix@ietfa.amsl.com>; Fri, 17 May 2013 08:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.766
X-Spam-Level:
X-Spam-Status: No, score=-2.766 tagged_above=-999 required=5 tests=[AWL=-0.167, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SlZGyRVrRfa7 for <pkix@ietfa.amsl.com>; Fri, 17 May 2013 08:06:16 -0700 (PDT)
Received: from mail-gg0-x22b.google.com (mail-gg0-x22b.google.com [IPv6:2607:f8b0:4002:c02::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 6ECD221F961D for <pkix@ietf.org>; Fri, 17 May 2013 08:06:16 -0700 (PDT)
Received: by mail-gg0-f171.google.com with SMTP id h13so885444ggd.2 for <pkix@ietf.org>; Fri, 17 May 2013 08:06:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:content-language:x-gm-message-state; bh=M/mBH1dUtfkKn6bQstXLIcwt03KsU6wsY7O7irv6V/w=; b=Xi2H4KZ0LOwUgguzamlR/Pwoy1bfCII4Cmppoj86MO+oLpnrv4s0asQPaozxRg+FrT jy9KBQ1K+wKEXITIi7McHTg0BaH/Mik2zx/aTcF0dureTrv19WJjAB8cZcfOGFHUTPiK gwgmjl7A5DE3r/kBqyD/NbzgWKhNyH+gr0XXGdcEXw+tBmpE7eIPwNbkbEHOQYowTB2Y yDlDKchBOEHAl8v+B3cI+2dlZwMcJ/IySTV/kdXbufmund2dCfFLngjKxMERzoq7ExfR Y7o4ohOc0hrJ3QxR7wxbj5JThTvNncIoAmF9UFeLbYZkKZhrmLikyhlr5X+a2CQS/idF oPgQ==
X-Received: by 10.236.145.136 with SMTP id p8mr18179499yhj.74.1368803175611; Fri, 17 May 2013 08:06:15 -0700 (PDT)
Received: from piyushlaptop (75-25-128-241.lightspeed.sjcpca.sbcglobal.net. [75.25.128.241]) by mx.google.com with ESMTPSA id v27sm18000482yhj.12.2013.05.17.08.06.13 for <multiple recipients> (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Fri, 17 May 2013 08:06:14 -0700 (PDT)
From: Piyush Jain <piyush@ditenity.com>
To: 'Adam Langley' <agl@google.com>, 'Erik Andersen' <era@x500.eu>
References: <CA+i=0E5iuZB49BxPUhp2cwMhqRxBSb9aom0MMOF79OdjpU7XCg@mail.gmail.com> <20130517140955.551F21A740@ld9781.wdf.sap.corp> <004701ce530b$2bcca2a0$8365e7e0$@eu> <CAL9PXLzsejiA4pKciB17gt+ijy4EQ2h15mAMUvbG-GeXaCSNDg@mail.gmail.com>
In-Reply-To: <CAL9PXLzsejiA4pKciB17gt+ijy4EQ2h15mAMUvbG-GeXaCSNDg@mail.gmail.com>
Date: Fri, 17 May 2013 08:06:11 -0700
Message-ID: <008101ce5310$12808dc0$3781a940$@ditenity.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHEunm5SQnDNXNrJ8dFFMT/1C4lVAJhV2ZVAYrw94sCRGbwbJjrJZ3g
Content-Language: en-us
X-Gm-Message-State: ALoCoQnxu6g6oNPYFHRw0GzoIYPai03XhhLuuVPaDos3sQsRaYaBqZFIaZToF09eZp6It6LY8FLe
Cc: 'PKIX' <pkix@ietf.org>
Subject: Re: [pkix] Whitelisting
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2013 15:06:17 -0000
And this http://tools.ietf.org/html/draft-perrin-tls-tack-02 > -----Original Message----- > From: pkix-bounces@ietf.org [mailto:pkix-bounces@ietf.org] On Behalf Of > Adam Langley > Sent: Friday, May 17, 2013 7:36 AM > To: Erik Andersen > Cc: PKIX > Subject: Re: [pkix] Whitelisting > > On Fri, May 17, 2013 at 10:31 AM, Erik Andersen <era@x500.eu> wrote: > > The reason I am asking is that I am sitting with a document that I am > > commenting. It says: > > > > "In certain deployments, additional support is necessary to further > > restrict the usage of certificates based on their serial numbers and > > issuers. This restriction is known as certificate white listing or > > certificate pinning, and is currently being defined in the IETF" > > > > I was trying to find out whether that is true and if yes, what the > > status is. > > It is possibly this document: > https://tools.ietf.org/html/draft-ietf-websec-key-pinning-04 > > > Cheers > > AGL > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix
- Re: [pkix] Update need to RFC 3739 Stefan Santesson
- Re: [pkix] Update need to RFC 3739 Denis
- Re: [pkix] Update need to RFC 3739 Stefan Santesson
- Re: [pkix] Update need to RFC 3739 Russ Housley
- [pkix] Whitelisting Erik Andersen
- Re: [pkix] Whitelisting Erwann Abalea
- Re: [pkix] Whitelisting Martin Rex
- Re: [pkix] Whitelisting Erik Andersen
- Re: [pkix] Whitelisting Adam Langley
- Re: [pkix] Whitelisting Piyush Jain
- Re: [pkix] Whitelisting Peter Gutmann
- Re: [pkix] Whitelisting Stefan Santesson
- [pkix] Update need to RFC 3739 Stefan Santesson
- Re: [pkix] Update need to RFC 3739 Denis
- Re: [pkix] Update need to RFC 3739 Stefan Santesson
- Re: [pkix] Update need to RFC 3739 Denis
- Re: [pkix] Update need to RFC 3739 Stefan Santesson
- Re: [pkix] Update need to RFC 3739 Denis
- Re: [pkix] Update need to RFC 3739 Stefan Santesson
- [pkix] PKIX closing down? Johannes Merkle
- Re: [pkix] PKIX closing down? Stefan Santesson
- Re: [pkix] PKIX closing down? Sean Turner