Re: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 20 February 2013 23:53 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36F2621E8030 for <pkix@ietfa.amsl.com>; Wed, 20 Feb 2013 15:53:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.425
X-Spam-Level:
X-Spam-Status: No, score=-2.425 tagged_above=-999 required=5 tests=[AWL=0.174, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zV7ehUohAcvW for <pkix@ietfa.amsl.com>; Wed, 20 Feb 2013 15:53:31 -0800 (PST)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.244]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD7521F86EC for <pkix@ietf.org>; Wed, 20 Feb 2013 15:53:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1361404410; x=1392940410; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=zZDKKo4WZwxyto2BzvoSF5Pwka/hQoqqqQBMk0TS/+c=; b=gaTbJ6AtcUSw/oNex3nBku41Gb3v2aYBiE6YsyzuBX2rLrcykbyWmEZy HtVBYSmuEK6RTg7k3Vd+mIqJSKhNdCGPBhxkJRVzRtbpv1hu7jufArFf9 liy8Kt3EpVcyWb3HpM5HttrAUOmqDuPARmGqO7P1cncwuHzrkkSBIE+IE c=;
X-IronPort-AV: E=Sophos;i="4.84,705,1355050800"; d="scan'208";a="171427506"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 21 Feb 2013 12:53:20 +1300
Received: from UXCN10-2.UoA.auckland.ac.nz ([169.254.2.108]) by uxchange10-fe2.UoA.auckland.ac.nz ([130.216.4.106]) with mapi id 14.02.0318.004; Thu, 21 Feb 2013 12:53:19 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.
Thread-Index: Ac4PxXWooc8wkjG9QW61eQS2vZ/m2w==
Date: Wed, 20 Feb 2013 23:53:19 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C733340EFFC@uxcn10-2.UoA.auckland.ac.nz>
Accept-Language: en-GB, en-NZ, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [pkix] A non-compliant use of the EKU extension in Mozilla's CA Certificate Policy Version 2.1.
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2013 23:53:32 -0000
Denis Pinkas <denis.pinkas@bull.net> writes: >I believe that you are missing a point in the standardization process: once >an OID has been defined, its semantics CANNOT be changed. So this means almost every bit of text since RFC 2459 is invalid or illegal or whatever happens when you change the semantics of an OID? There are OIDs for all sorts of things in there that have been modified and adapted in every RFC since then. >Thus the reality is not the one you describe, but the fact that large >companies are ignoring standards and it is time to let them understand that >the software they provide is not compliant with the standards. Lest the hand of God come down and smite them, because we all know how seriously God takes standards. Peter.
- [pkix] A non-compliant use of the EKU extension i… Denis Pinkas
- Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
- Re: [pkix] A non-compliant use of the EKU extensi… David A. Cooper
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
- Re: [pkix] A non-compliant use of the EKU extensi… Denis Pinkas
- Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- Re: [pkix] A non-compliant use of the EKU extensi… Santosh Chokhani
- Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
- Re: [pkix] A non-compliant use of the EKU extensi… Dr Stephen Henson
- Re: [pkix] A non-compliant use of the EKU extensi… Martin Rex
- Re: [pkix] A non-compliant use of the EKU extensi… Michael StJohns
- Re: [pkix] A non-compliant use of the EKU extensi… Michael StJohns
- Re: [pkix] A non-compliant use of the EKU extensi… Henry B. Hotz
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Gutmann
- Re: [pkix] A non-compliant use of the EKU extensi… Yoav Nir
- Re: [pkix] A non-compliant use of the EKU extensi… Erwann Abalea
- Re: [pkix] A non-compliant use of the EKU extensi… Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Peter Sylvester
- Re: [pkix] A non-compliant use of the EKU extensi… Piyush Jain
- [pkix] Agenda items for PKIX in Orlando Stefan Santesson
- Re: [pkix] A non-compliant use of the EKU extensi… Stephen Kent
- [pkix] PKIX WG's (lack of) agility to adopt missi… Martin Rex