IETF Logo Mail Archive

Re: [pkix] EKU for intermediate certificates

Peter Bowen <pzbowen@gmail.com> Thu, 04 February 2016 18:11 UTC

Return-Path: <pzbowen@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 020741A9038 for <pkix@ietfa.amsl.com>; Thu, 4 Feb 2016 10:11:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWRfKZpt76SP for <pkix@ietfa.amsl.com>; Thu, 4 Feb 2016 10:11:46 -0800 (PST)
Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 876441A90B6 for <pkix@ietf.org>; Thu, 4 Feb 2016 10:11:44 -0800 (PST)
Received: by mail-pf0-x22f.google.com with SMTP id w123so52779621pfb.0 for <pkix@ietf.org>; Thu, 04 Feb 2016 10:11:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tMnhzkbK9LUrrWpl9DteEnYsh2hTmQ0Dh/c2G3I6HyU=; b=QmGbg5Nw1rxJMnVp1+X0WEGXxOv1OKy1tlLWiOfjqRHkWsszYhR8zGKLY3IypJMZAS 32gqcOA2kAQ1zRVy4z3QxTp7LwMky+eAm3JPNi5fBO5OO4Tfjnw7RjX13cahb4GtJB6f ZCvxIcrGfqmEBwra7xVwTPPe/GbQoDjK0kUNaUz/Dd+E28ZVIyqEnO4l81bwklW9amCj D03b8tlj0posaJ9ec52GU8meQezJaDVNAC4kxdjcJLtFgzV/zOEvFGW36jQ/nGet3Zfi ecubdXpqVtD4FLEeCpoN9360nPSsEeht6PqsD7cwa2eiM8eFj441KD8BWUmS/jAWDYcL ZURg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=tMnhzkbK9LUrrWpl9DteEnYsh2hTmQ0Dh/c2G3I6HyU=; b=J+beKycz/WlJjCbchKvDdnYtiN4m1GJC+s3NnuDCAOsNsJCoMxRpVLEW4Yu1a+uJNm g2RF1UJ8zz4ipPzWo925bscW9ux9Ek2phiRUz/2979jyXkQ6HA6HgNFxqCQLmcJoX1aF XuQbq8QRwFhnFxg8rBxqlbLYlfUJ+HeSJaqa28YhXrxn1XBChl6xrvAISba4UdoNUDXz sn9BsCAGszDK3tfj8CW961sgNCE5c5oo/nFPOcSVt+f5xp6quggfDyfiALLi/6uzn1To a8WSfA8PrLDxgUP0vCxO7LRkeVwGxpHFM84lrokC7JYbnhDuSeqrj3ndBWkQyEr+YOlS Sg2w==
X-Gm-Message-State: AG10YOQesyumdaFdXHdBwbpNg92e4zjsWeRkBZL1gYoPSLhc0k4T3lqP+sJzhhvJ0ZbGmTxov+dns3H3/MSdKQ==
MIME-Version: 1.0
X-Received: by 10.66.150.37 with SMTP id uf5mr13272903pab.30.1454609504242; Thu, 04 Feb 2016 10:11:44 -0800 (PST)
Received: by 10.66.142.193 with HTTP; Thu, 4 Feb 2016 10:11:44 -0800 (PST)
In-Reply-To: <D2D8FB5B.4B529%carl@redhoundsoftware.com>
References: <D2D8B816.4B461%carl@redhoundsoftware.com> <033501d15f64$a8a9e590$f9fdb0b0$@gmail.com> <CAK6vND-mnioLesh-Y6+CP2XBndszVx5yxiBnv6TnrEowcpf8FA@mail.gmail.com> <D2D8FB5B.4B529%carl@redhoundsoftware.com>
Date: Thu, 04 Feb 2016 10:11:44 -0800
Message-ID: <CAK6vND--xEoYyJrGx_TBCHRygWUDWCo8AzXjMW+uNFVw_VqO=A@mail.gmail.com>
From: Peter Bowen <pzbowen@gmail.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/vGWWbLdCa4wG_tT9DQZoutJZkcY>
Cc: "<pkix@ietf.org>" <pkix@ietf.org>
Subject: Re: [pkix] EKU for intermediate certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 18:11:47 -0000

On Thu, Feb 4, 2016 at 10:00 AM, Carl Wallace <carl@redhoundsoftware.com> wrote:
>
> On 2/4/16, 12:17 PM, "Peter Bowen" <pzbowen@gmail.com> wrote:
>
>>The CA/Browser Forum sets standards for Certification Authorities.  It
>>does not set requirements on implementers of path validation.
>
> Does this mean there would be no issue with defining a flag to allow for
> EKU semantics to be selected, since we now have two? Else we will rely on
> folklore to know which implementations do what.

If you are writing your own path validation code, I don't see why not.
You are welcome to code however you want.

Thanks,
Peter

v2.23.0 | Report a Bug | By Email