IETF Logo Mail Archive

Re: [pkix] EKU for intermediate certificates

Carl Wallace <carl@redhoundsoftware.com> Thu, 04 February 2016 18:19 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B50291AC3EF for <pkix@ietfa.amsl.com>; Thu, 4 Feb 2016 10:19:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id om5Q8fGtSrkA for <pkix@ietfa.amsl.com>; Thu, 4 Feb 2016 10:19:52 -0800 (PST)
Received: from mail-qg0-x232.google.com (mail-qg0-x232.google.com [IPv6:2607:f8b0:400d:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 280521AC3F0 for <pkix@ietf.org>; Thu, 4 Feb 2016 10:19:52 -0800 (PST)
Received: by mail-qg0-x232.google.com with SMTP id o11so48410496qge.2 for <pkix@ietf.org>; Thu, 04 Feb 2016 10:19:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware-com.20150623.gappssmtp.com; s=20150623; h=user-agent:date:subject:from:to:cc:message-id:thread-topic :references:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=fhhxljEpZ5Xk8Qe8dDDaZqkWVi2nP0d9xWyVWVeWv+I=; b=uQIlXtnUA6K5KNqcAn/cKu196++3Lr0/+KrQn/nVAoRkN5puYWO+oN5Z+kCZSPvlGf cStuHEyEax92tMA+5xwupOVav0yKhD6I1D/Pp72grvhLMRCRwRkSUweFmwhCtXGxxfA9 RcoR8kHowu9McF6XslNyo8mcQNLDzzc7hVDueYG9qlMsUacgC6srTtOjH8OPMd6XIa31 7EBIswAj5lzy67bcj3bJNn/Y3iWBI2HY7vDJJaMoMi2QihHES0MP9CUOJiye2jPcHgGL fKCn488fbD4xq0BMpH4VVh4IhKZbmALTSBI/HhBOOMLo8Tb9NRmhHELlPfUWXQ0PAhX2 LcnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:references:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=fhhxljEpZ5Xk8Qe8dDDaZqkWVi2nP0d9xWyVWVeWv+I=; b=QolC6YB/Bs+z6I/eruhfmmCkFET1jBxDbMgMAgn7uvBVYNMQCCMrE5tdpNjbBEA0b7 YJ1ShI8ttHZxonCl/CnrKoxFAujmgZR6WDIf2/E1w2VwZ/jJsxHKvjORZRbD2CTpRWPp Cssljoev523000/YMvfbQszdZK2AjPBqGE/xpuqBnVZfqvOK2zkLBKT6FdZ36pKeEccs tqT/2MKckDZ7LqssnhBmpNAbakoI4UYLHJVqxouEQKqlubMRIphzVHbXQQdOBUdUPSJS 6FQUjxYAzg3mMscIEhpgLhTWnkNBdUhZee7AraI/qG+c+Afc4RM6UhvBkHW5yIIc5kAH LfiA==
X-Gm-Message-State: AG10YOSRkVOmgAMCZN/LIkxX0bFAq1b1HV2HTUKt/LURjomg2AZoGlWIbyJL8O90lKCeiw==
X-Received: by 10.140.23.81 with SMTP id 75mr10947096qgo.35.1454609991289; Thu, 04 Feb 2016 10:19:51 -0800 (PST)
Received: from [192.168.2.27] (pool-96-255-23-4.washdc.fios.verizon.net. [96.255.23.4]) by smtp.gmail.com with ESMTPSA id q29sm5775032qkl.8.2016.02.04.10.19.48 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 04 Feb 2016 10:19:50 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.5.8.151023
Date: Thu, 04 Feb 2016 13:19:46 -0500
From: Carl Wallace <carl@redhoundsoftware.com>
To: Peter Bowen <pzbowen@gmail.com>
Message-ID: <D2D90066.4B539%carl@redhoundsoftware.com>
Thread-Topic: [pkix] EKU for intermediate certificates
References: <D2D8B816.4B461%carl@redhoundsoftware.com> <033501d15f64$a8a9e590$f9fdb0b0$@gmail.com> <CAK6vND-mnioLesh-Y6+CP2XBndszVx5yxiBnv6TnrEowcpf8FA@mail.gmail.com> <D2D8FB5B.4B529%carl@redhoundsoftware.com> <CAK6vND--xEoYyJrGx_TBCHRygWUDWCo8AzXjMW+uNFVw_VqO=A@mail.gmail.com>
In-Reply-To: <CAK6vND--xEoYyJrGx_TBCHRygWUDWCo8AzXjMW+uNFVw_VqO=A@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/vwalDSx26vDfjicdV-0PbEwV9fQ>
Cc: "<pkix@ietf.org>" <pkix@ietf.org>
Subject: Re: [pkix] EKU for intermediate certificates
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 18:19:53 -0000

That rather misses the point, no? But you know that.

On 2/4/16, 1:11 PM, "Peter Bowen" <pzbowen@gmail.com> wrote:

>On Thu, Feb 4, 2016 at 10:00 AM, Carl Wallace <carl@redhoundsoftware.com>
>wrote:
>>
>> On 2/4/16, 12:17 PM, "Peter Bowen" <pzbowen@gmail.com> wrote:
>>
>>>The CA/Browser Forum sets standards for Certification Authorities.  It
>>>does not set requirements on implementers of path validation.
>>
>> Does this mean there would be no issue with defining a flag to allow for
>> EKU semantics to be selected, since we now have two? Else we will rely
>>on
>> folklore to know which implementations do what.
>
>If you are writing your own path validation code, I don't see why not.
>You are welcome to code however you want.
>
>Thanks,
>Peter

v2.23.0 | Report a Bug | By Email