IETF Logo Mail Archive

[TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)

<Pasi.Eronen@nokia.com> Mon, 03 April 2006 14:44 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQQIW-0008UA-QY; Mon, 03 Apr 2006 10:44:52 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQQIU-0008U2-Py for tls@ietf.org; Mon, 03 Apr 2006 10:44:50 -0400
Received: from mgw-ext13.nokia.com ([131.228.20.172]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FQQIT-0005HS-Aw for tls@ietf.org; Mon, 03 Apr 2006 10:44:50 -0400
Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145]) by mgw-ext13.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k33EiAEk025899; Mon, 3 Apr 2006 17:44:12 +0300
Received: from esebh101.NOE.Nokia.com ([172.21.138.177]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Apr 2006 17:44:45 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Apr 2006 17:44:45 +0300
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 03 Apr 2006 17:44:44 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F24027516FE@esebe105.NOE.Nokia.com>
In-Reply-To: <7.0.0.16.2.20060403095031.0574bc48@vigilsec.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Last call comments for draft-santesson-tls-(ume-04,supp-00)
Thread-Index: AcZXKxwVIhUpVvlbSJqb0qZDMjQMdwAAEBBQ
From: Pasi.Eronen@nokia.com
To: housley@vigilsec.com, stefans@microsoft.com
X-OriginalArrivalTime: 03 Apr 2006 14:44:45.0076 (UTC) FILETIME=[26160540:01C6572D]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc: tls@ietf.org
Subject: [TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Russ Housley wrote:
> 
> Pasi:
> 
> >4) tls-ume: Would it make sense to define two UserMappingData types,
> >    one for "user@domain" and another one for just "domain", instead
> >    of combining them in one type?
> 
> I do not think so.  The name is user@domain.  It would be meaningless 
> if only user was present, and t would me meaningless if only domain 
> was present.

I don't know if it's meaningless or not, but the current draft does 
say that 

   The UpnDomainHint MUST at least contain a non empty 
   user_principal_name or a non empty domain_name. The UpnDomainHint 
   MAY contain both user_principal_name and domain_name.

In other words, one of the fields can be empty. And since the 
user_principal_name field is of the form "user@domain",
it looks like the UpnDomainHint structure can actually contain
two _different_ domain names. In other words, the spec does
allow things like:

  UserMappingData {
    user_mapping_version = upn_domain_hint(0)
    UpnDomainHint {
      user_principal_name = "foo@example.com"
      domain_name = "bar.example.net"
    }
  }
    
But the draft currently does not explain what this would mean,
or what the domain-name-only hints are (perhaps they're "Host Mapping
Data" for host certificates instead of user certs, or something). 
This needs to be clarified.

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email