Re: [TLS] Re: Russ Housley: Fwd: problems with draft-ietf-tls-openpgp-keys-10.txt

Eric Rescorla <ekr@networkresonance.com> Wed, 28 June 2006 22:38 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fvifs-0008Jz-TN; Wed, 28 Jun 2006 18:38:20 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fvifr-00088A-IJ for tls@lists.ietf.org; Wed, 28 Jun 2006 18:38:19 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fvifq-0005eG-7f for tls@lists.ietf.org; Wed, 28 Jun 2006 18:38:19 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 776BE1E8C1F; Wed, 28 Jun 2006 15:38:17 -0700 (PDT)
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Subject: Re: [TLS] Re: Russ Housley: Fwd: problems with draft-ietf-tls-openpgp-keys-10.txt
References: <20060626203923.59F81222426@laser.networkresonance.com> <200606270659.37003.nmav@gnutls.org> <p0623091bc0c6e270e1f7@[128.89.89.106]> <200606290020.10111.nmav@gnutls.org>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Wed, 28 Jun 2006 15:38:17 -0700
In-Reply-To: <200606290020.10111.nmav@gnutls.org> (Nikos Mavrogiannopoulos's message of "Thu, 29 Jun 2006 00:20:09 +0200")
Message-ID: <86y7vg52jq.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Cc: tls@lists.ietf.org, Stephen Kent <kent@bbn.com>
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Nikos Mavrogiannopoulos <nmav@gnutls.org>; writes:
> On Wed 28 Jun 2006 15:48, Stephen Kent wrote:
>> >RFC2818 is a document that proposes a way on how to use HTTP over
>> > TLS. This is not the purpose of this document.
>
>> TLS is the IETF version of SSL.  SSL, like PGP (vs. OPGP) was not
>> born in a standards environment, but rather existed prior to IETF
>> involvement. The description of how to use the ID data from an X.509
>> cert to provide authentication for a web server is an important part
>> of the semantics of SSL and TLS. 
>
> I disagree with that. Why do I have to cope with HTTP? I didn't write
> this extension to use openpgp keys with web browsers. Sure this could be
> done, but then the ones that need this functionality should write the
> rules. I am not interested in that.

I think I have to agree with Nikos here. TLS (2246 and 4346) are
deliberately agnostic about how to determine whether a certificate
matches the expected client or server. That is relegated to 
the upper layer protocol, in the case of HTTP it's described
in RFC 2818. So, I don't think that the document in question
needs to specify this.

-Ekr




_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls