IETF Logo Mail Archive

Re: [TLS] [certid] review of draft-saintandre-tls-server-id-check-09

Peter Saint-Andre <stpeter@stpeter.im> Wed, 06 October 2010 20:54 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21B5F3A71EB; Wed, 6 Oct 2010 13:54:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.552
X-Spam-Level:
X-Spam-Status: No, score=-102.552 tagged_above=-999 required=5 tests=[AWL=0.047, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rHrDFg0Scmi; Wed, 6 Oct 2010 13:54:42 -0700 (PDT)
Received: from stpeter.im (stpeter.im [207.210.219.233]) by core3.amsl.com (Postfix) with ESMTP id 2E6093A71FC; Wed, 6 Oct 2010 13:54:42 -0700 (PDT)
Received: from leavealone.cisco.com (72-163-0-129.cisco.com [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id D7C3540074; Wed, 6 Oct 2010 15:01:53 -0600 (MDT)
Message-ID: <4CACE24D.4060306@stpeter.im>
Date: Wed, 06 Oct 2010 14:55:41 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.9) Gecko/20100915 Thunderbird/3.1.4
MIME-Version: 1.0
To: IETF discussion list <ietf@ietf.org>, "tls@ietf.org" <tls@ietf.org>
References: <sdwrqpyo06.fsf@wjh.hardakers.net> <4C9A382F.80501@stpeter.im> <52B5123E-208D-44B6-BB95-92D5B44D4654@jpl.nasa.gov> <4CACE1C4.3000101@stpeter.im>
In-Reply-To: <4CACE1C4.3000101@stpeter.im>
X-Enigmail-Version: 1.1.1
OpenPGP: url=http://www.saint-andre.com/me/stpeter.asc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] [certid] review of draft-saintandre-tls-server-id-check-09
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2010 20:54:43 -0000

Double sorry, I meant to sent this only to the certid@ietf.org list:

https://www.ietf.org/mailman/listinfo/certid

On 10/6/10 2:53 PM, Peter Saint-Andre wrote:
> Sorry about the delayed reply, still catching up on list traffic here...
> 
> On 9/22/10 4:11 PM, Henry B. Hotz wrote:
>>
>> On Sep 22, 2010, at 10:09 AM, Peter Saint-Andre wrote:
>>
>>> 2.  A human user has explicitly agreed to trust a service that 
>>> provides mappings of source domains to target domains, such as a 
>>> dedicated discovery service or an identity service that securely 
>>> redirects requests from the source domain to a target domain 
>>> (however, such an arrangement is not encouraged and if a client 
>>> supports such a service then it needs to disable it by default and
>>> carefully warn the user about the possible negative consequences of
>>> trusting such a service).
>>
>>
>> Pure wordsmithing.  Make sure this still says what you want:
>>
>> 2.  A human user has explicitly agreed to trust a service that
>> provides mapping of source domains to target domains.  For example
>> the user may trust a dedicated discovery service or identity service
>> that securely redirects requests from the source to a target domain.
>>
>>
>> Such an arrangement is not encouraged.  If a client supports such a
>> service then it needs to disable it by default, and it MUST carefully
>> warn the user about the possible negative consequences of trusting
>> such a service.  
> 
> Just to close the loop, I think we had agreement to remove that
> paragraph, so no further wordsmithing required.
> 
> Peter
>

v2.23.0 | Report a Bug | By Email