Re: [TLS] Update spec to match current practices for certificate chain order

Fabrice Gautier <fabrice.gautier@gmail.com> Thu, 07 May 2015 19:21 UTC

Return-Path: <fabrice.gautier@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 878BB1A87CE for <tls@ietfa.amsl.com>; Thu, 7 May 2015 12:21:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id adf-xHYFIvcZ for <tls@ietfa.amsl.com>; Thu, 7 May 2015 12:21:40 -0700 (PDT)
Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F143D1A87C1 for <tls@ietf.org>; Thu, 7 May 2015 12:21:39 -0700 (PDT)
Received: by igbyr2 with SMTP id yr2so2827372igb.0 for <tls@ietf.org>; Thu, 07 May 2015 12:21:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rY1/yuT8d0f1EdJZFfKio2ieqVZ7vQ+o/YroF1n/0Uw=; b=SfPI2i/htrrCpTJpVQkM7bjKoOsLISXY8e8LNJEDpBF5IxAXjKvl/lbdEXvhCNX3KM INgx9jaL5x+HcUCQvsQ/lsG6wZqZPQ2qlW1qwxys85vc1h7Vt25Kfb8ojqh5X6BoJKUR wc1gn/W69V5bNbWLaesrAtwKbljT3HNCMnO04OnGwVXDe2wDBj/1QMLVNQYNboV+WfV5 sa1eSuaR1qxSXgOZUHMi4Fk/BZpE6n17kvH22EC+aUMm3mRJlARX0J6ECSB552ReWoYL oSdIPGqccvLsV79gw3a0JUroH0eM51Y80yJexRM4qmU8JegfYplbUUlxBgPjhhOXMNjz I+uQ==
X-Received: by 10.42.213.136 with SMTP id gw8mr123844icb.95.1431026499461; Thu, 07 May 2015 12:21:39 -0700 (PDT)
Received: from [10.0.1.4] (c-73-15-172-83.hsd1.ca.comcast.net. [73.15.172.83]) by mx.google.com with ESMTPSA id o2sm2160802igr.9.2015.05.07.12.21.38 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 07 May 2015 12:21:38 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Fabrice Gautier <fabrice.gautier@gmail.com>
X-Mailer: iPhone Mail (12H93)
In-Reply-To: <201505071435.15754.davemgarrett@gmail.com>
Date: Thu, 7 May 2015 12:21:37 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <DC88C889-995A-4E44-89CF-9692DC17F49C@gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C73AB0165D9@uxcn10-tdc05.UoA.auckland.ac.nz> <20150507155147.GO17272@mournblade.imrryr.org> <f06dfb0c50e3044f85a52ffa55089f2c.squirrel@webmail.dreamhost.com> <201505071435.15754.davemgarrett@gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/E11fDxjFR9NmXwgb95UKUM0b29w>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Update spec to match current practices for certificate chain order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 May 2015 19:21:41 -0000


> On May 7, 2015, at 11:35, Dave Garrett <davemgarrett@gmail.com> wrote:
> 
> so either the spec needs updating to reality or everyone should be adding new security errors to break it. The former makes more sense.

How about fixing the servers ?

-- Fabrice