[TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
"Stefan Santesson" <stefans@microsoft.com> Mon, 03 April 2006 23:08 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQY9R-0000C5-JH; Mon, 03 Apr 2006 19:08:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQY9Q-0000Bv-OR for tls@ietf.org; Mon, 03 Apr 2006 19:08:00 -0400
Received: from mail-eur1.microsoft.com ([213.199.128.139]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FQY9O-0002pR-Ei for tls@ietf.org; Mon, 03 Apr 2006 19:08:00 -0400
Received: from EUR-MSG-11.europe.corp.microsoft.com ([65.53.193.196]) by mail-eur1.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Apr 2006 00:07:57 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 04 Apr 2006 00:07:55 +0100
Message-ID: <BF9309599A71984CAC5BAC5ECA629944048E9907@EUR-MSG-11.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Last call comments for draft-santesson-tls-(ume-04,supp-00)
thread-index: AcZXMNuFCJ5G2HbVRSS7TaRmlAeEswAQZuvg
From: Stefan Santesson <stefans@microsoft.com>
To: Russ Housley <housley@vigilsec.com>, Pasi.Eronen@nokia.com
X-OriginalArrivalTime: 03 Apr 2006 23:07:57.0578 (UTC) FILETIME=[723836A0:01C65773]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Cc: tls@ietf.org
Subject: [TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Sometimes it is sufficient to specify the domain as the user name is provided by the cert but that cert is used to access multiple accounts in different domains. In other cases the full name@domain is needed. We chose to provide for both alternatives using the same hint type. This works well and I would prefer to keep it that way. Stefan Santesson Program Manager, Standards Liaison Windows Security > -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: den 3 april 2006 17:10 > To: Pasi.Eronen@nokia.com; Stefan Santesson > Cc: tls@ietf.org > Subject: RE: Last call comments for draft-santesson-tls-(ume-04,supp-00) > > Pasi: > > My comments were with respect to the user_principal_name within the > UpnDomainHint. Sorry for being ambiguous. > > Russ > > > >Russ Housley wrote: > > > > > > Pasi: > > > > > > >4) tls-ume: Would it make sense to define two UserMappingData types, > > > > one for "user@domain" and another one for just "domain", instead > > > > of combining them in one type? > > > > > > I do not think so. The name is user@domain. It would be meaningless > > > if only user was present, and t would me meaningless if only domain > > > was present. > > > >I don't know if it's meaningless or not, but the current draft does > >say that > > > > The UpnDomainHint MUST at least contain a non empty > > user_principal_name or a non empty domain_name. The UpnDomainHint > > MAY contain both user_principal_name and domain_name. > > > >In other words, one of the fields can be empty. And since the > >user_principal_name field is of the form "user@domain", > >it looks like the UpnDomainHint structure can actually contain > >two _different_ domain names. In other words, the spec does > >allow things like: > > > > UserMappingData { > > user_mapping_version = upn_domain_hint(0) > > UpnDomainHint { > > user_principal_name = "foo@example.com" > > domain_name = "bar.example.net" > > } > > } > > > >But the draft currently does not explain what this would mean, > >or what the domain-name-only hints are (perhaps they're "Host Mapping > >Data" for host certificates instead of user certs, or something). > >This needs to be clarified. > > > >Best regards, > >Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Pasi.Eronen
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Russ Housley
- [TLS] RE: Last call comments for draft-santesson-… Russ Housley
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson