Re: [TLS] Eleven out of every ten SSL certs aren't valid

aerowolf@gmail.com Wed, 30 June 2010 21:08 UTC

DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:date:message-id:subject:mime-version:content-type; b=xcT8vzZ0lTyJDLxc8qvQ2gLOlK01foMDE3V1E3XcFrs+DcknBG54cxvQwl8rhOjWZ+ F4LGhmjotSooy0snSwB+nkC8//roeUOjfmJY3p90be3OajUFwbGag+81deAcjFEVyL0S /E3vILIh79CKQT75K8tHMYLd9AKtWCZRumFOk=
From: aerowolf@gmail.com
To: Joshua Davies <joshua.davies@travelocity.com>
Date: Wed, 30 Jun 2010 14:08:35 -0700
Message-ID: <gb2nsbd7zdhn30iyccJYNxe982v3j_gmsm@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="gmsm0.4.7eqgb2nshwezsblf0hckr2"
Cc: tls@ietf.org
Subject: Re: [TLS] Eleven out of every ten SSL certs aren't valid
Precedence: list

On Tue, Jun 29, 2010 at 8:43 AM, Joshua Davies <joshua.davies@travelocity.com> wrote:

Well, ok, but... why listen on port 443 if you don't plan to support SSL in the first place? I doubt that http://oracle.com" target="_blank" rel="nofollow">oracle.com is being run from a shared-hosting site. Most likely it's Akamai that's doing something that doesn't mix well with TLS; Oracle may not care, but this, I would think, would be of some interest to the IETF TLS working group...

Does it matter if someone decides to use 443 for a purpose other than HTTP with TLS/SSL transport?

And besides, the entire concept of "valid certificates" isn't exactly one for tls@ietf.org, it's one for pkix@ietf.org. The people who have created a protocol which has a mode where neither party authenticates itself should not be held liable for sites that choose not to authenticate themselves in a manner based on an *informational* RFC.

-Kyle H

Attachment: smime.p7s

Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
[TLS] Eleven out of every ten SSL certs aren't va… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Adam Langley
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Joshua Davies
Re: [TLS] Eleven out of every ten SSL certs aren'… Yoav Nir
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… Rob P Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Nikos Mavrogiannopoulos
Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Daskaluk
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Tim Dierks
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… Jeffrey A. Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
Re: [TLS] Eleven out of every ten SSL certs aren'… Bill Frantz
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Ivan Ristic
Re: [TLS] Eleven out of every ten SSL certs aren'… Florian Weimer
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Bruno Harbulot
Re: [TLS] Eleven out of every ten SSL certs aren'… Blumenthal, Uri - 0668 - MITLL
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Steffen Schulz
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… aerowolf
Re: [TLS] Eleven out of every ten SSL certs aren'… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Seth David Schoen
Re: [TLS] Eleven out of every ten SSL certs aren'… Nicolas Williams
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… Martin Rex
Re: [TLS] Eleven out of every ten SSL certs aren'… =JeffH
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] Eleven out of every ten SSL certs aren'… Steingruebl, Andy
[TLS] TLS, PKI, and web security. Was: Eleven out… Marsh Ray
Re: [TLS] Eleven out of every ten SSL certs aren'… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Robert Relyea
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Bruno Harbulot
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Robert Relyea
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Bruno Harbulot
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Yoav Nir
Re: [TLS] TLS, PKI, Yoav Nir
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Bruno Harbulot
Re: [TLS] TLS, PKI, Robert Relyea
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Steingruebl, Andy
Re: [TLS] TLS, PKI, Kyle Hamilton
Re: [TLS] TLS, PKI, Marsh Ray
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, Bruno Harbulot
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Marsh Ray
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Ralph Holz
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Yoav Nir
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Nasko Oskov
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Martin Rex
Re: [TLS] TLS, PKI, Peter Gutmann
Re: [TLS] TLS, PKI, and web security. Was: Eleven… Kyle Hamilton

Re: [TLS] Eleven out of every ten SSL certs aren't valid

Attachment: smime.p7s