Re: [TLS] X509 extension to specify use for only one origin?
Sean Leonard <dev+ietf@seantek.com> Fri, 11 March 2016 02:06 UTC
Return-Path: <dev+ietf@seantek.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C600A12DFB2 for <tls@ietfa.amsl.com>; Thu, 10 Mar 2016 18:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nU-QoK3J1EUy for <tls@ietfa.amsl.com>; Thu, 10 Mar 2016 18:06:43 -0800 (PST)
Received: from mxout-08.mxes.net (mxout-08.mxes.net [216.86.168.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5062912DFB0 for <tls@ietf.org>; Thu, 10 Mar 2016 18:06:43 -0800 (PST)
Received: from [192.168.123.7] (unknown [75.83.2.34]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 55CF1509B5 for <tls@ietf.org>; Thu, 10 Mar 2016 21:06:42 -0500 (EST)
To: tls@ietf.org
References: <E52FE3EA-AC0A-4CEA-885F-E6558889170F@bblfish.net> <CABcZeBN4zaencMb=TKuB4Qk3B2b09D7Vv=XR2LZvSDRLwng0pw@mail.gmail.com> <7656CF21-B80B-4378-8248-80F4A596151E@bblfish.net> <CABcZeBMGFWaDDPqnzjPRxmYAdyaX_yh+xe5nhpfM2gCpbUn7_Q@mail.gmail.com> <5dd98cb1073c46dd9a69f7ecd6450126@usma1ex-dag1mb1.msg.corp.akamai.com>
From: Sean Leonard <dev+ietf@seantek.com>
Message-ID: <56E227A7.7010300@seantek.com>
Date: Thu, 10 Mar 2016 18:04:23 -0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <5dd98cb1073c46dd9a69f7ecd6450126@usma1ex-dag1mb1.msg.corp.akamai.com>
Content-Type: multipart/alternative; boundary="------------040604070604070906050108"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/MS_MmuvI6LN0hnQDNNOGEIL_jGY>
Subject: Re: [TLS] X509 extension to specify use for only one origin?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 02:06:45 -0000
I think it is interesting. A good place to take it up is the pkix mailing list anyway. See what people say. As far as experimenting, it is not difficult to create a new X.509/PKIX extension. Just create an OID for your experimental use in whatever arc you have at your disposal, and go. Sean On 3/9/2016 8:41 AM, Salz, Rich wrote: > > On the other hand, while it’s not a TLS issue per-se, this is the > place most likely to have folks who care and are interested. > > -- > > Senior Architect, Akamai Technologies > > IM: richsalz@jabber.at Twitter: RichSalz > >
- [TLS] X509 extension to specify use for only one … Henry Story
- Re: [TLS] X509 extension to specify use for only … Eric Rescorla
- Re: [TLS] X509 extension to specify use for only … Henry Story
- Re: [TLS] X509 extension to specify use for only … Eric Rescorla
- Re: [TLS] X509 extension to specify use for only … Salz, Rich
- Re: [TLS] X509 extension to specify use for only … Sean Leonard