[TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
"Stefan Santesson" <stefans@microsoft.com> Tue, 04 April 2006 09:24 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQhm9-0006Ow-Io; Tue, 04 Apr 2006 05:24:37 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQhm9-0006Or-6w for tls@ietf.org; Tue, 04 Apr 2006 05:24:37 -0400
Received: from mail-eur.microsoft.com ([213.199.128.145]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FQhm8-0004OG-T1 for tls@ietf.org; Tue, 04 Apr 2006 05:24:37 -0400
Received: from EUR-MSG-11.europe.corp.microsoft.com ([65.53.193.196]) by mail-eur.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Apr 2006 10:24:36 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 04 Apr 2006 10:24:32 +0100
Message-ID: <BF9309599A71984CAC5BAC5ECA629944048E9BB0@EUR-MSG-11.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Last call comments for draft-santesson-tls-(ume-04,supp-00)
thread-index: AcZXMNuFCJ5G2HbVRSS7TaRmlAeEswAQZuvgABV7OUAAAEnKQA==
From: Stefan Santesson <stefans@microsoft.com>
To: Pasi.Eronen@nokia.com, housley@vigilsec.com
X-OriginalArrivalTime: 04 Apr 2006 09:24:36.0009 (UTC) FILETIME=[9700C190:01C657C9]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7fa173a723009a6ca8ce575a65a5d813
Cc: tls@ietf.org
Subject: [TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Will do. Stefan Santesson Program Manager, Standards Liaison Windows Security > -----Original Message----- > From: Pasi.Eronen@nokia.com [mailto:Pasi.Eronen@nokia.com] > Sent: den 4 april 2006 11:17 > To: Stefan Santesson; housley@vigilsec.com > Cc: tls@ietf.org > Subject: RE: Last call comments for draft-santesson-tls-(ume-04,supp-00) > > Stefan, > > Thanks for the clarification. Please include text about this > in the draft as well. > > Best regards, > Pasi > > > -----Original Message----- > > From: ext Stefan Santesson [mailto:stefans@microsoft.com] > > Sent: 04 April, 2006 02:08 > > To: Russ Housley; Eronen Pasi (Nokia-NRC/Helsinki) > > Cc: tls@ietf.org > > Subject: RE: Last call comments for > > draft-santesson-tls-(ume-04,supp-00) > > > > Sometimes it is sufficient to specify the domain as the user name is > > provided by the cert but that cert is used to access multiple accounts > > in different domains. In other cases the full name@domain is needed. > > > > We chose to provide for both alternatives using the same hint type. > > This works well and I would prefer to keep it that way. > > > > > > Stefan Santesson > > Program Manager, Standards Liaison > > Windows Security > > > > > > > -----Original Message----- > > > From: Russ Housley [mailto:housley@vigilsec.com] > > > Sent: den 3 april 2006 17:10 > > > To: Pasi.Eronen@nokia.com; Stefan Santesson > > > Cc: tls@ietf.org > > > Subject: RE: Last call comments for > > draft-santesson-tls-(ume-04,supp-00) > > > > > > Pasi: > > > > > > My comments were with respect to the user_principal_name within the > > > UpnDomainHint. Sorry for being ambiguous. > > > > > > Russ > > > > > > > > > >Russ Housley wrote: > > > > > > > > > > Pasi: > > > > > > > > > > >4) tls-ume: Would it make sense to define two UserMappingData > > types, > > > > > > one for "user@domain" and another one for just "domain", > > instead > > > > > > of combining them in one type? > > > > > > > > > > I do not think so. The name is user@domain. It would be > > meaningless > > > > > if only user was present, and t would me meaningless if only > > domain > > > > > was present. > > > > > > > >I don't know if it's meaningless or not, but the current draft does > > > >say that > > > > > > > > The UpnDomainHint MUST at least contain a non empty > > > > user_principal_name or a non empty domain_name. The > > UpnDomainHint > > > > MAY contain both user_principal_name and domain_name. > > > > > > > >In other words, one of the fields can be empty. And since the > > > >user_principal_name field is of the form "user@domain", > > > >it looks like the UpnDomainHint structure can actually contain > > > >two _different_ domain names. In other words, the spec does > > > >allow things like: > > > > > > > > UserMappingData { > > > > user_mapping_version = upn_domain_hint(0) > > > > UpnDomainHint { > > > > user_principal_name = "foo@example.com" > > > > domain_name = "bar.example.net" > > > > } > > > > } > > > > > > > >But the draft currently does not explain what this would mean, > > > >or what the domain-name-only hints are (perhaps they're > > "Host Mapping > > > >Data" for host certificates instead of user certs, or something). > > > >This needs to be clarified. > > > > > > > >Best regards, > > > >Pasi > > > > _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Pasi.Eronen
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Russ Housley
- [TLS] RE: Last call comments for draft-santesson-… Russ Housley
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson