Re: [TLS] Verifying X.509 Certificate Chains out of order

Axel.Heider@gi-de.com Tue, 07 October 2008 10:24 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADED628C16C; Tue, 7 Oct 2008 03:24:31 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C658C28C16C for <tls@core3.amsl.com>; Tue, 7 Oct 2008 03:24:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQvMg-gwSXM3 for <tls@core3.amsl.com>; Tue, 7 Oct 2008 03:24:30 -0700 (PDT)
Received: from mail.gi-de.com (mail.gi-de.com [193.108.184.25]) by core3.amsl.com (Postfix) with ESMTP id A4F9628C171 for <tls@ietf.org>; Tue, 7 Oct 2008 03:24:29 -0700 (PDT)
Received: from notessmtp1.domino.intern [10.4.4.49] by mail.gi-de.com id 00SXYD8J outgoing id 00SXYD8J; 07 Oct 2008 12:25:06 +0200
In-Reply-To: <E1Kmme1-0007As-9b@wintermute01.cs.auckland.ac.nz>
To: tls@ietf.org
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.3 HF655 May 16, 2008
Message-ID: <OFA7C97F56.78A3A28A-ONC12574DB.0038CFDF-C12574DB.00393A93@gi-de.com>
From: Axel.Heider@gi-de.com
Date: Tue, 7 Oct 2008 12:25:03 +0200
X-MIMETrack: Serialize by Router on NOTESSMTP1/SRV/GuD at 07.10.2008 12:25:06, Serialize complete at 07.10.2008 12:25:06
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

> I'd say modify it, in fact I'm not sure what the rationale for requiring 

> ordering was in the original spec, "it's tidier that way" doesn't strike 
me as 
> a good argument :-).

Consider TLS on low-end or embeddede devices with limited ressources. 
Walking through the chain becomes difficult or even impossible if 
there is no order. 

regards, 
Axel Heider
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls