[TLS] 答复: Re: concers about draft-balfanz-tls-obc
zhou.sujing@zte.com.cn Fri, 18 November 2011 09:44 UTC
Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A037821F8549 for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 01:44:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -96.615
X-Spam-Level:
X-Spam-Status: No, score=-96.615 tagged_above=-999 required=5 tests=[AWL=-3.825, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_GB2312=1.345, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fyyWIRl3nCF for <tls@ietfa.amsl.com>; Fri, 18 Nov 2011 01:44:18 -0800 (PST)
Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 9FB9421F850B for <tls@ietf.org>; Fri, 18 Nov 2011 01:44:17 -0800 (PST)
Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 566901626001193; Fri, 18 Nov 2011 17:32:11 +0800 (CST)
Received: from [10.30.3.20] by [192.168.168.16] with StormMail ESMTP id 76252.3121279582; Fri, 18 Nov 2011 17:43:58 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id pAI9i61c084532; Fri, 18 Nov 2011 17:44:06 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <CAJU7zaL53sFXAV3BOk_+vb8_DhWYU5sQL56rGowA=kFz0X6i2A@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
MIME-Version: 1.0
X-KeepSent: 600653FF:BB3D96FD-4825794C:0035462E; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OF600653FF.BB3D96FD-ON4825794C.0035462E-4825794C.00357B59@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Fri, 18 Nov 2011 17:43:51 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2011-11-18 17:44:08, Serialize complete at 2011-11-18 17:44:08
Content-Type: multipart/alternative; boundary="=_alternative 00357B584825794C_="
X-MAIL: mse01.zte.com.cn pAI9i61c084532
Cc: n.mavrogiannopoulos@gmail.com, tls@ietf.org
Subject: [TLS] 答复: Re: concers about draft-balfanz-tls-obc
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2011 09:44:18 -0000
n.mavrogiannopoulos@gmail.com 写于 2011-11-18 17:19:21: > On Fri, Nov 18, 2011 at 10:10 AM, <zhou.sujing@zte.com.cn> wrote: > > Hi, > > I don't think the origin-bound-certificate is meaningful. > > The reasons are: > > 1. CA signed client certificate is used to authenticate the client user, > > now it is replaced by a self-signed certificate, how can a server trust or > > authenticate a self confirmed user? > > Isn't it the current situation in web sites? Aren't all popular web > site's users self confirmed? Not in the case of bank website. the certificate may be signed by the bank but defntly not by the client user self. > > > 2. If client authentication is not required, then there is neither need > > to send a self-signed certificate. > > I don't think that the draft asks for client to be authenticated when > client authentication is not required. > > > 3. To the goal of bindling cookie with self-signed certificate, the > > ordinary CA signed certificates also work. > > At a cost that no-one is willing to pay (not only monetary, but also > the cost of proving yourself to the CA --or the CA will allow > self-confirmation to the users? :). > > regards, > Nikos > -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender. This message has been scanned for viruses and Spam by ZTE Anti-Spam system.
- [TLS] concers about draft-balfanz-tls-obc zhou.sujing
- Re: [TLS] concers about draft-balfanz-tls-obc Nikos Mavrogiannopoulos
- [TLS] 答复: Re: concers about draft-balfanz-tls-obc zhou.sujing
- Re: [TLS] concers about draft-balfanz-tls-obc Nico Williams
- Re: [TLS] concers about draft-balfanz-tls-obc Yoav Nir
- Re: [TLS] concers about draft-balfanz-tls-obc Nico Williams