[TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
"Stefan Santesson" <stefans@microsoft.com> Tue, 04 April 2006 22:28 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQu0R-0004Gj-81; Tue, 04 Apr 2006 18:28:11 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQu0Q-0004Ge-1J for tls@ietf.org; Tue, 04 Apr 2006 18:28:10 -0400
Received: from mail-eur.microsoft.com ([213.199.128.145]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FQu0O-00045k-K4 for tls@ietf.org; Tue, 04 Apr 2006 18:28:10 -0400
Received: from EUR-MSG-11.europe.corp.microsoft.com ([65.53.193.196]) by mail-eur.microsoft.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Apr 2006 23:28:07 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 04 Apr 2006 23:28:04 +0100
Message-ID: <BF9309599A71984CAC5BAC5ECA62994404932373@EUR-MSG-11.europe.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Last call comments for draft-santesson-tls-(ume-04,supp-00)
thread-index: AcZYFH6yJQiIvnziS5uq+CsGNaB11QAIhSTw
From: Stefan Santesson <stefans@microsoft.com>
To: Russ Housley <housley@vigilsec.com>, Pasi.Eronen@nokia.com
X-OriginalArrivalTime: 04 Apr 2006 22:28:07.0688 (UTC) FILETIME=[0C25B080:01C65837]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5ebbf074524e58e662bc8209a6235027
Cc: tls@ietf.org
Subject: [TLS] RE: Last call comments for draft-santesson-tls-(ume-04, supp-00)
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
I'm sorry if my text was unclear. If you specify UPN, then domain is automatically included in the UPN. I'm preparing a new text proposal. I will send it tomorrow morning. That will include processing and normalization of the domain component which is Unicode UTF-8 normalized with Nameprep. Stefan Santesson Program Manager, Standards Liaison Windows Security > -----Original Message----- > From: Russ Housley [mailto:housley@vigilsec.com] > Sent: den 4 april 2006 20:15 > To: Stefan Santesson; Pasi.Eronen@nokia.com > Cc: tls@ietf.org > Subject: RE: Last call comments for draft-santesson-tls-(ume-04,supp-00) > > It is okay with me, but your description does not match the > text. Based on your note, the domain must be present, and the upn is > optional. The text that Pasi quoted needs to be replaced with a > sentence that says this. > > Then, you need to add a paragraph that explains the processing when > only the domain is present, and then an paragraph that explains the > processing when both the domain and the upn are present. > > Russ > > > At 07:07 PM 4/3/2006, Stefan Santesson wrote: > >Sometimes it is sufficient to specify the domain as the user name is > >provided by the cert but that cert is used to access multiple accounts > >in different domains. In other cases the full name@domain is needed. > > > >We chose to provide for both alternatives using the same hint type. > >This works well and I would prefer to keep it that way. > > > > > >Stefan Santesson > >Program Manager, Standards Liaison > >Windows Security > > > > > > > -----Original Message----- > > > From: Russ Housley [mailto:housley@vigilsec.com] > > > Sent: den 3 april 2006 17:10 > > > To: Pasi.Eronen@nokia.com; Stefan Santesson > > > Cc: tls@ietf.org > > > Subject: RE: Last call comments for > >draft-santesson-tls-(ume-04,supp-00) > > > > > > Pasi: > > > > > > My comments were with respect to the user_principal_name within the > > > UpnDomainHint. Sorry for being ambiguous. > > > > > > Russ > > > > > > > > > >Russ Housley wrote: > > > > > > > > > > Pasi: > > > > > > > > > > >4) tls-ume: Would it make sense to define two UserMappingData > >types, > > > > > > one for "user@domain" and another one for just "domain", > >instead > > > > > > of combining them in one type? > > > > > > > > > > I do not think so. The name is user@domain. It would be > >meaningless > > > > > if only user was present, and t would me meaningless if only > >domain > > > > > was present. > > > > > > > >I don't know if it's meaningless or not, but the current draft does > > > >say that > > > > > > > > The UpnDomainHint MUST at least contain a non empty > > > > user_principal_name or a non empty domain_name. The UpnDomainHint > > > > MAY contain both user_principal_name and domain_name. > > > > > > > >In other words, one of the fields can be empty. And since the > > > >user_principal_name field is of the form "user@domain", > > > >it looks like the UpnDomainHint structure can actually contain > > > >two _different_ domain names. In other words, the spec does > > > >allow things like: > > > > > > > > UserMappingData { > > > > user_mapping_version = upn_domain_hint(0) > > > > UpnDomainHint { > > > > user_principal_name = "foo@example.com" > > > > domain_name = "bar.example.net" > > > > } > > > > } > > > > > > > >But the draft currently does not explain what this would mean, > > > >or what the domain-name-only hints are (perhaps they're "Host Mapping > > > >Data" for host certificates instead of user certs, or something). > > > >This needs to be clarified. > > > > > > > >Best regards, > > > >Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Pasi.Eronen
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson
- [TLS] RE: Last call comments for draft-santesson-… Russ Housley
- [TLS] RE: Last call comments for draft-santesson-… Russ Housley
- [TLS] RE: Last call comments for draft-santesson-… Stefan Santesson