Re: [Uta] Client Certificates in RFC 7925
"Olle E. Johansson" <oej@edvina.net> Wed, 27 May 2020 07:04 UTC
Return-Path: <oej@edvina.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 481B93A09EB for <uta@ietfa.amsl.com>; Wed, 27 May 2020 00:04:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FL_P0UsRndKv for <uta@ietfa.amsl.com>; Wed, 27 May 2020 00:04:39 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [212.3.14.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E5B63A09D9 for <uta@ietf.org>; Wed, 27 May 2020 00:04:38 -0700 (PDT)
Received: from pinguicula.webway.org (h-205-16.A165.corp.bahnhof.se [176.10.205.16]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp7.webway.se (Postfix) with ESMTPSA id 036DD2182; Wed, 27 May 2020 09:04:34 +0200 (CEST)
From: "Olle E. Johansson" <oej@edvina.net>
Message-Id: <855F8C11-9E5B-4F40-8A5C-4A2C6228A044@edvina.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_01A81873-466D-4B4D-A6DB-4FFAF8871E0C"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Date: Wed, 27 May 2020 09:04:33 +0200
In-Reply-To: <AM0PR08MB3716A9348B73532B1E391B4BFAB10@AM0PR08MB3716.eurprd08.prod.outlook.com>
Cc: Olle E Johansson <oej@edvina.net>, "uta@ietf.org" <uta@ietf.org>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
References: <AM0PR08MB3716A9348B73532B1E391B4BFAB10@AM0PR08MB3716.eurprd08.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/TVYcqC4ofnB1BkOaV1Zt-92pmaI>
Subject: Re: [Uta] Client Certificates in RFC 7925
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 07:04:42 -0000
> On 27 May 2020, at 08:49, Hannes Tschofenig <Hannes.Tschofenig@arm.com <mailto:Hannes.Tschofenig@arm.com>> wrote: > > Hi all, > > I wanted to bring up another topic that may need to be clarified in draft-tschofenig-uta-tls13-profile-04 > > RFC 7925 says the following about client certificates: > > <> > “4.4.2 <https://tools.ietf.org/html/rfc7925#section-4.4.2>. Certificates Used by Clients > > For client certificates, the identifier used in the SubjectAltName or > in the leftmost CN component of subject name MUST be an EUI-64. > “ > Hmm. It doesn’t say how to include it in SAN fields. Anyone that understand how? > It turns out that many IoT deployments use identifiers different than EUI-64 numbers, and populate these identifiers in other places in the X.509 certificate. Agree > > I believe we have to update this recommendation to match deployment reality. > Sounds like a fair plan. /O
- [Uta] Client Certificates in RFC 7925 Hannes Tschofenig
- Re: [Uta] Client Certificates in RFC 7925 Olle E. Johansson