[websec] #51: Clarification of section 2.4
"websec issue tracker" <trac+websec@trac.tools.ietf.org> Sat, 11 August 2012 21:22 UTC
Return-Path: <trac+websec@trac.tools.ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E580111E8097 for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 14:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.317
X-Spam-Level:
X-Spam-Status: No, score=-102.317 tagged_above=-999 required=5 tests=[AWL=0.282, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XjQDSdoGaN1b for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 14:22:38 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org [77.72.230.30]) by ietfa.amsl.com (Postfix) with ESMTP id EB4F111E8087 for <websec@ietf.org>; Sat, 11 Aug 2012 14:22:37 -0700 (PDT)
Received: from localhost ([127.0.0.1]:49681 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from <trac+websec@trac.tools.ietf.org>) id 1T0J8m-00036K-J4; Sat, 11 Aug 2012 23:22:36 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: websec issue tracker <trac+websec@trac.tools.ietf.org>
X-Trac-Version: 0.12.2
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.2, by Edgewall Software
To: draft-ietf-websec-key-pinning@tools.ietf.org
X-Trac-Project: websec
Date: Sat, 11 Aug 2012 21:22:36 -0000
X-URL: http://tools.ietf.org/websec/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/51
Message-ID: <051.e05eae1872f8f91c7be05e9dcd2eafec@trac.tools.ietf.org>
X-Trac-Ticket-ID: 51
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Rcpt-To: draft-ietf-websec-key-pinning@tools.ietf.org, websec@ietf.org
X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: cevans@google.com, palmer@google.com
Resent-Message-Id: <20120811212237.EB4F111E8087@ietfa.amsl.com>
Resent-Date: Sat, 11 Aug 2012 14:22:37 -0700
Resent-From: trac+websec@trac.tools.ietf.org
Cc: websec@ietf.org
Subject: [websec] #51: Clarification of section 2.4
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2012 21:22:39 -0000
#51: Clarification of section 2.4
In 2.4, adding a phrase to the parenthetical comment in the big paragraph
:
If the connection has no errors, the UA will then apply a new
correctness check: Pin Validation. To perform Pin Validation, the UA
will compute the fingerprints of the SPKI structures in each
certificate in the host's validated certificate chain. (The UA
ignores certificates whose SPKI cannot be taken in isolation and
superfluous certificates in the chain that do not form part
of the validating chain.) The UA will then check that the set of
these fingerprints intersects the set of fingerprints in that host's
Pinning Metadata. If there is set intersection, the UA continues
with the connection as normal. Otherwise, the UA MUST treat this Pin
Failure as a non-recoverable error.
--
-------------------------+---------------------------------------------
Reporter: Tom Ritter | Owner: draft-ietf-websec-key-pinning@…
Type: defect | Status: new
Priority: major | Milestone:
Component: key-pinning | Version:
Severity: - | Keywords:
-------------------------+---------------------------------------------
Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/51>
websec <http://tools.ietf.org/websec/>
- [websec] #51: Clarification of section 2.4 websec issue tracker
- Re: [websec] #51: Clarification of section 2.4 websec issue tracker
- Re: [websec] #51: Clarification of section 2.4 (i… websec issue tracker