[websec] #51: Clarification of section 2.4

"websec issue tracker" <trac+websec@trac.tools.ietf.org> Sat, 11 August 2012 21:22 UTC

Return-Path: <trac+websec@trac.tools.ietf.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E580111E8097 for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 14:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.317
X-Spam-Status: No, score=-102.317 tagged_above=-999 required=5 tests=[AWL=0.282, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XjQDSdoGaN1b for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 14:22:38 -0700 (PDT)
Received: from grenache.tools.ietf.org (grenache.tools.ietf.org []) by ietfa.amsl.com (Postfix) with ESMTP id EB4F111E8087 for <websec@ietf.org>; Sat, 11 Aug 2012 14:22:37 -0700 (PDT)
Received: from localhost ([]:49681 helo=grenache.tools.ietf.org ident=www-data) by grenache.tools.ietf.org with esmtp (Exim 4.77) (envelope-from <trac+websec@trac.tools.ietf.org>) id 1T0J8m-00036K-J4; Sat, 11 Aug 2012 23:22:36 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "websec issue tracker" <trac+websec@trac.tools.ietf.org>
X-Trac-Version: 0.12.2
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.12.2, by Edgewall Software
To: draft-ietf-websec-key-pinning@tools.ietf.org
X-Trac-Project: websec
Date: Sat, 11 Aug 2012 21:22:36 -0000
X-URL: http://tools.ietf.org/websec/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/websec/trac/ticket/51
Message-ID: <051.e05eae1872f8f91c7be05e9dcd2eafec@trac.tools.ietf.org>
X-Trac-Ticket-ID: 51
X-SA-Exim-Rcpt-To: draft-ietf-websec-key-pinning@tools.ietf.org, websec@ietf.org
X-SA-Exim-Mail-From: trac+websec@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on grenache.tools.ietf.org); SAEximRunCond expanded to false
Resent-To: cevans@google.com, palmer@google.com
Resent-Message-Id: <20120811212237.EB4F111E8087@ietfa.amsl.com>
Resent-Date: Sat, 11 Aug 2012 14:22:37 -0700 (PDT)
Resent-From: trac+websec@trac.tools.ietf.org
Cc: websec@ietf.org
Subject: [websec] #51: Clarification of section 2.4
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2012 21:22:39 -0000

#51: Clarification of section 2.4

 In 2.4, adding a phrase to the parenthetical comment in the big paragraph

    If the connection has no errors, the UA will then apply a new
    correctness check: Pin Validation.  To perform Pin Validation, the UA
    will compute the fingerprints of the SPKI structures in each
    certificate in the host's validated certificate chain.  (The UA
    ignores certificates whose SPKI cannot be taken in isolation and
    superfluous certificates in the chain that do not form part
    of the validating chain.)  The UA will then check that the set of
    these fingerprints intersects the set of fingerprints in that host's
    Pinning Metadata.  If there is set intersection, the UA continues
    with the connection as normal.  Otherwise, the UA MUST treat this Pin
    Failure as a non-recoverable error.

 Reporter:  Tom Ritter   |      Owner:  draft-ietf-websec-key-pinning@…
     Type:  defect       |     Status:  new
 Priority:  major        |  Milestone:
Component:  key-pinning  |    Version:
 Severity:  -            |   Keywords:

Ticket URL: <http://trac.tools.ietf.org/wg/websec/trac/ticket/51>
websec <http://tools.ietf.org/websec/>