[Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt

To: <emu at ietf.org>
Subject: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
Date: Tue, 16 Jan 2007 14:22:01 -0800
Authentication-results: sj-dkim-5; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim5002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1431; t=1168986138; x=1169850138; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20Open=20issues=20with=20draft-simon-emu-rfc2716bis-06.txt |Sender:=20; bh=IFEc8Ei6b1LYUwmqCG17PPoasMhI5Pg0l/xdioOYuLc=; b=Q6KHgatezPAAyWm7lga8ALxFpx2PGXmTbMY2/sbQoS5A+BU5ll1b4SntLmIosf1yx1lvJQmI gLR+ax9VeOhZ3KbWCUn92V6sEA0vWWurh3xJ4/oV5HfFc4w/iAOmmK7/;
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: Acc5vL5eN2kCaPHiSsC79Ujpp4I/Vw==
Thread-topic: Open issues with draft-simon-emu-rfc2716bis-06.txt

It seems that most of the issues brought up in last call are resolved or
nearly resolved in draft-simon-emu-rfc2716bis-06.txt.  The one area
where we need more discussion is section 5.2 on certificate usage.
Below are the remaining open issue I have tracked with this section,
please indicate if there are others with this section or other sections
that I have missed.  

1. Use of TLS-WWW EKU 

The question was raised that the TLS WWW EKU may not be appropriate for
EAP-TLS.  The suggestion was made to remove the text on EKU.  Are
members of the working group in favor of removing this text? 

2. Discussion of naming

This section recommends

"Where the subjectAltName field is present, the Peer-Id or Server-Id
is set to the contents of the subjectAltName.  If subject naming
information is present only in the subject field, then the Peer-Id or
Server-Id is set to the Distinguished Name (DN)." 

It is possible that more than one subjectAltName may be present in a
certificate.  Are there any rules as to how this is represented as a
Peer name?  Also would it be more consistent to use the DN unless it is
empty?  

3. Discussion of authorization

The later part of this section seems to discuss authorization.  A
suggestion for revised text was made in
http://www1.ietf.org/mail-archive/web/emu/current/msg00309.html.  Does
the suggested text convey the necessary information? 


_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

Follow-Ups:
- [Emu] Removal of key strength table in RFC 2716bis
  - From: Bernard Aboba
- RE: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
  - From: Bernard Aboba

Prev by Date: RE: [Emu] WGLC comments for draft-simon-emu-rfc2716bis
Next by Date: RE: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
Previous by thread: [Emu] I-D ACTION:draft-ietf-emu-eap-gpsk-02.txt
Next by thread: RE: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
Index(es):
- Date
- Thread

[Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.