RFC 3280bis and URI schemes without hostname
Sam Hartman <hartmans-ietf@mit.edu> Thu, 29 November 2007 21:58 UTC
Return-path: <owner-ietf-pkix@mail.imc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IxrPD-0007rl-Qk for pkix-archive@lists.ietf.org; Thu, 29 Nov 2007 16:58:47 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IxrPD-0008Me-C3 for pkix-archive@lists.ietf.org; Thu, 29 Nov 2007 16:58:47 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id lATLAptY077676 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Nov 2007 14:10:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id lATLApn6077675; Thu, 29 Nov 2007 14:10:51 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id lATLAoS1077668 for <ietf-pkix@imc.org>; Thu, 29 Nov 2007 14:10:50 -0700 (MST) (envelope-from hartmans@mit.edu)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 97DE04815; Thu, 29 Nov 2007 16:10:45 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: ietf-pkix@imc.org
Subject: RFC 3280bis and URI schemes without hostname
Date: Thu, 29 Nov 2007 14:39:39 -0500
Message-ID: <tslwss04z9g.fsf@mit.edu>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Folks, I seem to have dropped the ball on rfc3280bis. It's my understanding that the comments I raised have been addressed. I do have one comment that I failed to raise earlier. I'm going to raise it now, but I'm going to send the document to IETF last call. Any changes regarding this comment are going to be minor and we can call them out on the ietf list. RFC 3286 does not require that schemes have an authority component. For example take a look at RFC 4622. It does support authority components, but if I were going to issue a certificate for an XMPP identity I would actually expect that which server the end user authenticates to would not be important for the whether they were reaching a given subject. Other URIs simply don't use authority. However the URI in subjectAltName requires the host portion to be present, which requires an authority section. I'd like the WG to consider what to do about this. Options include: * Decide that this name type is not appropriate for URI schemes that tend not to use authorities. * Relax the rules. I strongly urge the WG not to take on the task of name constraints for URIs without authority in this document. Thanks for your consideration, --Sam
- RFC 3280bis and URI schemes without hostname Sam Hartman
- Re: RFC 3280bis and URI schemes without hostname Stephen Farrell
- Re: RFC 3280bis and URI schemes without hostname Paul Hoffman
- Re: RFC 3280bis and URI schemes without hostname Paul Hoffman
- Re: RFC 3280bis and URI schemes without hostname Sam Hartman
- Re: RFC 3280bis and URI schemes without hostname David A. Cooper
- Re: RFC 3280bis and URI schemes without hostname Stephen Farrell
- Re: RFC 3280bis and URI schemes without hostname Stephen Kent
- Re: RFC 3280bis and URI schemes without hostname David A. Cooper
- Re: RFC 3280bis and URI schemes without hostname David A. Cooper
- Re: RFC 3280bis and URI schemes without hostname David A. Cooper