[pkix] AD Review of draft-ietf-pkix-rfc5280-clarifications-03.txt
Sean Turner <turners@ieca.com> Mon, 22 August 2011 12:51 UTC
Return-Path: <turners@ieca.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6BA021F8B30 for <pkix@ietfa.amsl.com>; Mon, 22 Aug 2011 05:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.958
X-Spam-Level:
X-Spam-Status: No, score=-100.958 tagged_above=-999 required=5 tests=[AWL=-0.960, BAYES_50=0.001, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EiUlCUWvoAa3 for <pkix@ietfa.amsl.com>; Mon, 22 Aug 2011 05:51:44 -0700 (PDT)
Received: from nm14-vm0.bullet.mail.sp2.yahoo.com (nm14-vm0.bullet.mail.sp2.yahoo.com [98.139.91.246]) by ietfa.amsl.com (Postfix) with SMTP id 965AE21F8B29 for <pkix@ietf.org>; Mon, 22 Aug 2011 05:51:43 -0700 (PDT)
Received: from [98.139.91.67] by nm14.bullet.mail.sp2.yahoo.com with NNFMP; 22 Aug 2011 12:52:48 -0000
Received: from [98.139.91.50] by tm7.bullet.mail.sp2.yahoo.com with NNFMP; 22 Aug 2011 12:52:48 -0000
Received: from [127.0.0.1] by omp1050.mail.sp2.yahoo.com with NNFMP; 22 Aug 2011 12:52:48 -0000
X-Yahoo-Newman-Id: 730185.63846.bm@omp1050.mail.sp2.yahoo.com
Received: (qmail 37811 invoked from network); 22 Aug 2011 12:52:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1314017568; bh=vyUn7TYgaUGQwXwm7+j0iCmAlVH9mR1l3yJXm+ywkJA=; h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=TARvgMSD42pJ9SuaHRzxwJC8tY/LXjFGJoj2wTXqrkBnoyVYTbbs7G56Rrh1G158U0P8UFGHEsYfq3ggnVuMFozofdbKwblPT/BB4CEfxBq+yv3/OPlxb/Zy74z2fz7S63Qd+akc0o54t8iC2THmIhR9rfFG4Y7QL2a5zP+Qbtk=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 9D4h6_4VM1l9HXhwcdVCuhA4YYjyArVui5WgGakO9OcDj5Y DAyPIoUfg9ZXLDE9VhlZA7juNm68shNDeALEGPn8el104upXNynMSjoFJNHD z9chPjLsZsyHVxAgxkwc8ua9BqLMbL8MF4tid9hd2YCrUDOjfGPOa6x36qfd uvdYCbC7NQh7NsQGLtp2tu6Jzs.xtT0Sg26rNvKslmMPX_pBDorODQxXjWFL jFNf80tigEGrSNXER7KWAhn_JzfMiw6J_qtdqZJWXliNcktEAu_DKKZUFrNP 9HnzdP1Y2wghXrBay0K4WqHhnQzgVOgOf2Hi5gZR0fIpfWp9gF7vmoxp5g6V MVOn20ll.AWCsgsmT0ld_Pf7jlgCOSZ8KKJYk1tb5ZxKFNNZeBqKLArZq2JD WcO8Ko.qwR3c8LLCPPzNwU_MC7O9r4mGJypft.3Uj
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
Received: from thunderfish.westell.com (turners@96.231.118.172 with plain) by smtp114.biz.mail.sp1.yahoo.com with SMTP; 22 Aug 2011 05:52:48 -0700 PDT
Message-ID: <4E52511F.6060408@ieca.com>
Date: Mon, 22 Aug 2011 08:52:47 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: pkix@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [pkix] AD Review of draft-ietf-pkix-rfc5280-clarifications-03.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 12:51:50 -0000
I think the -03 version is just about ready to go. That is I have no comments on the existing text though I expect getting it through the IESG will be interesting (Apps ADs love to discuss about anything to do with characters strings/sets). But, I think this draft needs to also address the issue of self-signed EE certificates. I know at least the DANE WG had a lengthy discussion about self-signed EE certificates, I see that Max's EST draft also includes them, and they're used in the wild. I want to see text included that addresses them. spt
- [pkix] AD Review of draft-ietf-pkix-rfc5280-clari… Sean Turner
- Re: [pkix] AD Review of draft-ietf-pkix-rfc5280-c… Paul Hoffman
- Re: [pkix] AD Review of draft-ietf-pkix-rfc5280-c… David A. Cooper
- Re: [pkix] AD Review of draft-ietf-pkix-rfc5280-c… Paul Hoffman
- Re: [pkix] AD Review of draft-ietf-pkix-rfc5280-c… David A. Cooper
- Re: [pkix] AD Review of draft-ietf-pkix-rfc5280-c… Scott Schmit
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Kemp, David P.
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… David A. Cooper
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Kemp, David P.
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Santosh Chokhani
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Russ Housley
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Santosh Chokhani
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Martin Rex
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… David A. Cooper
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Tom Gindin
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Stephen Kent
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Manger, James H
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Stephen Kent
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Carl Wallace
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Santosh Chokhani
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Carl Wallace
- [pkix] End-entity self-signed certs (was: Re: AD … Paul Hoffman
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… David A. Cooper
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… David A. Cooper
- Re: [pkix] End-entity self-signed certs Kemp, David P.
- [pkix] Cross-cert as anchor (was Re: AD Review of… Tom Gindin
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Manger, James H
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Stephen Kent
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… David A. Cooper
- Re: [pkix] Cross-cert as anchor (was Re: AD Revie… David A. Cooper
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Stephen Kent
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Manger, James H
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Stephen Kent
- Re: [pkix] AD Review ofdraft-ietf-pkix-rfc5280-cl… Kemp, David P.
- Re: [pkix] Cross-cert as anchor (was Re: AD Revie… Tom Gindin
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Sean Turner
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Sean Turner
- Re: [pkix] End-entity self-signed certs Yoav Nir
- Re: [pkix] End-entity self-signed certs Paul Hoffman
- Re: [pkix] End-entity self-signed certs Scott Schmit
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Kemp, David P.
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Peter Gutmann
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs Yoav Nir
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs Peter Gutmann
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Thierry Moreau
- [pkix] Google TLS Origin-Bound Certificates. was:… Anders Rundgren
- Re: [pkix] End-entity self-signed certs Tom Gindin
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs denis.pinkas
- Re: [pkix] End-entity self-signed certs Martin Rex
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Thierry Moreau
- Re: [pkix] End-entity self-signed certs Kemp, David P.
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Thierry Moreau
- Re: [pkix] End-entity self-signed certs Tom Gindin
- Re: [pkix] End-entity self-signed certs denis.pinkas
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Tom Gindin
- Re: [pkix] End-entity self-signed certs Kemp, David P.
- Re: [pkix] End-entity self-signed certs Santosh Chokhani
- Re: [pkix] End-entity self-signed certs Miller, Timothy J.
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Santosh Chokhani
- Re: [pkix] End-entity self-signed certs Tom Gindin
- Re: [pkix] End-entity self-signed certs Trevor Freeman
- Re: [pkix] End-entity self-signed certs Peter Gutmann