Re: [TLS] Consensus call for certificate URL extension

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Consensus call for certificate URL extension
From: "Blumenthal, Uri" <uri at ll.mit.edu>
Date: Tue, 23 Sep 2008 07:27:07 -0400
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <6700CFB4-A5F9-42CE-8C28-13524C5A2405 at checkpoint.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org
Thread-index: AckdSZh5uYiIlE9oQmWZc6SmMsqGxQAJbcXY
Thread-topic: [TLS] Consensus call for certificate URL extension

Title: Re: [TLS] Consensus call for certificate URL extension

I agree with Yoav and vote for B.

On 9/23/08 02:49 AM, "Yoav Nir" <ynir at checkpoint.com> wrote:

(B)

I can live with A, but I don't like having deprecated extensions if we
can avoid them.

On Sep 23, 2008, at 7:52 AM, Joseph Salowey (jsalowey) wrote:

> We need to close this open issue. I think there are two basic options
> that address the security issues that have been raised:
>
> A) Deprecate the current extension and create a similar new extension
> with the hash mandatory.
>
> B) Make the hash mandatory in the current extension. This should not
> cause deployment problems because there are no known deployments that
> make the hash optional.
>
> In either case, we can include hash agility as described in
> http://trac.tools.ietf.org/wg/tls/trac/ticket/46. If there is
> support in
> the working group for the use case where the certificate is updated
> offline then we can possibly work on a new extension in a new document
> that incorporates ideas expressed on the list.
>
> Please express you preference on the list for one of these options by
> 10/6/2008.
>
> Thanks,
>
> Joe
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

--
Regards,
Uri
<Disclaimer>

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Consensus call for certificate URL extension
  - From: Yoav Nir

Prev by Date: Re: [TLS] Consensus call for certificate URL extension
Next by Date: Re: [TLS] Consensus call for certificate URL extension
Previous by thread: Re: [TLS] Consensus call for certificate URL extension
Next by thread: Re: [TLS] Consensus call for certificate URL extension
Index(es):
- Date
- Thread

Re: [TLS] Consensus call for certificate URL extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.