Re: [TLS] Consensus call for certificate URL extension

To: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Subject: Re: [TLS] Consensus call for certificate URL extension
From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
Date: Tue, 23 Sep 2008 20:38:51 +0300
Cc: tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding:sender; bh=f02HkMt9U0HmvbOt+v6986K7RxbkwuyOQ0dz2W5UOVM=; b=qK9UkrjTHwmY+pPiFqVUiLOLcG6fFop6ge1rFsC0MPgeXi8smEh8bPhm3e52tycJz+ 6BUukBowok8N0P8JBtGEKLvn1sSGjd9R2gyWHkN+AAcl+rDYfmheg0vxfcabXODrNCnE lSzHYRz9rIUtFVU6u7ihrtEC22OXMKkM1+yiQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding:sender; b=KsONs2IlPMXTewjunlp5zZo2JqkaXhhhHl2Jf64UZlgWOBlRNf5h1VSUTHsf4Y6DRY RZUTr5WXXmuiL3QkKEZUdLvifQByhN/ZItkQG58+09ZOuLuZif1aSfLtQd2z5XqFVXcG ZQPciY+gTm9RvRUzq1ROeJUnjhPrNXAjv86E4=
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE5069401B0 at xmb-sjc-225.amer.cisco.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <AC1CFD94F59A264488DC2BEC3E890DE5069401B0 at xmb-sjc-225.amer.cisco.com>
Sender: tls-bounces at ietf.org
User-agent: Thunderbird 2.0.0.16 (X11/20080724)

Joseph Salowey (jsalowey) wrote:
> We need to close this open issue.  I think there are two basic options
> that address the security issues that have been raised:
> 
> A) Deprecate the current extension and create a similar new extension
> with the hash mandatory.
> 
> B) Make the hash mandatory in the current extension.  This should not
> cause deployment problems because there are no known deployments that
> make the hash optional.

My preference is (B).

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Consensus call for certificate URL extension
  - From: Mike

References:
- [TLS] Consensus call for certificate URL extension
  - From: Joseph Salowey (jsalowey)

Prev by Date: Re: [TLS] Consensus call for certificate URL extension
Next by Date: Re: [TLS] Consensus call for certificate URL extension
Previous by thread: Re: [TLS] Consensus call for certificate URL extension
Next by thread: Re: [TLS] Consensus call for certificate URL extension
Index(es):
- Date
- Thread

Re: [TLS] Consensus call for certificate URL extension

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.