Re: [TLS] Verifying X.509 Certificate Chains out of order

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: "Steven M. Bellovin" <smb at cs.columbia.edu>
Date: Mon, 6 Oct 2008 11:33:54 -0400
Cc: Simon Josefsson <simon at josefsson.org>, tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
In-reply-to: <20081006144152.5B9596B57F6 at kilo.rtfm.com>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: Columbia University
References: <1223034323.30303.29.camel at localhost> <877i8pk772.fsf at mocca.josefsson.org> <1223281251.12502.74.camel at localhost> <87abdit8c2.fsf_-_ at mocca.josefsson.org> <20081006144152.5B9596B57F6 at kilo.rtfm.com>
Sender: tls-bounces at ietf.org

On Mon, 06 Oct 2008 07:41:52 -0700
Eric Rescorla <ekr at networkresonance.com> wrote:

> I think there are two separate issues here:
> 
> (1) Whether implementations should be required to send certificates
>     in a specific order.
> (2) Whether implementations should generate an error if they are
>     received in another order.
> 
"Be conservative in what you send; be liberal in what you accept."


		--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Ben Laurie
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Martin Rex

References:
- [TLS] Verifying X.509 Certificate Chains out of order
  - From: Simon Josefsson
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Eric Rescorla

Prev by Date: [TLS] Client PKI Workshop
Next by Date: [TLS] I-D ACTION:draft-ietf-tls-rfc4366-bis-03.txt
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.