Re: [TLS] Verifying X.509 Certificate Chains out of order

To: Ben Laurie <benl at google.com>
Subject: Re: [TLS] Verifying X.509 Certificate Chains out of order
From: "Jeffrey A. Williams" <jwkckid1 at ix.netcom.com>
Date: Sat, 11 Oct 2008 17:58:30 -0700
Cc: Simon Josefsson <simon at josefsson.org>, tls at ietf.org
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=ix.netcom.com; b=fgC81Gt7Rvh9AIYc1DOkD+UFZKHUzRNWz9lR30/q3PrR3J0FGuHil8hjilwniKX+; h=Received:Message-ID:Date:From:Organization:X-Mailer:X-Accept-Language:MIME-Version:To:CC:Subject:References:Content-Type:Content-Transfer-Encoding:X-ELNK-Trace:X-Originating-IP;
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Organization: IDNS and Spokesman for INEGroup
References: <1223034323.30303.29.camel at localhost> <877i8pk772.fsf at mocca.josefsson.org> <1223281251.12502.74.camel at localhost> <87abdit8c2.fsf_-_ at mocca.josefsson.org> <20081006144152.5B9596B57F6 at kilo.rtfm.com> <20081006113354.69029a62 at cs.columbia.edu> <1b587cab0810121328w21d2ed96n830198b5c63b43e1 at mail.gmail.com>
Sender: tls-bounces at ietf.org

Ben and all,

  I fullu agree with you Ben.  I for one am often willing to send
what I feel is appropriate wheather or not others believe so
or not, as long as it is in context and in keeping with the
theme or topic at hand.

Ben Laurie wrote:

> On Mon, Oct 6, 2008 at 4:33 PM, Steven M. Bellovin <smb at cs.columbia.edu> wrote:
> > On Mon, 06 Oct 2008 07:41:52 -0700
> > Eric Rescorla <ekr at networkresonance.com> wrote:
> >
> >> I think there are two separate issues here:
> >>
> >> (1) Whether implementations should be required to send certificates
> >>     in a specific order.
> >> (2) Whether implementations should generate an error if they are
> >>     received in another order.
> >>
> > "Be conservative in what you send; be liberal in what you accept."
>
> I thought we'd given up on that as a useful generalisation since it
> introduces security problems in some circumstances, for example HTTP
> header stuffing. Which is not to say I am opposed to this particular
> change, but that adage is an entirely insufficient justification.
> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1 at ix.netcom.com
My Phone: 214-244-4827

_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

References:
- [TLS] Verifying X.509 Certificate Chains out of order
  - From: Simon Josefsson
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Eric Rescorla
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Steven M. Bellovin
- Re: [TLS] Verifying X.509 Certificate Chains out of order
  - From: Ben Laurie

Prev by Date: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by Date: Re: [TLS] New version of draft-ietf-tls-ecdhe-psk after the WGLC
Previous by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Next by thread: Re: [TLS] Verifying X.509 Certificate Chains out of order
Index(es):
- Date
- Thread

Re: [TLS] Verifying X.509 Certificate Chains out of order

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.