Jeff and I would like to apologize for the delay in publishing an updated version of draft-saintandre-tls-server-id-check, which we have just posted:
http://www.ietf.org/id/draft-saintandre-tls-server-id-check-04.txt However, we have been hard at work and we think that version -04 is much improved because it clears up a number of matters that were ambiguous in previous versions. In particular: 1. We have replaced the vague notion of a "reference identity" with the more precise concept of an ordered list of reference identifiers, which can be directly matched against the presented identifiers from the server certificate (where "identifiers" are things like dNSName, SRVName, and uniformResourceIdentifier). 2. We have explained more clearly the assumptions behind this work, including the concept of an application server. 3. We have tightened up the matching process and comparison rules with regard to both DNS domain names and service types. 4. We have more clearly explained certificate subjectNames, DNs, RDNs, CNs, etc. Although open issues remain (e.g., we need to move clearly describe the threat model), the -04 version is a major revision of the spec and we expect the diffs going forward to be much smaller. We will now actively seek out feedback from certification authorities, application developers, and service operators, then work quickly to close any remaining open issues. Our goal is to deliver this specification to the IESG by the end of June at the latest so that we don't hold up advancement of specs that depend on this one (draft-daboo-srv-email, draft-ietf-xmpp-rfc3920bis, etc.). Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
