On 07/30/2010 05:44 AM, Shumon Huque wrote:
But the direct/indirect classification of identity types needs to be corrected (or just eliminated).
+1
I said some more here:http://www.ietf.org/mail-archive/web/certid/current/msg00220.html
You seems to say there that the text basically nails down to two different id types, the dns based one (which is used in a very prominent uri using application, i.e. https), and URI-id types. It is a little bit difficult to have several certificates with different URI ids sharing the same ipaddress+port. tls servername indication has not provision for this. If one cannot have ids with different paths, what's the beef having a path in an identifier?. What also seems missing is a paragraph on what happens before the server presents its certificate, i.e. what means does have the client to direct the server, ip-address:port to connect and fqdn in the servername indication at least. ah, I forgot dtls? /P _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
