On 12/8/10 1:48 PM, =JeffH wrote: >> In general, I think this document is describing the tools available to >> protocol designers, not telling protocol designers which tools to use. > > Well, the original intent of this spec was to (simply, heh) specify how > to match one's reference ID to the presented ID (tho we hadn't yet > invented those terms) returned in the end-entity cert during TLS > handshake, so protocol designers/specifiers didn't have to re-invent it > (and do so differently) for each spec going forward. > > So I'd characterize it as listing (and defining degrees-of-freedom of) > the tools available (eg DNS-ID, SRV-ID, URI-ID, etc.), and then defining > how to perform matching given the tool.
Yes, that is more accurate. As we discussed via IM, originally we thought it would be simple to lay down the law for all application protocols, but our prescriptions have become a bit more relaxed as we've realized how tangled the landscape is... Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
