On Fri, Apr 19, 2013 at 10:12:25PM -0700, SM wrote:
> >Any grounds or explanation for this opinion? How is text that
> >highlights a deductive-logic consequence of the specification a
> >change?
>
> RFC 6698 is a document which reflects the consensus of the IETF at
> the time it was published. The substantive change I mentioned is a
> change to that consensus.
Lack of RFC WG consensus does not trump simple deductive logic,
which remains irrefutably true even if the group did not explicitly
endorse it.
You repeat the same assertion, but still with no justification,
what is the change you speak of?
Server: Via DNS: My TA digest is 12345
Server: Via TLS handshake: my certificate chain is A, B, C
Client: Sees that none of A, B, or C have 12345 as their digest.
Does not have any certificates in hand with digest 12345
(no presumption of this with certificate usage 2).
Verification fails.
Therefore:
Observation: If server does not want the client to fail, include
the TA cert in the chain A, B, C, D (assuming, for example, that
D is the missing TA certificate that signed C).
Recommendation, publish this purely deductive observation so that
server operators don't fail to note the (logical rather than imposed
by additional text in the RFC) requirement.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
