date:20121015

Re: [websec] #53: Clarify status of pin validation when used with private trust anchors

2012-10-15 Thread websec issue tracker

#53: Clarify status of pin validation when used with private trust anchors

Changes (by palmer@…):

 * status:  new => assigned


-- 
-+---
 Reporter:  palmer@… |   Owner:  palmer@…
 Type:  defect   |  Status:  assigned
 Priority:  major|   Milestone:
Component:  key-pinning  | Version:
 Severity:  -|  Resolution:
 Keywords:   |
-+---

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

[websec] #53: Clarify status of pin validation when used with private trust anchors

2012-10-15 Thread websec issue tracker

#53: Clarify status of pin validation when used with private trust anchors

 Clarify in the I-D whether and how, when a the server's certificate chain
 chains up to a private trust anchor (as opposed to a publicly-trusted one
 such as in Mozilla's or Microsoft's root CA programs), the UA should
 perform pin validation. Options:

 * If anchor is private, do not perform pin validation

 * Always perform pin validation, presumably always failing when trust
 anchor is private

 * If anchor is private, validate against a database of private pins;
 ** If there is no DB of private pins, do not perform pin validation
 ** If there is no DB of private pins, perform pin validation anyway
 (presumably always failing)

 * Other options?

 Currently, Google Chrome opts to not perform pin validation when the trust
 anchor is private.

-- 
-+--
 Reporter:  palmer@… |  Owner:  palmer@…
 Type:  defect   | Status:  new
 Priority:  major|  Milestone:
Component:  key-pinning  |Version:
 Severity:  -|   Keywords:
-+--

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

Re: [websec] #51: Clarification of section 2.4 (ignore pins where SPKI is insufficient) (was: Clarification of section 2.4)

2012-10-15 Thread websec issue tracker

#51: Clarification of section 2.4 (ignore pins where SPKI is insufficient)

Changes (by palmer@…):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 I have fixed this in the draft that will go out later today.

-- 
-+---
 Reporter:  Tom Ritter   |   Owner:  palmer@…
 Type:  defect   |  Status:  closed
 Priority:  major|   Milestone:
Component:  key-pinning  | Version:
 Severity:  -|  Resolution:  fixed
 Keywords:   |
-+---

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

Re: [websec] #51: Clarification of section 2.4

2012-10-15 Thread websec issue tracker

#51: Clarification of section 2.4

Changes (by palmer@…):

 * owner:  draft-ietf-websec-key-pinning@… => palmer@…
 * status:  new => assigned


-- 
-+---
 Reporter:  Tom Ritter   |   Owner:  palmer@…
 Type:  defect   |  Status:  assigned
 Priority:  major|   Milestone:
Component:  key-pinning  | Version:
 Severity:  -|  Resolution:
 Keywords:   |
-+---

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

Re: [websec] #50: Handling of pinning DSA public keys (was: Handing of pinning DSA public keys)

2012-10-15 Thread websec issue tracker

#50: Handling of pinning DSA public keys


-- 
-+---
 Reporter:  Tom Ritter   |   Owner:  palmer@…
 Type:  defect   |  Status:  closed
 Priority:  major|   Milestone:
Component:  key-pinning  | Version:
 Severity:  -|  Resolution:  fixed
 Keywords:   |
-+---

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

Re: [websec] #50: Handing of pinning DSA public keys

2012-10-15 Thread websec issue tracker

#50: Handing of pinning DSA public keys

Changes (by palmer@…):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 Added this note to the draft. I'll send out a new version of the draft
 later on today.

-- 
-+---
 Reporter:  Tom Ritter   |   Owner:  palmer@…
 Type:  defect   |  Status:  closed
 Priority:  major|   Milestone:
Component:  key-pinning  | Version:
 Severity:  -|  Resolution:  fixed
 Keywords:   |
-+---

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

Re: [websec] #50: Handing of pinning DSA public keys

2012-10-15 Thread websec issue tracker

#50: Handing of pinning DSA public keys

Changes (by palmer@…):

 * owner:  draft-ietf-websec-key-pinning@… => palmer@…
 * status:  new => assigned


-- 
-+---
 Reporter:  Tom Ritter   |   Owner:  palmer@…
 Type:  defect   |  Status:  assigned
 Priority:  major|   Milestone:
Component:  key-pinning  | Version:
 Severity:  -|  Resolution:
 Keywords:   |
-+---

Ticket URL: 
websec 

___
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec

Re: [websec] #53: Clarify status of pin validation when used with private trust anchors

[websec] #53: Clarify status of pin validation when used with private trust anchors

Re: [websec] #51: Clarification of section 2.4 (ignore pins where SPKI is insufficient) (was: Clarification of section 2.4)

Re: [websec] #51: Clarification of section 2.4

Re: [websec] #50: Handling of pinning DSA public keys (was: Handing of pinning DSA public keys)

Re: [websec] #50: Handing of pinning DSA public keys

Re: [websec] #50: Handing of pinning DSA public keys

7 matches

Site Navigation

Mail list logo

Footer information