___
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
--
Shumon Huque
University of Pennsylvania.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
quot; component of the corresponding DNS SRV record."
Actually, what would be really useful is if the document provided an
actual example of an SRV record and and SRVName, right after the
definitions in Section 2. Lack of clear examples is a very common
problem with many IETF specifications.
--
Shumon Huque
University of Pennsylvania.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
On Mon, Sep 13, 2010 at 10:18:00AM -0600, Peter Saint-Andre wrote:
> On 9/9/10 1:36 PM, Stefan Santesson wrote:
> > On 10-09-09 8:38 PM, "Shumon Huque" wrote:
> >
> >> Earlier in RFC 4985, it says:
> >>
> >>The SRVName, if present, MUST con
On Mon, Sep 13, 2010 at 10:08:11AM -0600, Peter Saint-Andre wrote:
> On 9/9/10 12:22 PM, Shumon Huque wrote:
> > On Wed, Sep 08, 2010 at 11:08:29PM +0200, Stefan Santesson wrote:
> >> The only thing the client need to do is to verify that the domain name
> >> provided
to know that this host is the host it claims to be, then
> it's not.
>
> What needs to be checked is to me a typical case of local policy and one
> size does not fit all.
>
> /Stefan
>
--
Shumon Huque
University of Pennsylvania.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
ing definition of these components in an SRV RR
according to RFC 2782
I think this was actually clear enough. The subsequent statement that
Name is "The DNS domain name of the domain where the specified service
is located." (which could mean any of a number of things) confuse
On Wed, Sep 08, 2010 at 11:08:29PM +0200, Stefan Santesson wrote:
>
> On 10-09-08 9:53 PM, "Shumon Huque" wrote:
> > The output of the SRV record lookup contains a target hostname,
> > not a service name, so it's not applicable to the SRVName name
> > fo
ains
a DNS mapped identifier unless you've obtained it an authenticated
(or statically configured) manner.
--
Shumon Huque
University of Pennsylvania.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
ble to the SRVName name
form. The target could be used in another name form (dNSName)
as the reference identifier, but then the client needs to convince
itself that the lookup was done securely (DNSSEC or some other
means) otherwise there's a security problem.
--
Shumon Huque
University of Penn
just eliminated).
I said some more here:
http://www.ietf.org/mail-archive/web/certid/current/msg00220.html
--
Shumon Huque
University of Pennsylvania.
On Fri, Jul 23, 2010 at 09:25:43AM -0600, Peter Saint-Andre wrote:
> Sorry, I haven't yet had a chance to review the feedback that
On Mon, Jul 19, 2010 at 05:50:39PM -0700, Paul Hoffman wrote:
> At 7:16 PM -0400 7/19/10, Shumon Huque wrote:
> >
> >Right, I agree with that.
> >
> >I'm not clear on whether you're objecting to an ordering rule. Or
> >saying that the additional text in 4
On Sun, Jul 18, 2010 at 03:04:55PM -0700, Paul Hoffman wrote:
> At 1:59 PM -0400 7/18/10, Shumon Huque wrote:
> >Well, one reason would be to reduce the number of verification
> >steps imposed on a client by a certificate with a more preferred
> >or more specific identit
On Sun, Jul 18, 2010 at 08:17:22AM -0700, Paul Hoffman wrote:
> At 11:29 PM -0400 7/17/10, Shumon Huque wrote:
> >On Thu, Jul 15, 2010 at 04:29:07PM -0700, Paul Hoffman wrote:
> >> At 4:08 PM -0700 7/15/10, The IESG wrote:
> >> >The IESG has received a request f
presented identifier matches one of
its reference identifiers. The search fails if the client exhausts
its list of reference identifiers without finding a match.
--
Shumon Huque
University of Pennsylvania.
___
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
On Tue, Mar 02, 2010 at 06:13:28AM +0900, Masataka Ohta wrote:
> Phillip Hallam-Baker wrote:
>
> > Moving to DNSSEC, regardless of the technical model does not eliminate
> > the need for certificates or CAs. The purpose of EV certificates is to
> > re-establish the principle of accountability.
>
On Thu, Feb 25, 2010 at 11:55:03AM -0500, Paul Wouters wrote:
> On Thu, 25 Feb 2010, Phillip Hallam-Baker wrote:
> >If DNSSEC succeeds, the domain validated certificate business will
> >have to either transform or eventually die. I think that for most CAs,
> >the business opportunities from SSL+DNS
On Wed, Feb 17, 2010 at 06:48:37PM +, Tony Finch wrote:
> On Wed, 17 Feb 2010, Phillip Hallam-Baker wrote:
>
> > One mechanism that was unfortunately pushed asside as a result of the
> > fixation on end to end DNSSEC would be to for the resolver to use
> > DNSSEC (and other methods) to authent
On Mon, Sep 10, 2007 at 04:29:24PM -0700, Paul Leach wrote:
> I've read the I-D and EKR's responses, and while I don't agree with all of
> them I agree with enough of them that I think that the draft could use a
> further revision that takes them into consideration.
>
Would someone send a point
Michael Dillon said:
> "Personally, I would like to see some more criticism of the fact that
> this draft is about Phishing, a symptom of security problems, rather
> than about strengthening a weakness in Internet security. It is entirely
> possible to "solve" the phishing problem without strength
19 matches
Mail list logo