[TLS]Re: [EXTERNAL] Re: WG Adoption for TLS Trust Expressions

2024-05-22 Thread Carl Wallace
From: Joseph Salowey Date: Wednesday, May 22, 2024 at 5:04 PM To: "tls@ietf.org" Subject: [TLS]Re: [EXTERNAL] Re: WG Adoption for TLS Trust Expressions Thanks to the working group for all the discussion on this document. We will kick off an official adoption call soon. While this work

Re: [TLS] Fwd: New Version Notification for draft-davidben-tls-trust-expr-00.txt

2023-10-24 Thread Carl Wallace
A few comments and nits are below but I have one high level question. Why limit the manifest produced by root programs to trust anchors? Root programs could produce a structure that represents CA certificates and all possible partial paths that can be validated by a trust store as well. This wou

Re: [TLS] Regulations for EKU validation for CA certificates in the certificate chain

2023-01-31 Thread Carl Wallace
n Behalf Of Salz, Rich > Sent: Saturday, January 28, 2023 10:57 AM > To: Oleg Pekar ; Carl Wallace > > Cc: TLS@ietf.org > Subject: Re: [TLS] Regulations for EKU validation for CA certificates in the > certificate chain > > Great, I will prepare the initial draft then. Ar

Re: [TLS] Regulations for EKU validation for CA certificates in the certificate chain

2023-01-28 Thread Carl Wallace
From: Oleg Pekar Date: Saturday, January 28, 2023 at 10:03 AM To: Carl Wallace Cc: Ilari Liusvaara , Subject: Re: [TLS] Regulations for EKU validation for CA certificates in the certificate chain Great, I will prepare the initial draft then. Are there any informal documents where

Re: [TLS] Regulations for EKU validation for CA certificates in the certificate chain

2023-01-28 Thread Carl Wallace
On 1/28/23, 8:10 AM, "TLS on behalf of Ilari Liusvaara" mailto:tls-boun...@ietf.org> on behalf of ilariliusva...@welho.com > wrote: On Sat, Jan 28, 2023 at 11:57:46AM +0200, Oleg Pekar wrote: > Example: if the client sends a chain Root->CA1->CA2->End-Entity,

Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it)

2018-03-24 Thread Carl Wallace
From: TLS on behalf of Tony Arcieri Date: Saturday, March 24, 2018 at 11:31 AM Subject: Re: [TLS] Breaking into TLS for enterprise "visibility" (don't do it) > On Fri, Mar 23, 2018 at 11:26 PM, Alex C wrote: >> As I understand it (poorly!) the idea is exactly to have a single system on >>