[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC 3280bis and URI schemes without hostname

To: ietf-pkix@xxxxxxx
Subject: RFC 3280bis and URI schemes without hostname
From: Sam Hartman <hartmans-ietf@xxxxxxx>
Date: Thu, 29 Nov 2007 14:39:39 -0500
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)



Folks, I seem to have dropped the ball on rfc3280bis.

It's my understanding that the comments I raised have been addressed.

I do have one comment that I failed to raise earlier.  I'm going to
raise it now, but I'm going to send the document to IETF last call.
Any changes regarding this comment are going to be minor and we can
call them out on the ietf list.


RFC 3286 does not require that schemes have an authority component.
For example take a look at RFC 4622.  It does support authority
components, but if I were going to issue a certificate for an XMPP
identity I would actually expect that which server the end user
authenticates to would not be important for the whether they were
reaching a given subject.  Other URIs simply don't use authority.
However the URI in subjectAltName requires the host portion to be
present, which requires an authority section.


I'd like the WG to consider what to do about this.  Options include:

* Decide that this name type is not appropriate for URI schemes that tend not to use authorities.  

* Relax the rules.  I strongly urge the WG not to take on the task of name constraints for URIs without authority in this document.

Thanks for your consideration,

--Sam

Follow-Ups:
- Re: RFC 3280bis and URI schemes without hostname
  - From: Stephen Farrell

Prev by Date: nisirap
Next by Date: RE: [TLS] DSA/SHA-1, and OIDs
Previous by thread: nisirap
Next by thread: Re: RFC 3280bis and URI schemes without hostname
Index(es):
- Date
- Thread