OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] XRD trusted discovery workflow

Sorry for a late reply.

By "unique", I meant not-to-be-reused. This is more akin to the 
ownership of it.
AWWW has little to say about the ownership of the URI.

Yes, as to having multiple CID in a cert, that is a possibility, as long 
as all those CIDs belongs to that entity.

=nat

John Bradley wrote:
> Nat,
>
> SubjectAltName  can have multiple elements so I suppose a single cert 
> could service multiple CID, as it can for email addresses.
>
> I am not certain what you mean by unique name.  From a AWWW 
> perspective every URI represents a unique resource so that probably is 
> not what you are getting at.
>
> The qualities of the email or URI in the SubjectAltName would be 
> determined by the CA's policy.
>
> We may need some new use policy in the CERT to prevent confusion with 
> email or other certs issued for different reasons 
> under different vetting policies.
>
> =jbradley
> On 15-Dec-08, at 4:18 AM, Nat Sakimura wrote:
>
>> Ah!
>>
>> My comments inline.
>>
>> Peter Davis wrote:
>>> On Dec 11, 2008, at 6:13 PM, Sakimura Nat wrote:
>>>
>>>  
>>>> That is, if it were http://example.com/alice and http://example.com/bob
>>>> , then it should be example.com that signs this.
>>>>    
>>>
>>> I am not sure that I agree completely on this for all cases.  take,
>>> for example:
>>>
>>>        https://example.com/foo/alice
>>>
>>> It is entirely plausible that the naming authority is /foo (not
>>> example.com).  Similarly, for:
>>>
>>>        https://foo.example.com/foo/alice
>>>
>>> the naming authority _could_ be any of:
>>>
>>>        foo.example.com/foo
>>>        foo.example.com
>>>        example.com
>>>
>>> all of which should be considered valid
>>>  
>> Indeed. The above sentence was the summarization of Brian's approach.
>> Like John has explained, my approach differs that I believe each 
>> identity should have a cert.
>>
>> In that path, the current discussion is whether to revive 
>> SubjectUniqueId or use SubjectAltName.
>> As long as there is a way to know that SubjectAltName indeed is a 
>> unique name, I am fine with it.
>>
>>> =peterd
>>>
>>>  
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]