xri message

Subject: RE: [xri] Solution for host-meta

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'John Bradley'" <jbradley@mac.com>
Date: Tue, 25 Aug 2009 16:44:16 -0400

John Bradley wrote on 2009-08-25:
> The problem with a URN in the OASIS space would be that it needs to
> include the host name to match the  CN of the signing cert.

Don't forget subjectAltName, which should take precedence.

But anything defined has that requirement, and by extension will require the
extraction of that information from the "URI" for comparison purposes along
with some clear set of matching rules (i.e. what about wildcard certs, what
about tail matching for constraining authority in some cases, etc.).

-- Scott

References:
- Solution for host-meta
  - From: Eran Hammer-Lahav <eran@hueniverse.com>
- Re: [xri] Solution for host-meta
  - From: John Bradley <jbradley@mac.com>
- RE: [xri] Solution for host-meta
  - From: Eran Hammer-Lahav <eran@hueniverse.com>
- Re: [xri] Solution for host-meta
  - From: John Bradley <jbradley@mac.com>
- RE: [xri] Solution for host-meta
  - From: "Drummond Reed" <drummond.reed@cordance.net>
- Re: [xri] Solution for host-meta
  - From: John Bradley <jbradley@mac.com>