[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Solution for host-meta
The trust profile for SSL certs is going to have to deal with those issues. It seems simple on the surface but taking SSL certificates out of there natural environment can have challenges as we have seen in IMI. In any event we need a URI that can contain the host name for hostmeta, and not be confused with a regular resource URI. We are close to http range-14 territory. If we don't want to describe a host as a non-information resource, what is the URI. That is the crux of the problem. John B. On 25-Aug-09, at 4:44 PM, Scott Cantor wrote: > John Bradley wrote on 2009-08-25: >> The problem with a URN in the OASIS space would be that it needs to >> include the host name to match the CN of the signing cert. > > Don't forget subjectAltName, which should take precedence. > > But anything defined has that requirement, and by extension will > require the > extraction of that information from the "URI" for comparison > purposes along > with some clear set of matching rules (i.e. what about wildcard > certs, what > about tail matching for constraining authority in some cases, etc.). > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]