OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] Solution for host-meta


The trust profile for SSL certs is going to have to deal with those  
issues.

It seems simple on the surface but taking SSL certificates out of  
there natural environment can have challenges as we have seen in IMI.

In any event we need a URI that can contain the host name for  
hostmeta,  and not be confused with a regular resource URI.

We are close to http range-14 territory.   If we don't want to  
describe a host as a non-information resource,  what is the URI.    
That is the crux of the problem.

John B.
On 25-Aug-09, at 4:44 PM, Scott Cantor wrote:

> John Bradley wrote on 2009-08-25:
>> The problem with a URN in the OASIS space would be that it needs to
>> include the host name to match the  CN of the signing cert.
>
> Don't forget subjectAltName, which should take precedence.
>
> But anything defined has that requirement, and by extension will  
> require the
> extraction of that information from the "URI" for comparison  
> purposes along
> with some clear set of matching rules (i.e. what about wildcard  
> certs, what
> about tail matching for constraining authority in some cases, etc.).
>
> -- Scott
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]