- From: Peter Williams <home_pw@msn.com>
- Date: Tue, 15 Feb 2011 08:37:20 -0800
- To: Stéphane Corlosquet <scorlosquet@gmail.com>
- CC: WebID XG <public-xg-webid@w3.org>
- Message-ID: <BLU0-SMTP15213430FAD230D7036548892D30@phx.gbl>
Pkix is about the pki interpretation of x 509. It's not the only interpretation. It's not even the only pki-centric profile of the standard. Should webid require pki? Should webid requires pkix? (2 different questions) Can it use self signed certs that are not pkix conforming ? Can pkix requiring sites using the webid protocol refuse to even process certs that are non conforming to pkix (eg missing this or that mandatory extension)? This Is a minimum interworking type question. Today, browsers and servers work with both pkix and non pkix (and non pki) certs. On Feb 15, 2011, at 7:35 AM, Stéphane Corlosquet <scorlosquet@gmail.com> wrote: > > > ---------- Forwarded message ---------- > From: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk> > Date: Mon, Aug 16, 2010 at 7:16 AM > Subject: Re: [foaf-protocols] Webid Spec: Reference to the X.509 RFC 5280? > To: Akbar Hossain <akkiehossain@gmail.com> > Cc: foaf-protocols@lists.foaf-project.org > > > Hi, > > The PKIX spec (RFC 5280) is based on X.509, so it does repeat some of > the content of the X.509 spec and puts it into context (for a PKI). > However, the permitted values for the SAN are in the X.509 Specification. > http://www.itu.int/rec/T-REC-X.509-200508-I/en > (section 8.3.2.1) > > Regarding Webfinger/Fingerpoint, I'm not quite sure how widespread this > is yet. > > Best wishes, > > Bruno. > > On 13/08/2010 22:53, Akbar Hossain wrote: > > Sorry - I should have said why I was looking for it! > > > > I was reading thru http://tools.ietf.org/html/rfc5280#section-4.2.1.6 > > > > Which I thought was the definition of the permitted values within the > > Subject Alternative Name (SAN) > > > > I guess this is a possible reference too. > > > > http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ > > > > I was thinking that a section of the spec could be structured as a > > table with the permitted entries in SAN > > and the possible ways to deference the agent details. > > > > We dont need to (or cant) specify all but it would be easy to > > visualise how other deferencing schemes to discover the identifying > > agents profile could be added to the spec at a later stage if for > > example against email we listed webfinger and fingerpoint for example. > > > > Just a thought. > > > > On Fri, Aug 13, 2010 at 9:55 PM, Bruno Harbulot > > <Bruno.Harbulot@manchester.ac.uk> wrote: > >> > >> > >> On 13/08/2010 20:53, Akbar Hossain wrote: > >>> Hi, > >>> > >>> Minor suggestion. Perhaps we should add a link (reference) to the X.509 RFC. > >>> > >>> I think it is here. http://tools.ietf.org/html/rfc5280 > >> > >> I'm not sure if we need to. This isn't the X.509 RFC but the PKIX RFC, > >> which is exactly what we avoid to do. (The X.509 specification isn't an > >> IETF RFC.) > >> > >> Best wishes, > >> > >> Bruno. > >> _______________________________________________ > >> foaf-protocols mailing list > >> foaf-protocols@lists.foaf-project.org > >> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols > >> > _______________________________________________ > foaf-protocols mailing list > foaf-protocols@lists.foaf-project.org > http://lists.foaf-project.org/mailman/listinfo/foaf-protocols >
Received on Tuesday, 15 February 2011 16:38:15 UTC