I've read draft-rescorla-tls-subcerts-01 and have a few comments.
It's a well written document and the low-level mechanics look ok. However,
I think I have a couple of issues with the overall design.
First: it is not self-sufficient. The fact that clients must opt-in implies
that servers must
Hi,
I am in favor of adoption of the draft. This is an important issue we need
to address.
Yours,
Daniel
On Wed, Apr 12, 2017 at 3:31 PM, Sean Turner wrote:
> All,
>
> At our IETF 98 session, there was support in the room to adopt
> draft-rescorla-tls-subcerts [0]. We need to
Russ Housley writes:
>I want to see a solution to this problem, but I think we should look at RFC
>3820, X.509 Proxy Certificate Profile. I know that this was implemented, but
>I do not know if it is still in use.
It's fairly heavily used in grid computing. It would
Subodh:
>
> @Russ there's some discussion about comparison with proxy certs in the
> current draft.
>
Yes, I saw the list of bullets in Section 5. I think that a TLS-specific
delegation is a good idea, but I do not agree with all of the points into
bullets. That said, we should not be
S; IETF LURK
Subject: Re: [TLS] [Lurk] WG Call for adoption of draft-rescorla-tls-subcerts
On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner
<s...@sn3rd.com<mailto:s...@sn3rd.com>> wrote:
All,
At our IETF 98 session, there was support in the room to adopt
draft-rescorla-tls-subcerts
On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner > wrote:
All,
At our IETF 98 session, there was support in the room to adopt
draft-rescorla-tls-subcerts [0]. We need to confirm this support on the list
so please let the list know whether you support
On 4/12/17 11:31 AM, Sean Turner wrote:
> At our IETF 98 session, there was support in the room to adopt
> draft-rescorla-tls-subcerts [0]. We need to confirm this support on
> the list so please let the list know whether you support adoption of
> the draft and are willing to review/comment on
Unsurprisingly, I favor adopting this draft.
-Ekr
On Wed, Apr 12, 2017 at 12:31 PM, Sean Turner wrote:
> All,
>
> At our IETF 98 session, there was support in the room to adopt
> draft-rescorla-tls-subcerts [0]. We need to confirm this support on the
> list so please let the