On Fri, Oct 24, 2014 at 05:21:03PM +0200, Leif Johansson wrote: > > Folks, > > This email starts a 2 week WGLC for draft-ietf-uta-tls-bcp-06. Please > provide your comments no later than Friday the 7th of November.
Should there be anything about ensuring that trust anchors are properly validated? After all, path validation doesn't mean much if there are trivial ways to bypass it. There have been programs that do proper validation of names, but: 1) Accept inapporiate self-signed certificates. 2) Accept any certificate signed by a "CA" (don't validate TAs). 3) Both 1 and 2 at once. The set of apporiate trust anchors is obviously application-specific and could even include EE certificates (or RFC 7250 RPKs). -Ilari _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
