On 10/24/14, 11:42 AM, Leif Johansson wrote:
On 2014-10-24 19:29, Peter Saint-Andre wrote:
On Oct 24, 2014, at 10:51 AM, Ilari Liusvaara <[email protected]>
wrote:
On Fri, Oct 24, 2014 at 05:21:03PM +0200, Leif Johansson wrote:
Folks,
This email starts a 2 week WGLC for draft-ietf-uta-tls-bcp-06. Please
provide your comments no later than Friday the 7th of November.
Should there be anything about ensuring that trust anchors are
properly validated? After all, path validation doesn't mean much
if there are trivial ways to bypass it.
Referencing RFC 5280 and RFC 6125 might be enough in this context.
Maybe stick that in the security considerations section?
I suggest adding the following paragraph at the end of Section 7.1:
Host name validation typically applies only to the leaf "end entity"
certificate. Naturally, in order to ensure proper authentication in
the context of the PKI, application clients need to verify the entire
certification path in accordance with [RFC5280] (see also [RFC6125]).
Peter
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
