- From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Tue, 01 Feb 2011 10:18:23 +0000
- To: public-xg-webid@w3.org
WebID-ISSUE-19: x509v3 Independence and TLS Extensions [WebID Spec] http://www.w3.org/2005/Incubator/webid/track/issues/19 Raised by: Nathan Rixham On product: WebID Spec WebID Protocol is currently tightly bound to the use of X.509v3 certificates, re-purposing the subjectAltName extension in order to carry an "Identification Agents" "WebID URI". However, RFC 4346 "Transport Layer Security (TLS) Extensions" [1] (obsoleting RFC 3546) defines several general extension methods including "Extended Client Hello" [2]. The Client Hello of TLS can be extended in order to pass the identifying agents "WebID URI" in a certificate independent manner, by creating a well defined extension. This approach is already used by such specifications as Secure Remote Password (SRP) [3,4,5] which defines the "SRP Extension" [6] in order to pass user names via Client Hello. The definition and use of a TLS extension would remove the need for "custom" X.509v3 certificates which require the presence of a "WebID URI" in the subjectAlternativeName certificate extension, allowing any X.509v3 certificate (should the use of certificates be deemed as needed), or the use of PGP Certificates as defined by TLSPGP[7], and additionally resolve ISSUE-1 "Multiple URI entries in the SAN extension". [1] http://tools.ietf.org/html/rfc4366 [2] http://tools.ietf.org/html/rfc4366#section-2.1 [3] http://en.wikipedia.org/wiki/Secure_remote_password_protocol [4] http://srp.stanford.edu/ [5] http://tools.ietf.org/html/rfc2945 [6] http://tools.ietf.org/html/rfc5054#section-2.8.1 [7] http://tools.ietf.org/html/rfc5081
Received on Tuesday, 1 February 2011 10:18:25 UTC