size of client cert, and unknown extensions, unrecognized URI schemes from peter williams on 2011-03-02 (public-xg-webid@w3.org from March 2011)

From: peter williams <home_pw@msn.com>
Date: Wed, 2 Mar 2011 14:36:34 -0800
To: "'WebID Incubator Group WG'" <public-xg-webid@w3.org>
Message-ID: <SNT143-ds11FFDC974A55240E9ACFA992C00@phx.gbl>

Should the spec say that the client cert has no limit on size (except what
SSL imposes)?

 

Should it say that critical extensions must be processed in conforming
manner (or is the VA not required to be conforming)? Typically, if the VA
does not recognize and handle critical extension X, its required to view the
cert as invalid. But! That's an X.509 semantic, that really doesn't apply
here (particularly when the cert is self-signed, and not truly "a cert" in
any case, being technically a "trust anchor").

 

Presumably, the VA need only process those URI schemes it recognizes in the
SAN URI field, just ignoring the rest as if not present.

 

Im  going to be putting some large data URIs in my SANs, to see what
happens. They will contain javascript, and json. The javascript will
probably include an implementation of DES, suitably modified so it's not
standard DEA.

Received on Wednesday, 2 March 2011 22:37:29 UTC