- From: Peter Williams <home_pw@msn.com>
- Date: Tue, 3 Jan 2012 12:12:45 -0800
- To: <mo.mcroberts@bbc.co.uk>, <kidehen@openlinksw.com>
- CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-W29DBAB2BAFAA1A72641A6F92960@phx.gbl>
Concerning validation-centric thinking, and 3 generations of root ca that ive been involved in, see http://yorkporc.wordpress.com/2012/01/03/validation-fabric-and-uri-in-cn/ Note type 3. Its has a URI in the CN. The world didnt collapse. In fact, there are 3 roots that have that display name, onbe of which got sold for a million dollars as an asset transfer, and is now owned by folks who do NOT control www.valicert.com domain name (if it even exists). A certain lawyer (rather famous these days in goverment circles on federal trust networking) also wroteup the policy, for a validation-centric reliance model. SOmeone even wrote up an aligned (Mphil-grade) phd dissertaion addressing the theory (that was classifed as total crap, on examination). But, its fun being on the leading edge. > From: mo.mcroberts@bbc.co.uk > Date: Tue, 3 Jan 2012 14:28:38 +0000 > CC: public-xg-webid@w3.org > To: kidehen@openlinksw.com > Subject: Re: WebID equivalence > > > On 3 Jan 2012, at 14:06, Kingsley Idehen wrote: > > > On 1/3/12 7:22 AM, Henry Story wrote: > >>> What is an important point to consider re. WebID is what should be done when the CN contains URLs? > >> A Common Name is not meant to be a URL so there is nothing to do there, unless you want to do screen scraping or detective work. > > > > So you are claiming this is wrong then? > > > > Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, > > OU=FreeSoft,CN=www.freesoft.org/emailAddress=baccala@freesoft.org > > > CN=www.freesoft.org is not a CN containing a URL, for a start. A CN is effectively arbitrary, will often be used for matching (cf. clients comparing SSL server hostnames). > > (You could add a URI as a DN attribute, though, if you know the signing entity will accept it — just pick or define an appropriate attribute OID). > > Whether *parts* of a DN should trigger special processing on the part of a receiver is a different matter. I can't recall what ITU recs have to say on the subject. I do know that a number of free personal certificate issuers mandate that the CN is a fixed string. > > M. > > -- > Mo McRoberts - Technical Lead - The Space, > 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E, > Project Office: Room 7083, BBC Television Centre, London W12 7RJ > > > >
Received on Tuesday, 3 January 2012 20:15:45 UTC