[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] TLS CCA certificate filtering according to Google
From: Anders Rundgren <anders.rundgren () telia ! com>
Date: 2012-10-12 8:35:50
Message-ID: 5077D666.8090706 () telia ! com
[Download RAW message or body]
On 2012-10-12 10:21, Henry Story wrote:
> Btw. The WebID protocol we do have a case for certificate filtering,
> which I explain in more detail here:
>
> http://lists.w3.org/Archives/Public/public-webid/2012Oct/0117.html
>
> Perhaps this can be used as a guide for this group to think about improvements.
This is what I've been playing with in non-TLS CCA contexts:
https://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/crypto/CertificateFilter.java
Anders
> Otherwise I would like to know what people here make of the feasability of
> having a WebID DN hack as suggested there?
>
> Henry
>
> On 12 Oct 2012, at 10:13, Anders Rundgren <anders.rundgren@telia.com> wrote:
>
> > http://code.google.com/p/android/issues/detail?id=38393
> >
> > "I designed the API with the intent that filtering could be added later if \
> > necessary, but I've never been convinced that users really are going to have \
> > large numbers of keys. What I said about issuer filtering really is true. It \
> > almost always is configured wrong if at all. If you can motivate a use case, I'm \
> > all ears"
> > The fact is that certificate filtering in TLS is in a big need for improvement,
> > not only in Android but at the protocol level as well.
> >
> > The alternative (which is probably what will happen) is that TLS CCA remains
> > a great solution for creating "secure tunnels between boxes".
> >
> > -- Anders
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls
>
> Social Web Architect
> http://bblfish.net/
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic