ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [certid] Fwd: secdir review of draft-saintandre-tls-server-id-check-09

2010-09-22 12:48:56
from [Barry Leiba] [Permanent Link] 
Tangent: I know we want to avoid implementations that do foolish things
being claimed as compliant, but IMO, the requirement that input come
from a "human user" is goofy for a technical specification and in
practice a non-starter.  A web browser that followed a HTTP redirection
to a https: URL would violate it.  The web has evolved toward complex
applications in which all pretense that the user is mediating the
issuance of HTTP requests has been abandoned, which brings major
productivity benefits as well as major security implications; ignoring
this would be a mistake.


Wes Hardaker also raised this issue in his review. Jeff and I agree that
this is an open issue and are working to address it.


Addressing that would likely satisfy my issue nicely.

Barry
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Isis-wg] Fwd: Re: Last Call: draft-ietf-isis-bfd-tlv (IS-IS BFD EnabledTLV) to Proposed Standard, Les Ginsberg (ginsberg)
Next by Date:  Re: Why require EKU for certid?, Peter Saint-Andre
Previous by Thread:  Re: [certid] Fwd: secdir review of draft-saintandre-tls-server-id-check-09, Peter Saint-Andre
Next by Thread:  RE: [Isis-wg] Fwd: Re: Last Call: draft-ietf-isis-bfd-tlv (IS-IS BFD EnabledTLV) to Proposed Standard, Les Ginsberg (ginsberg)
Indexes:  [Date] [Thread] [Top] [All Lists]