From Rick_Andrews@symantec.com Mon Feb 3 11:59:23 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A70121A0162 for ; Mon, 3 Feb 2014 11:59:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.735 X-Spam-Level: X-Spam-Status: No, score=-4.735 tagged_above=-999 required=5 tests=[BAYES_50=0.8, FUZZY_CPILL=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iFHu7th4k0t3 for ; Mon, 3 Feb 2014 11:59:22 -0800 (PST) Received: from tus1smtoutpex01.symantec.com (tus1smtoutpex01.symantec.com [216.10.195.241]) by ietfa.amsl.com (Postfix) with ESMTP id 0E0BB1A015A for ; Mon, 3 Feb 2014 11:59:22 -0800 (PST) X-AuditID: d80ac3f1-b7ef88e00000534e-44-52eff5199041 Received: from tus1opsmtapin01.ges.symantec.com (tus1opsmtapin01.ges.symantec.com [192.168.214.43]) by tus1smtoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id 9F.85.21326.915FFE25; Mon, 3 Feb 2014 19:59:21 +0000 (GMT) Received: from [155.64.220.137] (helo=TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM) by tus1opsmtapin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from ) id 1WAPft-00045y-Ok; Mon, 03 Feb 2014 19:59:21 +0000 Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.146]) by TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM ([155.64.220.137]) with mapi; Mon, 3 Feb 2014 11:59:22 -0800 From: Rick Andrews To: Tim Moses , "wpkops@ietf.org" Date: Mon, 3 Feb 2014 11:59:20 -0800 Thread-Topic: Survey says ... Thread-Index: Ac8g9qKKTQrt7lSbQv6NeNYTxuHDuQAH6UvwAABgMWAAAKZ94A== Message-ID: <544B0DD62A64C1448B2DA253C011414607C3BEAD67@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> References: <272E7340-460D-40AF-B95D-43861F0F7052@entrust.com> <544B0DD62A64C1448B2DA253C011414607C3BEAD09@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <5B68A271B9C97046963CB6A5B8D6F62CB7B38B81@SOTTEXCH10.corp.ad.entrust.com> In-Reply-To: <5B68A271B9C97046963CB6A5B8D6F62CB7B38B81@SOTTEXCH10.corp.ad.entrust.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjkeLIzCtJLcpLzFFi42I5sOKatq7k1/dBBq8mGlssOriB1eLmqe2s DkweLz/vZvRYsuQnUwBTFJdNSmpOZllqkb5dAlfG0XPiBaf4K9qe/GFuYDzC08XIySEhYCLx o7eXHcIWk7hwbz1bFyMXh5DAB0aJxzc/skA4rxglmhd8ZQSpEhJYyShxakUEiM0moCex5fEV oG4ODhEBL4meA3UgJouAisTp0zEgFcICMhJ3P/1gAbFFBGQljr+/AmU7Sfy7fgLM5hWIkjj1 bwoTxKrbjBJtx68xgyQ4BcIkvvzqALMZgY77fmoNE4jNLCAucevJfCaIowUkluw5zwxhi0q8 fPyPFaJeVOJO+3pGiHodiQW7P7FB2NoSyxa+ZoZYLChxcuYTlgmMYrOQjJ2FpGUWkpZZSFoW MLKsYpQpKS02LM4tyS8tKUitMDDUK67MTQTGUbJecn7uJkZgLN3gOvxxB+P1pYqHGAU4GJV4 eBe9fh8kxJpYBlR5iFGCg1lJhNfvE1CINyWxsiq1KD++qDQntfgQozQHi5I475L0FUFCAumJ JanZqakFqUUwWSYOTqkGRp4JkxeYHYjNn6NgI3Et2PZq6ql3+as37efcvjxo+qE7M0P5z9rV cTq+bPZ6cUuAwUzUMrbYOM41U1e4Kveb1+cGX7+ul1cvLuX+pts0Wa/CtHBG6clVRsIrm1v0 7hwI7rtu3h7nxLTvVLLY6zfGvwyk1z74E8Or9Js/TU/Fuiihyp3j69JvSizFGYmGWsxFxYkA TG75KaECAAA= Subject: Re: [wpkops] Survey says ... X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Feb 2014 19:59:23 -0000 OK, it's posted to the Results page. http://tools.ietf.org/wg/wpkops/trac/wiki# -Rick > -----Original Message----- > From: Tim Moses [mailto:tim.moses@entrust.com] > Sent: Monday, February 03, 2014 11:41 AM > To: Rick Andrews > Subject: RE: Survey says ... >=20 > Hi Rick. We should post them. See if your credentials will allow you > to post. If not, I can post them. All the best. Tim. >=20 > -----Original Message----- > From: Rick Andrews [mailto:Rick_Andrews@symantec.com] > Sent: Monday, February 03, 2014 2:36 PM > To: Tim Moses; Jeremy Rowley; Bruce Morton; Inigo Barreira; Paul > Hoffman; Adam Langley; Phillip Hallam-Baker; David Chadwick; Ben > Wilson; Wayne Thayer; Santosh Chokhani; Robin Alden > Cc: Joel Jaeggli > Subject: RE: Survey says ... >=20 > All, >=20 > At this moment, I have received: > Servers: 1 (Cloudflare), and partial results from Microsoft > Clients: 1 (Comodo), and partial results from Microsoft > OCSP Responders: 17 out of 67, and partial results from Microsoft > Actalis, Buypass, Certinomis, Chungwha Telecom, Comodo, > Entrust, Government of Hong Kong, HARICA, KEYNECTIS, SwissSign AG, > TeliaSonera, Trend Micro, Trust Center, Trustis, VeriSign (owned by > Symantec), Safelayer Keyone and Cloudflare >=20 > I can post the file with all responses to the wiki (minus the Microsoft > data) if you wish. >=20 > -Rick >=20 > > -----Original Message----- > > From: Tim Moses [mailto:tim.moses@entrust.com] > > Sent: Monday, February 03, 2014 7:43 AM > > To: Jeremy Rowley; Rick Andrews; Bruce Morton; Inigo Barreira; Paul > > Hoffman; Adam Langley; Phillip Hallam-Baker; David Chadwick; Ben > > Wilson; Wayne Thayer; Santosh Chokhani; Robin Alden > > Cc: Joel Jaeggli > > Subject: Survey says ... > > > > Guys. The survey deadline passed. Would you like to meet by phone > to > > discuss results, gaps, next steps? The deadline for ID submission is > > coming up. > > > > All the best. Tim. From Rick_Andrews@symantec.com Tue Feb 11 10:22:39 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8CF01A06C7 for ; Tue, 11 Feb 2014 10:22:39 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.449 X-Spam-Level: X-Spam-Status: No, score=-7.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNY9ulaPLq2Z for ; Tue, 11 Feb 2014 10:22:38 -0800 (PST) Received: from tus1smtoutpex03.symantec.com (tus1smtoutpex03.symantec.com [216.10.195.243]) by ietfa.amsl.com (Postfix) with ESMTP id 9686D1A069A for ; Tue, 11 Feb 2014 10:22:33 -0800 (PST) X-AuditID: d80ac3f3-b7f838e000007622-e7-52fa6a68cdde Received: from tus1opsmtapin01.ges.symantec.com (tus1opsmtapin01.ges.symantec.com [192.168.214.43]) by tus1smtoutpex03.symantec.com (Symantec Brightmail Gateway out) with SMTP id D1.22.30242.86A6AF25; Tue, 11 Feb 2014 18:22:33 +0000 (GMT) Received: from [155.64.220.137] (helo=TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM) by tus1opsmtapin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from ) id 1WDHya-0007QX-Tn for wpkops@ietf.org; Tue, 11 Feb 2014 18:22:32 +0000 Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.146]) by TUS1XCHHUBPIN01.SYMC.SYMANTEC.COM ([155.64.220.137]) with mapi; Tue, 11 Feb 2014 10:22:33 -0800 From: Rick Andrews To: "wpkops@ietf.org" Date: Tue, 11 Feb 2014 10:22:31 -0800 Thread-Topic: Test site Thread-Index: Ac8nIHCDMhKEIHa/RSmApPe3FaZdNwANbEDg Message-ID: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrDLMWRmVeSWpSXmKPExsVyYMU1bd3MrF9BBufCLG6e2s7qwOixZMlP pgDGKC6blNSczLLUIn27BK6M0x2PmArmMFc8WvWAqYFxAnMXIyeHhICJxIwrTxkhbDGJC/fW s3UxcnEICXxglJh66CYThNPAJPHn3x4WCGcVo8TNSU2sIC1sAnoSWx5fYQexRQTUJT4tuc4E YrMIqEocW/GABcQWFhCSeLjhKyNEjbhEQ+sMKNtI4sf7T2A1vAJREi+b3oHZjEBnfD+1BmwO M1D9rSfzmSDOE5BYsuc81NmiEi8f/2OFqBeVuNO+HmgmB1C9psT6XfoQrYoSU7ofskOMF5Q4 OfMJywRGkVlIps5C6JiFpGMWko4FjCyrGGVKSosNi3NL8ktLClIrDIz1iitzE4ExkKyXnJ+7 iREYBze4Dn/ewbjwh/4hRgEORiUeXpakX0FCrIllQJWHGCU4mJVEeNXUgEK8KYmVValF+fFF pTmpxYcYpTlYlMR5l6avCBISSE8sSc1OTS1ILYLJMnFwSjUwqr9b6vtxR/8CxUk+K4/U+BS/ riq/xDl5wSSNHx9NJ1WFLs3tt8zQW/rQ9/VVxvdnGr7+PLb+wqX+i2+t2OrNPd/smtWrWzNP t8JU93qhqDHDCdEXtw1FztucniJizTF5yrrIJ4l3hMrtjCzbZ/41SAl4xbH1JP+bv0GTpyx9 msv3VLhAaLn/AyWW4oxEQy3mouJEAD2Wqu9/AgAA Subject: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2014 18:22:40 -0000 SSByZWNlaXZlZCB0aGlzIHJlcXVlc3QgZnJvbSBNb3ppbGxhOg0KDQpBcmUgeW91IGFibGUgdG8g cHJvdmlkZSBVUkxzIGZvciB0ZXN0IHNpdGVzIHdpdGggYXBwcm9wcmlhdGUgY2VydHMgZm9yDQpz ZWN0aW9uIDEwKSwgbnVtYmVycyBmKSBhbmQgZyk/IEkgYW0gdW5hYmxlIHRvIGZpbmQgYW55IElE TiBUTFMgc2l0ZXMhDQpBbHNvLCBJIGNvdWxkIGRvIHdpdGggc29tZSBleGFtcGxlICJicm9rZW4i IFNTTCBjZXJ0IHNpdGVzIGZvciAxNikgYikuDQoNCklzIGFueW9uZSBhYmxlIHRvIGhlbHAgaGVy ZT8NCg0KLVJpY2sNCg0K From gapinski@nasa.gov Tue Feb 11 11:20:15 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D65BF1A06F4 for ; Tue, 11 Feb 2014 11:20:15 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.55 X-Spam-Level: X-Spam-Status: No, score=-0.55 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5hAthCPfC5UN for ; Tue, 11 Feb 2014 11:20:13 -0800 (PST) Received: from ndmsnpf01.ndc.nasa.gov (ndmsnpf01.ndc.nasa.gov [IPv6:2001:4d0:8302:1100::101]) by ietfa.amsl.com (Postfix) with ESMTP id 47D6D1A0718 for ; Tue, 11 Feb 2014 11:20:13 -0800 (PST) Received: from ndjsppt104.ndc.nasa.gov (ndjsppt104.ndc.nasa.gov [198.117.1.198]) by ndmsnpf01.ndc.nasa.gov (Postfix) with ESMTP id 0A6562600F1 for ; Tue, 11 Feb 2014 13:20:20 -0600 (CST) Received: from NDJSCHT110.ndc.nasa.gov (ndjscht110-pub.ndc.nasa.gov [198.117.1.210]) by ndjsppt104.ndc.nasa.gov (8.14.5/8.14.5) with ESMTP id s1BJKCFt017662 for ; Tue, 11 Feb 2014 13:20:12 -0600 Received: from [139.88.188.52] (139.88.188.52) by smtp01.ndc.nasa.gov (198.117.1.210) with Microsoft SMTP Server (TLS) id 14.3.174.1; Tue, 11 Feb 2014 13:20:12 -0600 Message-ID: <52FA77E9.70708@nasa.gov> Date: Tue, 11 Feb 2014 14:20:09 -0500 From: Gary Gapinski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> In-Reply-To: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [139.88.188.52] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-02-11_06:2014-02-11,2014-02-11,1970-01-01 signatures=0 Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2014 19:20:16 -0000 On 02/11/2014 01:22 PM, Rick Andrews wrote: > I received this request from Mozilla: > > Are you able to provide URLs for test sites with appropriate certs for > section 10), numbers f) and g)? 10f: /If ALPN and NPN are supported, is NPN ignored when an ALPN extension is also present? yes no/ A somewhat quick search does not find much other than NPN is supported in OpenSSL (and reputedly in NSS). Unsure about ALPN support. I am uncertain how precise such a test server would have to be. I can do a bit more searching this evening. As far as I can tell, these are protocols and the certs should not matter (other than being handily trusted). I am also uncertain whether Apache HTTP Server augmented with mod_spdy would suffice, at least for NPN. 10g: /Does the product support a ServerHello larger than 255 bytes? yes no/ This will require re-re-reading the TLS 1.2 RFC followed by some casting about for arbitrary ServerHello capability. > I am unable to find any IDN TLS sites! I can probably create one. I could not find any reference to IDN in the questionnaire. !!! Sigh. I looked at the server portion of the questionnaire while making the above comments. I will presume this was (Mozilla) asking about the browser section, so, starting over… > Are you able to provide URLs for test sites with appropriate certs for > section 10), numbers f) and g)? I am unable to find any IDN TLS sites! 10f: /What is the behavior when the user types in a URL using a Punycode name and the TLS certificate contains only the native encoding of the domain name?/ 10g: /What is the behavior when the user types in a URL using a native encoding of the domain name and the TLS certificate contains only the Punycode name?/ I expect such a test site can be manufactured, but I cannot promise anything immediately. The variant certs would have to be hand crafted and thus self-signed (or signed by a hand-crafted CA). This is a few hours of work (I have not looked at IDN names for much longer than my one week info retention half-life) to obtain an appropriate domain name (punycode needs to be within an appropriate IDN TLD for browsers to render properly), set up a TLS HTTP service for that DNS name, and create the necessary specimens. I am uncertain whether OpenSSL or similar applications will support use of Unicode in subject CN and Subject Alternative Name (10f, unless I misunderstand "native encoding"). > Also, I could do with some example "broken" SSL cert sites for 16) b). This will also require hand-crafted certs. > Is anyone able to help here? I will look tonight to see if there are any extant sites which offer any of these. The alternative is many hours of work to create the necessary specimens. Regards, Gary From gerv@mozilla.org Tue Feb 11 11:33:06 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 389B91A06F8 for ; Tue, 11 Feb 2014 11:33:06 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JPb3oA7yH5gz for ; Tue, 11 Feb 2014 11:33:03 -0800 (PST) Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) by ietfa.amsl.com (Postfix) with ESMTP id 47D701A0705 for ; Tue, 11 Feb 2014 11:33:03 -0800 (PST) Received: from [81.187.243.93] (port=60854 helo=[192.168.0.100]) by haggis.mythic-beasts.com with esmtpa (Exim 4.72) (envelope-from ) id 1WDJ4i-0007Nn-K7; Tue, 11 Feb 2014 19:32:57 +0000 Message-ID: <52FA7AE8.7050109@mozilla.org> Date: Tue, 11 Feb 2014 19:32:56 +0000 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Thunderbird/29.0a2 MIME-Version: 1.0 To: Gary Gapinski , "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <52FA77E9.70708@nasa.gov> In-Reply-To: <52FA77E9.70708@nasa.gov> X-Enigmail-Version: 1.6 OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BlackCat-Spam-Score: -28 X-Mythic-Debug: Threshold = On = Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2014 19:33:06 -0000 On 11/02/14 19:20, Gary Gapinski wrote: > I will look tonight to see if there are any extant sites which offer any > of these. The alternative is many hours of work to create the necessary > specimens. If there are no such sites, what is the point of the question, and who asked it? Gerv From gapinski@nasa.gov Tue Feb 11 11:48:12 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A524D1A0729 for ; Tue, 11 Feb 2014 11:48:12 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.449 X-Spam-Level: X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I4NTHk0BKS92 for ; Tue, 11 Feb 2014 11:48:11 -0800 (PST) Received: from ndmsnpf02.ndc.nasa.gov (ndmsnpf02.ndc.nasa.gov [IPv6:2001:4d0:8302:1100::102]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2171A0713 for ; Tue, 11 Feb 2014 11:48:11 -0800 (PST) Received: from ndjsppt102.ndc.nasa.gov (ndjsppt102.ndc.nasa.gov [198.117.1.196]) by ndmsnpf02.ndc.nasa.gov (Postfix) with ESMTP id 4BE79D800F; Tue, 11 Feb 2014 13:48:14 -0600 (CST) Received: from NDJSCHT110.ndc.nasa.gov (ndjscht110-pub.ndc.nasa.gov [198.117.1.210]) by ndjsppt102.ndc.nasa.gov (8.14.5/8.14.5) with ESMTP id s1BJmA2d025824; Tue, 11 Feb 2014 13:48:10 -0600 Received: from [139.88.188.52] (139.88.188.52) by smtp01.ndc.nasa.gov (198.117.1.210) with Microsoft SMTP Server (TLS) id 14.3.174.1; Tue, 11 Feb 2014 13:48:10 -0600 Message-ID: <52FA7E77.30507@nasa.gov> Date: Tue, 11 Feb 2014 14:48:07 -0500 From: Gary Gapinski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Gervase Markham , "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <52FA77E9.70708@nasa.gov> <52FA7AE8.7050109@mozilla.org> In-Reply-To: <52FA7AE8.7050109@mozilla.org> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [139.88.188.52] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-02-11_06:2014-02-11,2014-02-11,1970-01-01 signatures=0 Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2014 19:48:12 -0000 On 02/11/2014 02:32 PM, Gervase Markham wrote: > If there are no such sites, what is the point of the question, and who > asked it? Gerv I do not recall the provenance. I suspect 10 f&g were less important (Punycode/Unicode parity) than 16, which was to elicit which routine conditions triggered user notification as well subsequent user options. Regards, Gary From paul.hoffman@vpnc.org Tue Feb 11 13:21:04 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD071A0754 for ; Tue, 11 Feb 2014 13:21:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.347 X-Spam-Level: X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HkWpyBSH7fRe for ; Tue, 11 Feb 2014 13:21:02 -0800 (PST) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 7327C1A075E for ; Tue, 11 Feb 2014 13:21:02 -0800 (PST) Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s1BLKxHj068144 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 11 Feb 2014 14:21:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90] Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) From: Paul Hoffman In-Reply-To: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> Date: Tue, 11 Feb 2014 13:20:58 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> To: "wpkops@ietf.org" X-Mailer: Apple Mail (2.1827) Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2014 21:21:04 -0000 On Feb 11, 2014, at 10:22 AM, Rick Andrews = wrote: > I am unable to find any IDN TLS sites! I am in the process of seeing if I can do this for =E9xample.com using = StartSSL. I'll report back within a day or so. (The things we do to = avoid paying $20...) --Paul Hoffman From paul.hoffman@vpnc.org Tue Feb 11 16:34:49 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EA451A0769 for ; Tue, 11 Feb 2014 16:34:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 1.128 X-Spam-Level: * X-Spam-Status: No, score=1.128 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q2KNNrFKlUYc for ; Tue, 11 Feb 2014 16:34:48 -0800 (PST) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id EAF0A1A0767 for ; Tue, 11 Feb 2014 16:34:47 -0800 (PST) Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s1C0YivF000784 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 11 Feb 2014 17:34:46 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90] Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) From: Paul Hoffman In-Reply-To: Date: Tue, 11 Feb 2014 16:34:45 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> To: "wpkops@ietf.org" X-Mailer: Apple Mail (2.1827) Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Feb 2014 00:34:49 -0000 >> I am unable to find any IDN TLS sites! https://www.=E9xample.com/ (also known as = https://www.xn--xample-9ua.com/) should now let you test. --Paul Hoffman= From gerv@mozilla.org Wed Feb 12 04:22:41 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E3951A097D for ; Wed, 12 Feb 2014 04:22:41 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.275 X-Spam-Level: *** X-Spam-Status: No, score=3.275 tagged_above=-999 required=5 tests=[BAYES_50=0.8, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ickrIlsICXRN for ; Wed, 12 Feb 2014 04:22:38 -0800 (PST) Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) by ietfa.amsl.com (Postfix) with ESMTP id A14401A0973 for ; Wed, 12 Feb 2014 04:22:38 -0800 (PST) Received: from [81.187.243.93] (port=41250 helo=[192.168.0.100]) by haggis.mythic-beasts.com with esmtpa (Exim 4.72) (envelope-from ) id 1WDYpn-0005Hi-7l; Wed, 12 Feb 2014 12:22:36 +0000 Message-ID: <52FB678A.2080903@mozilla.org> Date: Wed, 12 Feb 2014 12:22:34 +0000 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Thunderbird/29.0a2 MIME-Version: 1.0 To: Paul Hoffman , "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> In-Reply-To: X-Enigmail-Version: 1.6 OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BlackCat-Spam-Score: -3 X-Mythic-Debug: Threshold = On = Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Feb 2014 12:22:41 -0000 On 12/02/14 00:34, Paul Hoffman wrote: > https://www.éxample.com/ (also known as https://www.xn--xample-9ua.com/) should now let you test. Super :-) That helps us test 10 g), but not 10 f). For 10 f), we need a certificate which has only the native encoding of the domain name in CN (i.e. not punycode). Can such a cert be obtained? Gerv From rob.stradling@comodo.com Wed Feb 12 04:53:22 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA86A1A090C for ; Wed, 12 Feb 2014 04:53:22 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.885 X-Spam-Level: *** X-Spam-Status: No, score=3.885 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v3_CgaR7AKYv for ; Wed, 12 Feb 2014 04:53:19 -0800 (PST) Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) by ietfa.amsl.com (Postfix) with ESMTP id 311551A0873 for ; Wed, 12 Feb 2014 04:53:18 -0800 (PST) Received: (qmail 27327 invoked by uid 1000); 12 Feb 2014 12:53:15 -0000 Received: from nigel.brad.office.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (CAMELLIA256-SHA encrypted) ESMTPSA; Wed, 12 Feb 2014 12:53:15 +0000 Message-ID: <52FB6EBB.4060009@comodo.com> Date: Wed, 12 Feb 2014 12:53:15 +0000 From: Rob Stradling User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: Gervase Markham , Paul Hoffman , "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <52FB678A.2080903@mozilla.org> In-Reply-To: <52FB678A.2080903@mozilla.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Feb 2014 12:53:22 -0000 On 12/02/14 12:22, Gervase Markham wrote: > On 12/02/14 00:34, Paul Hoffman wrote: >> https://www.éxample.com/ (also known as https://www.xn--xample-9ua.com/) should now let you test. > > Super :-) That helps us test 10 g), but not 10 f). For 10 f), we need a > certificate which has only the native encoding of the domain name in CN > (i.e. not punycode). Can such a cert be obtained? Yes. In fact, here's one Paul requested from us (for www.éxample.com) a few years ago... -----BEGIN CERTIFICATE----- MIIFEjCCA/qgAwIBAgIQfTHDtUpDIdCWrwqjW2IwmDANBgkqhkiG9w0BAQUFADBy MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD VQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEYMBYGA1UE AxMPRXNzZW50aWFsU1NMIENBMB4XDTEwMDQxMzAwMDAwMFoXDTEwMDcxMjIzNTk1 OVowUTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMREwDwYDVQQL EwhGcmVlIFNTTDEZMBcGA1UEAwwQd3d3LsOpeGFtcGxlLmNvbTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAM3U64eFutGxQrTxS0pAYrvyP4zCu7i2Il9v 8luv/JtN03u8RS9YKuChrxNlfCaxEiLuqNgn9HRzfv/LdJzO/TV9i+d6tdANPJRI E4VnTOJuGqPWPQ4isCuThjkUBCvRUiGrwDC6oC+yODgGOCCyF47+XOboTIcj2u6m EcIMctclCdCzLaCPWBiAaAfMBdSSNCMXszMdmVmWErMqPJ87IViqg1L3UrY5vcu/ zROy9kApsw6LoNDZP15oEIVrfOXbSD0nWeoRpwR/T21Zp7MfzJ6+LB0c3C8JDAOf 2CQqKcf4/hJKptORaxDbeb/DYDlxhAcDzuj6rrwxQMtW5FpF4d0CAwEAAaOCAcMw ggG/MB8GA1UdIwQYMBaAFNrL6q1bCF3M//wmVM5J5VXGOPT4MB0GA1UdDgQWBBRq qvGe4XdeZ9oi1b+SKa1nKpLxMDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw ADA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMGCWCG SAGG+EIEATBFBgNVHSAEPjA8MDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEW HWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMDsGA1UdHwQ0MDIwMKAuoCyG Kmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0Vzc2VudGlhbFNTTENBLmNybDBuBggr BgEFBQcBAQRiMGAwOAYIKwYBBQUHMAKGLGh0dHA6Ly9jcnQuY29tb2RvY2EuY29t L0Vzc2VudGlhbFNTTENBXzIuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5j b21vZG9jYS5jb20wNQYDVR0RBC4wLIIWd3d3LnhuLS14YW1wbGUtOXVhLmNvbYIS eG4tLXhhbXBsZS05dWEuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCHbzkw+NN0TR2V cPs9No3omTj6EHnuF+B0N9+iQmLjuIydR54JnLYDsMgDX63N3GV57EQZbvMi/68W hkPwQDoFLPp/iK4EytMycc2zeGpg6HMnyxZ0Eq5zU3vMlPZIROLi+U5iQm3NQRHf v7xQdDFCvP6kIkCcyl4TK0h+DLJR47chOB8tWtyfbIatZXf6lzoE6fEHWlJRBzP3 DsmHErTC8dyXzE94VXGWhdkBJO1AhteJYT6stEm82XJ01r63eEvsZY5GOUEkhW2T YfNQhmnY3RyKSDc8CbIIprfGsKkN4S/Tl4IJNMdTefA3S2dZNCeE+9t7Qsxgqz5U v/yeurkb -----END CERTIFICATE----- -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online From gapinski@nasa.gov Wed Feb 12 04:54:38 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07CD31A0946 for ; Wed, 12 Feb 2014 04:54:38 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.75 X-Spam-Level: X-Spam-Status: No, score=0.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grJeXl3PY7m7 for ; Wed, 12 Feb 2014 04:54:36 -0800 (PST) Received: from ndjsnpf01.ndc.nasa.gov (ndjsnpf01.ndc.nasa.gov [IPv6:2001:4d0:a302:1100::101]) by ietfa.amsl.com (Postfix) with ESMTP id 5E28F1A0923 for ; Wed, 12 Feb 2014 04:54:36 -0800 (PST) Received: from ndjsppt104.ndc.nasa.gov (ndjsppt104.ndc.nasa.gov [198.117.1.198]) by ndjsnpf01.ndc.nasa.gov (Postfix) with ESMTP id 16EC3D0589; Wed, 12 Feb 2014 06:54:51 -0600 (CST) Received: from NDJSCHT104.ndc.nasa.gov (ndjscht104-pub.ndc.nasa.gov [198.117.1.204]) by ndjsppt104.ndc.nasa.gov (8.14.5/8.14.5) with ESMTP id s1CCsYQ9006278; Wed, 12 Feb 2014 06:54:34 -0600 Received: from powerspec.23887er.pw (174.100.47.210) by smtp01.ndc.nasa.gov (198.117.1.204) with Microsoft SMTP Server (TLS) id 14.3.174.1; Wed, 12 Feb 2014 06:54:34 -0600 Message-ID: <52FB6F08.1020000@nasa.gov> Date: Wed, 12 Feb 2014 07:54:32 -0500 From: Gary Gapinski User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Thunderbird/27.0 MIME-Version: 1.0 To: Paul Hoffman , "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> In-Reply-To: Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit X-Originating-IP: [174.100.47.210] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-02-12_03:2014-02-12,2014-02-12,1970-01-01 signatures=0 Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Feb 2014 12:54:38 -0000
On 02/11/2014 07:34 PM, Paul Hoffman wrote:
https://www.éxample.com/ (also known as https://www.xn--xample-9ua.com/) should now let you test.

This is sufficient for 10g but not 10f. The certificate has only Punycode for subject CN and SAN.

The TLS service also must provide the CA certificate chain.

Possibly of interest: Mozilla Firefox displays the IDN name in the URL bar; Google Chrome displays only Punycode. See also https://bugzilla.mozilla.org/show_bug.cgi?id=722299.
From gerv@mozilla.org Wed Feb 12 05:08:23 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDDFE1A0985 for ; Wed, 12 Feb 2014 05:08:23 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_40=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EAFpreBUULci for ; Wed, 12 Feb 2014 05:08:22 -0800 (PST) Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) by ietfa.amsl.com (Postfix) with ESMTP id DB4851A0979 for ; Wed, 12 Feb 2014 05:08:21 -0800 (PST) Received: from [81.187.243.93] (port=41966 helo=[192.168.0.100]) by haggis.mythic-beasts.com with esmtpa (Exim 4.72) (envelope-from ) id 1WDZY0-0001at-2V; Wed, 12 Feb 2014 13:08:17 +0000 Message-ID: <52FB723F.5000409@mozilla.org> Date: Wed, 12 Feb 2014 13:08:15 +0000 From: Gervase Markham User-Agent: Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Thunderbird/29.0a2 MIME-Version: 1.0 To: Gary Gapinski , Paul Hoffman , "wpkops@ietf.org" References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <52FB6F08.1020000@nasa.gov> In-Reply-To: <52FB6F08.1020000@nasa.gov> X-Enigmail-Version: 1.6 OpenPGP: id=9DF43DBB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BlackCat-Spam-Score: -28 X-Mythic-Debug: Threshold = On = Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Feb 2014 13:08:24 -0000 On 12/02/14 12:54, Gary Gapinski wrote: > Possibly of interest: Mozilla Firefox displays the IDN name in the URL > bar; Google Chrome displays only Punycode. See also > https://bugzilla.mozilla.org/show_bug.cgi?id=722299. The Chrome team are hoping to implement the same algorithm we have pioneered: https://code.google.com/p/chromium/issues/detail?id=336973 Gerv From Rick_Andrews@symantec.com Wed Feb 12 11:38:24 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EE1A1A0622 for ; Wed, 12 Feb 2014 11:38:24 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -7.448 X-Spam-Level: X-Spam-Status: No, score=-7.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OGWQZIqd243 for ; Wed, 12 Feb 2014 11:38:21 -0800 (PST) Received: from tus1smtoutpex01.symantec.com (tus1smtoutpex01.symantec.com [216.10.195.241]) by ietfa.amsl.com (Postfix) with ESMTP id D579C1A04E0 for ; Wed, 12 Feb 2014 11:38:20 -0800 (PST) X-AuditID: d80ac3f1-b7fc98e0000007b9-f8-52fbcdabe541 Received: from ecl1mtahubpin01.ges.symantec.com (ecl1mtahubpin01.ges.symantec.com [10.48.69.201]) by tus1smtoutpex01.symantec.com (Symantec Brightmail Gateway out) with SMTP id CA.39.01977.BADCBF25; Wed, 12 Feb 2014 19:38:19 +0000 (GMT) Received: from [155.64.220.139] (helo=TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM) by ecl1mtahubpin01.ges.symantec.com with esmtp (Exim 4.76) (envelope-from ) id 1WDfdS-0001HN-MG for wpkops@ietf.org; Wed, 12 Feb 2014 19:38:19 +0000 Received: from TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM ([155.64.220.146]) by TUS1XCHHUBPIN03.SYMC.SYMANTEC.COM ([155.64.220.139]) with mapi; Wed, 12 Feb 2014 11:38:14 -0800 From: Rick Andrews To: "wpkops@ietf.org" Date: Wed, 12 Feb 2014 11:38:11 -0800 Thread-Topic: Updated responses Thread-Index: Ac8oKfabZU8z0LojSr+cUPr039PihQ== Message-ID: <544B0DD62A64C1448B2DA253C011414607C4404AA0@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-hashedpuzzle: FQo= BbIH Bc5p BqFG CUED CWpz CmHf DeGa DeOM DzOE FAEH FSAh GjXl G0lT I8Gc KBJj; 1; dwBwAGsAbwBwAHMAQABpAGUAdABmAC4AbwByAGcA; Sosha1_v1; 7; {1C523446-D2BA-4BC5-8B5F-9FCF4D9A549E}; cgBpAGMAawBfAGEAbgBkAHIAZQB3AHMAQABzAHkAbQBhAG4AdABlAGMALgBjAG8AbQA=; Wed, 12 Feb 2014 19:38:11 GMT;VQBwAGQAYQB0AGUAZAAgAHIAZQBzAHAAbwBuAHMAZQBzAA== x-cr-puzzleid: {1C523446-D2BA-4BC5-8B5F-9FCF4D9A549E} acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_544B0DD62A64C1448B2DA253C011414607C4404AA0TUS1XCHEVSPIN_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPIsWRmVeSWpSXmKPExsXCZeB6Unf12d9BBltPWVvcPLWd1YHRY8mS n0wBjFFcNimpOZllqUX6dglcGbffb2MuWMFd8fX8VMYGxm6uLkZODgkBE4ljsyexQNhiEhfu rWfrYuTiEBJ4xyjRvGESO0hCSKCBSWLnJhWIxCpGiZ37nzCBJNgE9CS2PL4CViQioC7xacl1 sDiLgKrEpyfnwGxhASmJ1v8fmCFq5CVW/p4HVa8nsXJOC1gNr0CUxLcpBxlBbEagK76fWgMW ZxYQl7j1ZD4TxHUCEkv2nGeGsEUlXj7+xwpykITALSaJOfsa2SASphLLTmxlghgkKnGnfT0j xKB8iTf7O1gglglKnJz5hGUCo+gsJDtmISmbhaQMIq4jsWD3JzYIW1ti2cLXzDD2mQOPmZDF FzCyr2KUKSktNizOLckvLSlIrTAw1CuuzE0ERlqyXnJ+7iZGYLTd4Dr8cQfj9aWKhxgFOBiV eHhjdv8OEmJNLAOqPMQowcGsJMJbfBgoxJuSWFmVWpQfX1Sak1p8iFGag0VJnHdJ+oogIYH0 xJLU7NTUgtQimCwTB6dUA+MGbeOFvMszDd+0NavNqTvXulj8J2P0LVG2onM8caXK8/0d40um THa6aPzgwRmupYanNgTWFPpzavLndMXYHdwcn7H6zQq5HpF8pd2pu9mSJxTyOdidO6vzKHnC tBlzbC9M/7fjjFNyqVPKgvBpxjKN8o80kiS23OBd0sV97mBKtTdzyNrbl5RYijMSDbWYi4oT AY2SRZuyAgAA Subject: [wpkops] Updated responses X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Feb 2014 19:38:24 -0000 --_000_544B0DD62A64C1448B2DA253C011414607C4404AA0TUS1XCHEVSPIN_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Folks, I've updated the wiki at http://trac.tools.ietf.org/wg/wpkops/trac/attachme= nt/wiki/Results/# with partial Mozilla responses. They haven't answered eve= rything yet, but they've answered a lot. -Rick --_000_544B0DD62A64C1448B2DA253C011414607C4404AA0TUS1XCHEVSPIN_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Folks,
 
I’ve updated the wiki at http://= trac.tools.ietf.org/wg/wpkops/trac/attachment/wiki/Results/#= with partial Mozilla responses. They haven’t answered everything yet, but they’ve answered a lot.
 
-Rick
 
 --_000_544B0DD62A64C1448B2DA253C011414607C4404AA0TUS1XCHEVSPIN_-- From tim.moses@entrust.com Thu Feb 13 05:23:59 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7895C1A0237 for ; Thu, 13 Feb 2014 05:23:59 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.448 X-Spam-Level: X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZnvQ0iDqTTV for ; Thu, 13 Feb 2014 05:23:57 -0800 (PST) Received: from ipedge2.entrust.com (ipedge2.entrust.com [216.191.252.25]) by ietfa.amsl.com (Postfix) with ESMTP id DEC8C1A0234 for ; Thu, 13 Feb 2014 05:23:56 -0800 (PST) X-IronPort-AV: E=Sophos;i="4.95,838,1384318800"; d="scan'208,217";a="268058" Received: from unknown (HELO sottexchcas.corp.ad.entrust.com) ([10.4.51.93]) by ipedge2.entrust.com with ESMTP; 13 Feb 2014 08:23:54 -0500 Received: from SOTTEXCH10.corp.ad.entrust.com ([fe80::389b:f45b:7ea1:79b7]) by sottexchcas1.corp.ad.entrust.com ([::1]) with mapi id 14.03.0174.001; Thu, 13 Feb 2014 08:23:53 -0500 From: Tim Moses To: "wpkops@ietf.org" Thread-Topic: IETF 89 Agenda Thread-Index: Ac8ovtYygEu/6LumSdK+IwjDZI/jWA== Date: Thu, 13 Feb 2014 13:23:52 +0000 Message-ID: <5B68A271B9C97046963CB6A5B8D6F62CB7B902C6@SOTTEXCH10.corp.ad.entrust.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.4.160.78] Content-Type: multipart/alternative; boundary="_000_5B68A271B9C97046963CB6A5B8D6F62CB7B902C6SOTTEXCH10corpa_" MIME-Version: 1.0 Subject: [wpkops] IETF 89 Agenda X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Feb 2014 13:23:59 -0000 --_000_5B68A271B9C97046963CB6A5B8D6F62CB7B902C6SOTTEXCH10corpa_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Colleagues - If you have a topic that you would like included in the WPKOPS= agenda for IETF 89 please let me know. All the best. Tim. --_000_5B68A271B9C97046963CB6A5B8D6F62CB7B902C6SOTTEXCH10corpa_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Colleagues – If you have a topic that you woul= d like included in the WPKOPS agenda for IETF 89 please let me know.  = All the best.  Tim.

--_000_5B68A271B9C97046963CB6A5B8D6F62CB7B902C6SOTTEXCH10corpa_-- From nobody Thu Feb 13 15:36:48 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA1081A0521 for ; Thu, 13 Feb 2014 15:36:46 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 3.027 X-Spam-Level: *** X-Spam-Status: No, score=3.027 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_MISMATCH_COM=0.553, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5-kFz9ZTxMOQ for ; Thu, 13 Feb 2014 15:36:45 -0800 (PST) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id A34FC1A04DB for ; Thu, 13 Feb 2014 15:36:45 -0800 (PST) Received: from [10.20.30.90] (50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67]) (authenticated bits=0) by hoffman.proper.com (8.14.8/8.14.7) with ESMTP id s1DNag2B020570 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Thu, 13 Feb 2014 16:36:43 -0700 (MST) (envelope-from paul.hoffman@vpnc.org) X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-67.dsl.dynamic.sonic.net [50.1.98.67] claimed to be [10.20.30.90] Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) From: Paul Hoffman In-Reply-To: <52FB6EBB.4060009@comodo.com> Date: Thu, 13 Feb 2014 15:36:42 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <835EE081-6768-4AFB-8996-4F2B1ABFAFEF@vpnc.org> References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <52FB678A.2080903@mozilla.org> <52FB6EBB.4060009@comodo.com> To: "wpkops@ietf.org" X-Mailer: Apple Mail (2.1827) Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/UPJF5xEf6Sa6VN0Gjt-G03XRIiM Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Feb 2014 23:36:47 -0000 And, with many thanks to Rob, https://www.=E9xample.org/ (also known as = https://www.xn--xample-9ua.org/) should now let you test with a cert = whose CN has =E9xample.org, not the Punycode. --Paul Hoffman= From nobody Thu Feb 13 20:16:07 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39E431A0073 for ; Thu, 13 Feb 2014 20:16:05 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0.474 X-Spam-Level: X-Spam-Status: No, score=0.474 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URI_OBFU_WWW=2.475] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXGduZtT8aGY for ; Thu, 13 Feb 2014 20:16:03 -0800 (PST) Received: from homiemail-a105.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by ietfa.amsl.com (Postfix) with ESMTP id 42D5B1A002C for ; Thu, 13 Feb 2014 20:16:03 -0800 (PST) Received: from homiemail-a105.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a105.g.dreamhost.com (Postfix) with ESMTP id A6BEB2005D908; Thu, 13 Feb 2014 20:16:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; s= sleevi.com; bh=oTCYr4rkngy5pgUAOrKpTunQJqY=; b=LsiFe4u9X9PQ/SzhO yPPp9ZEoeOtl8NH2RktfkOkqwgx8hGp4BXYQRpt9GeNLDEjAZhNRCoA2RTUTVDX4 ITV60jV1iJEChbpa4fgXHDQk+Wh1FqBLwnzv6lwzvhHEP6heVzUw8Upsbscbszm+ crXXxflbNqkcALYEgTVfW9gx+g= Received: from webmail.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) (Authenticated sender: ryan@sleevi.com) by homiemail-a105.g.dreamhost.com (Postfix) with ESMTPA id 7A0F42005D907; Thu, 13 Feb 2014 20:16:01 -0800 (PST) Received: from 173.8.157.162 (proxying for 173.8.157.162) (SquirrelMail authenticated user ryan@sleevi.com) by webmail.dreamhost.com with HTTP; Thu, 13 Feb 2014 20:16:01 -0800 Message-ID: <0c58ab48311635e643a7b7e5a9576165.squirrel@webmail.dreamhost.com> In-Reply-To: <835EE081-6768-4AFB-8996-4F2B1ABFAFEF@vpnc.org> References: <544B0DD62A64C1448B2DA253C011414607C42BDF5E@TUS1XCHEVSPIN33.SYMC.SYMANTEC.COM> <52FB678A.2080903@mozilla.org> <52FB6EBB.4060009@comodo.com> <835EE081-6768-4AFB-8996-4F2B1ABFAFEF@vpnc.org> Date: Thu, 13 Feb 2014 20:16:01 -0800 From: "Ryan Sleevi" To: "Paul Hoffman" User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/pipXtQu9rt2rWOQdL7zdwJbNS1c Cc: "wpkops@ietf.org" Subject: Re: [wpkops] Test site X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: ryan-ietf@sleevi.com List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Feb 2014 04:16:05 -0000 On Thu, February 13, 2014 3:36 pm, Paul Hoffman wrote: > And, with many thanks to Rob, https://www.=E9xample.org/ (also known a= s > https://www.xn--xample-9ua.org/) should now let you test with a cert w= hose > CN has =E9xample.org, not the Punycode. > > --Paul Hoffman > _______________________________________________ > wpkops mailing list > wpkops@ietf.org > https://www.ietf.org/mailman/listinfo/wpkops > Unfortunately, it still includes the Punycode in the SAN, as would be expected of a BR-conforming CN. The result of this is every (browser) implementation I know of will ignore the CN, fall back to the SAN, and thus perform punycode matching the same as in the .com case. I only highlight this because in the absence of the SAN, CryptoAPI (aka IE) will take the Punycode'd input domain and expand it to its U-Label form, then compare that with the Common Name. I'm not aware of any other implementations that perform this step (either punycoding the CN or takin= g the A-Labels and converting to U-Labels) For those with your Crypt32 PDBs (from the Microsoft symbol store), debuggers handy, and perverse interests, look for calls to the function CompareSSLDNStoCommonName, which will promote Punycode'd names into the Unicode form ( I_ConvertIdnHostNameToAsciiOrUnicode ), before doing a string comparison ( CompareStringW ). Chrome on Windows used to do the same, by virtue of relying on CryptoAPI, although the name checks in Windows have since been disabled in favour of an internal implementation that is normalized across all Chrome platforms ( https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_= certificate.cc&rcl=3D1392294813&l=3D503 ) It would take a non-BR cert to cover this case. From nobody Sun Feb 23 19:55:45 2014 Return-Path: X-Original-To: wpkops@ietfa.amsl.com Delivered-To: wpkops@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2B231A07C3 for ; Sun, 23 Feb 2014 19:55:43 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 2.021 X-Spam-Level: ** X-Spam-Status: No, score=2.021 tagged_above=-999 required=5 tests=[BAYES_60=1.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_uj4toj2_Uz for ; Sun, 23 Feb 2014 19:55:43 -0800 (PST) Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 17BF01A028F for ; Sun, 23 Feb 2014 19:55:43 -0800 (PST) Received: by mail-pa0-f54.google.com with SMTP id fa1so5973976pad.27 for ; Sun, 23 Feb 2014 19:55:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=/2y2EA/baSyD1Z6dTdi3+J0bR0PVRE/D3O0iCuGk0q0=; b=IWLF//nTEpjJAiwZIx2B1ke9KxQiHSDd0c4S4uvkr1Dyxf+6J20xkGqA86Vl3LBsPD Zvk6hxrKwpHVN867Kuz+QjcdADQSWh7Rl+6agtGTiu/R6MMfeWTJ1o7cMBLbVJcI69Z7 jN344BhPZks0wV2d683eLMl25OJfqP5QRZOnA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=/2y2EA/baSyD1Z6dTdi3+J0bR0PVRE/D3O0iCuGk0q0=; b=K1P80EF3ePYpCTyzF5wbhrm5QEi88Fn7bIt8rC17cjoMGi4TUAvp8c3lWId/mSD/hy wAzZU3HERTLD97eO1bp0O6ZeXSkmdKX+jlmY1LNKoTBaiJMvbRD2N++7/KKq9/GrnwLs fcFYKlkDcBKaZJWR8wW/y4M/Avbfl8YiGhJVt/zjFBC+LAd+LRj9pS7YkrmQjzqNVZri KZqG5r+mg1ECu1cWF/ejdXYDgUPOsBV2q7gC0smSz0Mbs90tgYmozwir0t8SxvTYVzDw Vii5NHjcFEgyCbaKvJNox7n2k9acF1Tr48LETMhk9yvisJdkqDsBkLlZaw+WsQXPlQTO WeQQ== X-Gm-Message-State: ALoCoQkoSw4vwE3iZ+2kvIHmlcV96L1k7qYleb67R9nYkK5cXLuubClHGSWYGnd/OdD9fPrIndiJ X-Received: by 10.66.142.132 with SMTP id rw4mr22979812pab.6.1393214142681; Sun, 23 Feb 2014 19:55:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.68.198.68 with HTTP; Sun, 23 Feb 2014 19:55:22 -0800 (PST) In-Reply-To: References: From: Tom Ritter Date: Sun, 23 Feb 2014 22:55:22 -0500 Message-ID: To: "wpkops@ietf.org" Content-Type: text/plain; charset=ISO-8859-1 Archived-At: http://mailarchive.ietf.org/arch/msg/wpkops/Fk3dgcLiudReB8jMGovg_Ot-POA Subject: Re: [wpkops] Update to revocation document X-BeenThere: wpkops@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 03:55:44 -0000 Finally catching up on email backlog ;) Overall, It'd be nice to have a single-section introduction - Section 1 goes on and on and it lays out very differently from others. Going through I found a bunch of small grammar and spelling and such, which I felt worse about keeping track of when I got to the significantly in-progress of the last sections. - Probably want to expand the first instance of CA, PKIX, CSC, etc - "PKIX models has imporant" - misspelling - "but this is does not" - typo - "because they no further use" - typo - Operational Certificate States has some formatting issues - 2.1.1. Status Model" - has an extraneous " (double quote) - REVOKED" as does revoked - "certificate was legitimately issued" - missing a period at the end of the sentence - "thus a client that" - Thus should be capitalized - OCSP Stapling has been support in Windows since (specifically) Windows Server 2008 / Vista. -tom