On 12/19/22 12:33 AM, Qin Wu wrote:
7.Section 7.1
I am surprised there is no protection measures to mitigate risk of
vouching for rogue or buggy hosts in this document?
It seems to me that methods for mitigating the attacks described in
[Defeating-SSL] and [HTTPSbytes] are probably out of scop
On 12/19/22 11:18 AM, Peter Saint-Andre wrote:
On 12/19/22 12:33 AM, Qin Wu wrote:
7.Section 7.1
I am surprised there is no protection measures to mitigate risk of
vouching for rogue or buggy hosts in this document?
It seems to me that methods for mitigating the attacks described in
[Defeatin
Hi, Peter:
I think the root cause of this wildcard certificate issue you described below
is
Wildcard only covers one level of subdomains, instead of multiple level of
subdomains,
If we can introduce long prefix match like mechanism to deal with multiple
level of subdomain matching, this issue w
On Tue, Dec 20, 2022, at 14:00, Qin Wu wrote:
> If we can introduce long prefix match like mechanism to deal with
> multiple level of subdomain matching, this issue will be easily solved.
This is not something that the IETF can do at this stage - or at least not so
simply. Wildcard certificates
Sigh, looks like this is a utopian dream at this moment, (:-,
I am fine with documenting what we have now.
Thank for your clarification, Martin.
-Qin
-邮件原件-
发件人: Martin Thomson [mailto:m...@lowentropy.net]
发送时间: 2022年12月20日 11:53
收件人: Qin Wu ; Peter Saint-Andre ;
ops-...@ietf.org
抄送: dra
