To:
ietf-provreg@cafax.se, "Hollenbeck, Scott" <shollenbeck@verisign.com>
From:
Alexander Mayrhofer <axelm@nic.at>
Date:
Thu, 07 Dec 2006 11:25:56 +0100
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Thunderbird 1.5.0.8 (Windows/20061025)
Subject:
[ietf-provreg] Re: Certificate Validation and Subject Analysis
> I received a question from an IESG member about EPP implementations and > X.509 digital certificate validation. What are implementers doing with > the certificate subject name information when validating the > certification path of a client or server? Is the name being examined > and/or used for authentication or access control purposes? Scott, we're now using two different toolkits - one homegrown (for User-ENUM), and Net::DRI (for upcoming .at registry, plus infrastructure ENUM). Neither of those toolkits currently does anything with the certificates provided be the registry - TLS is hence only used for encryption, not for authentication. that might change in the future, so any guidance about what to do is appreciated. thanks Alex Mayrhofer nic.at