To:
Alexander Mayrhofer <axelm@nic.at>
Cc:
ietf-provreg@cafax.se, "Hollenbeck, Scott" <shollenbeck@verisign.com>
From:
Francisco Obispo <fobispo@nic.ve>
Date:
Thu, 7 Dec 2006 09:41:24 -0400
In-Reply-To:
<4577EC34.5010109@nic.at>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] Re: Certificate Validation and Subject Analysis
Hi, I don't think it would be a good idea to introduce certificate issued to the EPP protocol, It's a transport issue, and it should not be brought to the protocol In our case (nic.ve) we are providing VPN tunnels to our epp clients, as well as IP based ACLs and authentication. Best regards _____________________________ Francisco Obispo Jefe de Oficina de NIC-VE Centro Nacional de Tecnologías de Información On Dec 7, 2006, at 6:25 AM, Alexander Mayrhofer wrote: >> I received a question from an IESG member about EPP >> implementations and >> X.509 digital certificate validation. What are implementers doing >> with >> the certificate subject name information when validating the >> certification path of a client or server? Is the name being examined >> and/or used for authentication or access control purposes? > > Scott, > > we're now using two different toolkits - one homegrown (for User- > ENUM), and > Net::DRI (for upcoming .at registry, plus infrastructure ENUM). > > Neither of those toolkits currently does anything with the > certificates > provided be the registry - TLS is hence only used for encryption, > not for > authentication. > > that might change in the future, so any guidance about what to do is > appreciated. > > thanks > > Alex Mayrhofer > nic.at > >