To:
ietf-provreg@cafax.se
From:
Frederico A C Neves <fneves@registro.br>
Date:
Wed, 19 Aug 2009 11:59:05 -0300
Content-Disposition:
inline
In-Reply-To:
<046F43A8D79C794FA4733814869CDF0702C727DD@dul1wnexmb01.vcorp.ad.vrsn.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] EPP Server Implementer Help Needed
Scott, On Tue, Aug 18, 2009 at 07:16:48AM -0400, Hollenbeck, Scott wrote: > I still need info from one server implementer that is willing to be > included in an implementation report and confirm that they have > implemented the TLS client identification features described in section > 9 of 4934bis. Specifically: > > 1. TLS implementations are REQUIRED to support the mandatory cipher > suite specified in the implemented version: > > 2. Mutual client and server authentication using the TLS Handshake > Protocol is REQUIRED. > > 3. Signatures on the complete certification path for both client machine > and server machine MUST be validated as part of the TLS handshake. > > 4. Information included in the client and server certificates, such as > validity periods and machine names, MUST also be validated. > > 5. EPP service MUST NOT be granted until successful completion of a TLS > handshake and certificate validation > > Most of these come for free with a good TLS toolkit. Are there any > server implementers willing to confirm that they've implemented these > features? I've already confirmed that VeriSign has implemented these > features. I could confirm that our server does implement all these features. On the client side I could confirm several production clients. Some using our own client, private implementations and at least two client using Verising NameStore and Key-Systems. Our own client software does almost all checks except the validation of the server name and the CN on the server certificate. Next release will include this small patch. > -Scott- Fred -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se