To:
"Frederico A C Neves" <fneves@registro.br>, <ietf-provreg@cafax.se>
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Wed, 19 Aug 2009 11:28:36 -0400
Content-class:
urn:content-classes:message
In-Reply-To:
<20090819145905.GN23252@registro.br>
Sender:
owner-ietf-provreg@cafax.se
Thread-Index:
Acog4UbFGHxt3d/bSJSYyxFWsin2GQAAFT3Q
Thread-Topic:
[ietf-provreg] EPP Server Implementer Help Needed
Subject:
RE: [ietf-provreg] EPP Server Implementer Help Needed
Great - thanks! Can you tell me how you would want to see your server implementation identified in the implementation report? -Scott- > -----Original Message----- > From: owner-ietf-provreg@cafax.se > [mailto:owner-ietf-provreg@cafax.se] On Behalf Of Frederico A C Neves > Sent: Wednesday, August 19, 2009 10:59 AM > To: ietf-provreg@cafax.se > Subject: Re: [ietf-provreg] EPP Server Implementer Help Needed > > Scott, > > On Tue, Aug 18, 2009 at 07:16:48AM -0400, Hollenbeck, Scott wrote: > > I still need info from one server implementer that is willing to be > > included in an implementation report and confirm that they have > > implemented the TLS client identification features described in > > section > > 9 of 4934bis. Specifically: > > > > 1. TLS implementations are REQUIRED to support the mandatory cipher > > suite specified in the implemented version: > > > > 2. Mutual client and server authentication using the TLS Handshake > > Protocol is REQUIRED. > > > > 3. Signatures on the complete certification path for both client > > machine and server machine MUST be validated as part of the > TLS handshake. > > > > 4. Information included in the client and server > certificates, such as > > validity periods and machine names, MUST also be validated. > > > > 5. EPP service MUST NOT be granted until successful completion of a > > TLS handshake and certificate validation > > > > Most of these come for free with a good TLS toolkit. Are there any > > server implementers willing to confirm that they've > implemented these > > features? I've already confirmed that VeriSign has > implemented these > > features. > > I could confirm that our server does implement all these features. > > On the client side I could confirm several production > clients. Some using our own client, private implementations > and at least two client using Verising NameStore and Key-Systems. > > Our own client software does almost all checks except the > validation of the server name and the CN on the server > certificate. Next release will include this small patch. > > > -Scott- > > Fred > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > -=-=-=-=-=-=- > List run by majordomo software. For (Un-)subscription and > similar details send "help" to ietf-provreg-request@cafax.se > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se