[161083] in North American Network Operators' Group
Re: looking for terminology recommendations concerning non-rooted
daemon@ATHENA.MIT.EDU (Doug Barton)
Mon Feb 25 13:11:30 2013
Date: Mon, 25 Feb 2013 10:10:55 -0800
From: Doug Barton <dougb@dougbarton.us>
To: nanog@nanog.org
In-Reply-To: <20130225174941.GT99258@numachi.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 02/25/2013 09:49 AM, Brian Reichert wrote:
> On Mon, Feb 25, 2013 at 12:18:00PM -0500, Jay Ashworth wrote:
>> If I understood Brian correctly, his problem is that people/programs
>> are trying to retrieve things from, eg:
>>
>> https://my.host.name./this/is/a/path
>>
>> and the SSL library fails the certificate match if the cert doesn't contain
>> the absolute domain name as an altName -- because *the browser* (or whatever)
>> does not normalize before calling the library.
>
> I'd argue that if you have an absolute domain name, then that _is_
> the 'normalized' form of the domain name; it's an unambigious
> representation of the domain name. (Here, I'm treating the string
> as a serialized data structure.)
>
> Choosing to remove the notion of "this is rooted", and then asking
> any (all?) other layers to handle the introduced ambiguity sounds
> like setting yourself up for the issues that RFC 1535 was drawing
> attention to.
Brian,
This may be a silly question, but what's your goal here? Your OP was
about terminology, but the thread has gone down several different
off-topic ratholes.
Doug
