nanog mailing list archives

Re: Massive change in Public Cert behaviour coming soon

From: Grant Taylor via NANOG <nanog () lists nanog org>
Date: Sun, 18 May 2025 12:07:58 -0500

On 5/18/25 10:26 AM, William Herrin via NANOG wrote:

I'm unclear what distinction you're drawing between "identify"and "authenticate." "I am who I say I am," is the sum total ofauthentication. Everything beyond that gets into authorization.

+1

Which now that I think about it sounds a lot like there's a layerviolation in giving TLS certificates a "for this purpose" tag at all.I knew there was a reason I didn't like it but I was having troubleputting my finger on it.


I don't think it's a layering violation.

Mutual TLS authenticates each party to the other.

Then each party is free to do whatever they want with that authenticatedidentity.

The TLS itself has nothing to do with what what is done with theauthenticated identity information.




--
Grant. . . .
_______________________________________________

NANOG mailing listhttps://lists.nanog.org/archives/list/nanog () lists nanog org/message/HJI3QL7CSNG5DTSRTAKWNH2QS72ZGEZL/

Current thread:

Re: Massive change in Public Cert behaviour coming soon, (continued)
- Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 17)
- Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 17)
  - Re: Massive change in Public Cert behaviour coming soon Chris Adams via NANOG (May 17)
    - Re: Massive change in Public Cert behaviour coming soon Elmar K. Bins via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Christian de Larrinaga via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 19)
  - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 17)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 17)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon William Herrin via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Tom Beecher via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Grant Taylor via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon brent saner via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Randy Bush via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Randy Bush via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Michael Thomas via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon John Levine via NANOG (May 18)
    - Re: Massive change in Public Cert behaviour coming soon Bjørn Mork via NANOG (May 19)
    - Re: Massive change in Public Cert behaviour coming soon Tom Ivar Helbekkmo via NANOG (May 19)
    - Re: MTA-STS, was Not So Massive change in Public Cert behaviour coming soon John R. Levine via NANOG (May 19)

(Thread continues...)