On Wednesday, March 12, 2003, at 12:27 AM, Eric Rescorla wrote:
Keith Moore <moore@cs.utk.edu> writes:or at least, proper behavior isn't well-defined. IMHO, about the only behavior that is reasonable (assuming a single cert, which IIRC is what TLS assumes) is to have the peer server offer a cert for the domain name associated with the A record, not the one associated with the MX record.Just to make sur I understand, do you mean that if someone is sending mail to ekr@rtfm.com, and there's an MX for rtfm.com pointing to mail.isp.com, the cert should contain mail.isp.com in the subject name?
yes. because mail.isp.com is the name of a server which might support thousands of MXed domains.
If so, this really isn't satisfactory, because it allows anyone who can tamper with the DNS to intercept mail destined for any server.
I see your point. But I suspect it illustrates a significant limitation of the SSL/TLS protocol - in that SSL/TLS seems to assume that an IP address and port number are used by only one named service. It's been awhile since I looked at the TLS protocol but I don't recall any way for the client to say "prove to me that you are authorized to provide the SMTP service associated with DNS name foo.com". or did I just forget that feature?