Re: [certid] Review of draft-saintandre-tls-server-id-check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 10:08 AM -0600 9/13/10, Peter Saint-Andre wrote:
>As I see it, this I-D is attempting to capture best current practices
>regarding the issuance and checking of certificates containing
>application server identities. Do we have evidence that any existing
>certification authorities issue certificates containing both an SRVname
>for the source domain (e.g., example.com) and dNSName for the target
>domain (e.g., apphosting.example.net)? Do we have evidence that any
>existing application clients perform such checks? If not, I would
>consider such complications to be out of scope for this I-D.

A big +1 here. It is a Good Thing that people are starting to look at the interaction between SRV and security (it's also happening on the keyassure list), but it definitely seems like "starting to look at". Please do not instantiate anything until this has been discussed more widely.

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]