Re: [TLS] [certid] [secdir] secdir review of draft-saintandre-tls-server-id-check-09

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/23/2010 01:10 PM, Richard L. Barnes wrote:
There is no black magic here, only the magic of the TLS server_name
extension. If the client provides server_name=gmail.com, the server
provides a gmail.com cert, otherwise it defaults to mail.google.com.
 Your browser is following two secure delegations before it lands at
 www.google.com (gmail.com -> mail.google.com -> www.google.com).

I'd not even considered SNI.

My guess based on the anecdotes in the thread is that IE8 doesn't
support it.

Not IE8, but the pre-Vista Windows I was testing it on that doesn't do
extensions by default.

Which is why I'd not considered that gmail would depend on SNI for
its operation. I'd forgotten that this is Google we were talking about and not any other company in the world that would put support for MSIE on Windows XP ahead of protocol standards. :-)

(You should also be more careful about your HTTP emulation! "A client
 MUST include a Host header field in all HTTP/1.1 request messages
.")

Yep, that's why I requested HTTP/1.0.

- Marsh
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]