tom petch wrote: > >> <ynir.ietf@xxxxxxxxx> wrote: >> >>> tom petch <daedulus@xxxxxxxxxxxxx> wrote: >>> >>> Running on a backup computer, I get a certificate mismatch message when I >>> try to access the datatracker using the link from the IESG page and a >>> warning that I really should not proceed to this dangerous website. >>> >>> Indeed, the website is datatracker.ietf.org and the certificate >>> *.iab.org >>> >>> Has something changed, or is this just a configuration quirk (Internet >>> Explorer) on my backup system? >> >> Is your Internet Explorer old enough to not send SNI? >> >> Which, according to Wikipedia, is equivalent to asking if your backup >> computer is running XP. > > Spot on. I know SNI well but had not realised that it was lacking from the > tried and tested, trusty XP (which makes it a good choice for a backup > system:-). For the IETF web sites in question, this explanation is a pretty lame excuse for the server-side failure to present a reasonable server certificate. It's not like the IAB and the datatracker are from completely seperate competing secretive organtizations that the current setup would be a vital requirement. The obvious correct fix would be to obtain one single proper server certificate that lists the all the necessary hostnames as "SubjectAltNames" of type dnsName (see rfc2818 Section 3), and then interop would just work, even for stuff that isn't (heart)bleeding edge technology. At least in the past, interoperability was considered important in the IETF. -Martin