ietf-smtp
[Top] [All Lists]

Re: SMTP/TLS: Authentication of an SMTP server's identity

2004-05-07 15:22:32

On Fri, May 07, 2004 at 10:58:56AM -0700, Russ Allbery wrote:
The browser will complain, in the absence of implementation by both the
server and the client of the new server_name TLS extension, unless that
web site actually presents a certificate for www.example.com.

I did a setup with a name within my own domain
    tlstest.lamer.de
and a shop run by our company via http-TLS.
    www.spaceshop.de         (sorry, this is not meant as a ad or something!!)

URL: https://tlstest.lamer.de/

Netscape® Navigator 4.7
    Displays the "secure site" Icon and NO WARNING

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031202
    Displays a warning to check if tlstest.space.net and
    www.spaceshop.de are identical and that the cert for
    www.spaceshop.de is correct.

w3m version w3m/0.5
    Bad cert ident www.spaceshop.de from tlstest.lamer.de: accept? (y/n)

Lynx Version 2.8.5dev.16 (01 Jun 2003)
  libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.6b
  Built on linux-gnu Jul 16 2003 16:19:18
    SSL error:host(tlstest.lamer.de)!=cert(www.spaceshop.de)-Continue? (y)

These are the browsers I could get my hand on (galeon is identical to
mozilla in this regard).
It looks like at least one older browser has problems getting it right.

        \Maex

P.S. I'll keep the  tlstest.lamer.de   for a while in case others want
     to test their browsers ;)

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"