Re: Any interest in rigorous definition for SSL certificate ver

ietf-smtp

Re: Any interest in rigorous definition for SSL certificate verification in SMTP?

2011-11-15 21:19:28


Robert A. Rosenberg wrote:

Why not use a Certificate with CN=*.*.s8??.psmtp.com (or whatever isneeded to map the s8XX section) to solve this issue? - or is more thanone wild card level invalid or having more than one certificate withdifferent specificity levels also invalid?


First thing I thought of. :-)

Alas, RFC 6125 explicitly disallows multiple wildcard characters.

I want to read through the archives for the WG that published RFC 6125so I understand their reasoning better; although they reference RFC4954, I'm still wondering if the WG had any input from anyone in theSMTP space. As Tony noted, matching at a single level is incompatiblewith DNS's own wildcard semantics. And the document's writing style andvoice feels much more like a BCP, not a standards track protocolspecification.


<csg>

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, (continued) Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Dave CROCKER Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, SM Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Dave CROCKER Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst SMTP TLS and CN Domain Matching, Hector Santos Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Robert A. Rosenberg Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst <= Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Tony Finch Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Tony Finch Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Mark Andrews Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Tony Finch Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Hector Santos

Previous by Date:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Robert A. Rosenberg
Next by Date:	FW: I-D Action: draft-kucherawy-received-state-00.txt, Murray S. Kucherawy
Previous by Thread:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Robert A. Rosenberg
Next by Thread:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov
Indexes:	[Date] [Thread] [Top] [All Lists]