On Wednesday, March 12, 2003, at 12:27 AM, Eric Rescorla wrote:
Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
or at least, proper behavior isn't well-defined. IMHO, about the only
behavior that is reasonable (assuming a single cert, which IIRC is
what TLS assumes) is to have the peer server offer a cert for the
domain name associated with the A record, not the one associated with
the MX record.
Just to make sur I understand, do you mean that if someone is sending
mail to ekr(_at_)rtfm(_dot_)com, and there's an MX for rtfm.com pointing to
mail.isp.com, the cert should contain mail.isp.com in the subject
name?
yes. because mail.isp.com is the name of a server which might support
thousands of MXed domains.
If so, this really isn't satisfactory, because it allows
anyone who can tamper with the DNS to intercept mail
destined for any server.
I see your point. But I suspect it illustrates a significant
limitation of the SSL/TLS protocol - in that SSL/TLS seems to assume
that an IP address and port number are used by only one named service.
It's been awhile since I looked at the TLS protocol but I don't recall
any way for the client to say "prove to me that you are authorized to
provide the SMTP service associated with DNS name foo.com". or did I
just forget that feature?