On Wed, 12 Mar 2003 09:09:09 -0600
"Matt Crawford" <crawdad(_at_)fnal(_dot_)gov> wrote:
I see your point. But I suspect it illustrates a significant
limitation of the SSL/TLS protocol - in that SSL/TLS seems to assume
that an IP address and port number are used by only one named
service. It's been awhile since I looked at the TLS protocol but I
don't recall any way for the client to say "prove to me that you are
authorized to provide the SMTP service associated with DNS name
foo.com". or did I just forget that feature?
There's no reason a protocol can't be spec'd to let the client convey
the name of the resource before the TLS handshake begins.
no, there isn't. but it still wouldn't give the client a way to verify
that the server is authoritative for that domain.