ietf
[Top] [All Lists]

Re: [TLS] Last Call: draft-ietf-tls-rfc4366-bis (Transport Layer Security (TLS) Extensions: Extension Definitions) to Proposed Standard

2009-09-23 15:09:10
At Wed, 23 Sep 2009 15:04:00 -0400 (EDT),
Dean Anderson wrote:

Is that insecure?

If the client is authorized by certificate, then it seems that it has 
that identity in addition to any application level identities.

The only insecurity is if the certifiate private key has been
compromised, which isn't something that TLS can protect against.

One problem with using TLS for virtual web hosts is that the server
names cannot match the single name allowed in the certificate.  I don't
want to see that get worse; I'd like to see it get better.

The server_name extension [RFC 4366] allows this.

-Ekr
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf