Re: Last Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard
2010-06-23 13:53:03On 23 jun 2010, at 16.33, Richard L. Barnes wrote:
In principle, example.com is the proper domain to authenticate, but in practice, that causes a lot of problems. Consider the case where the target of the redirection is a separate entity from the origin; this could arise, for example, in a situation whereexample.com has outsourced its calendaring services to calendardserverfoobar.com.
So, the "connect the dots" is to: - Announce the fact example.com is hosted at calendarserverfoobar.com (with some URL) in DNS - Secure that announcement in DNS with DNSSEC - Verify the SSL (for example) cert for the connection to calendarserverfoobar.com matches - Do application layer authentication etc over the then encrypted connection Sounds ok? Patrik
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Ietf mailing list Ietf(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/ietf
| Previous by Date: | Re: motivations (was: Re: draft-housley-two-maturity-levels-00), Eliot Lear |
|---|---|
| Next by Date: | Re: Last Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard, Richard L. Barnes |
| Previous by Thread: | Re: Last Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard, Richard L. Barnes |
| Next by Thread: | Re: Last Call: draft-daboo-srv-caldav (Use of SRV records for locating CalDAV and CardDAV services) to Proposed Standard, Richard L. Barnes |
| Indexes: | [Date] [Thread] [Top] [All Lists] |