At 10:08 AM -0600 9/13/10, Peter Saint-Andre wrote:
As I see it, this I-D is attempting to capture best current practices
regarding the issuance and checking of certificates containing
application server identities. Do we have evidence that any existing
certification authorities issue certificates containing both an SRVname
for the source domain (e.g., example.com) and dNSName for the target
domain (e.g., apphosting.example.net)? Do we have evidence that any
existing application clients perform such checks? If not, I would
consider such complications to be out of scope for this I-D.
A big +1 here. It is a Good Thing that people are starting to look at the
interaction between SRV and security (it's also happening on the keyassure
list), but it definitely seems like "starting to look at". Please do not
instantiate anything until this has been discussed more widely.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf