"Jeffrey A. Williams" <jwkckid1(_at_)ix(_dot_)netcom(_dot_)com> writes:
I object to that limitation. I believe it is important that any
solution in this space supports different certificates for different
ports/protocols on the same host.
Whynot have both. One being a shared cert as acceptable and the
option of one for each?
My experience with how protocols are deployed is that it is common for
both web (HTTPS) and e-mail (SMTP with STARTTLS) to be hosted on the
same domain name but with different certificates.
For example, the host "lists.debian.org" is reachable with HTTPS (with a
matching certificate) and also through SMTP with STARTTLS (also with a
matching certificate). The services are using different certificates!
i see nothing wrong with this and conversly nothing wrong with both
using a shared cert for each.
Good point -- let me clarify that I believe it should be up to each
administrator to decide whether to use one certificate for multiple
services or use one certificate per service. A standard in this area
should not rule out one alternative. Both alternatives are too common
for that.
/Simon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf