[Date Prev][Date Next]
Re: authmeth-14 notes
RL 'Bob' Morgan writes:
>On Sun, 6 Mar 2005, Hallvard B Furuseth wrote:
>>> 3.1.6. Server Identity Check
>>> Matching is performed according to these rules:
>> Can someone remind me why this is specified here instead of in [TLS]?
>> It doesn't look LDAP-specific. I can't find the answer in the archive.
> TLS regards this as application-specific, and indeed applications do vary.
> TLS for SMTP says almost nothing about server name checking, for example.
> (...) A generic "Application Protocol Use of TLS" doc might
> include other stuff too like recommending a STARTTLS command instead of
> separate-port, effects of mid-stream TLS state changes on app protocol
> state, insecure cipher suite warnings, etc. I suspect at this point we
> don't want to rip all this stuff out of authmeth, write a new doc, confer
> with other WGs (IMAP, SMTP, BEEP, etc) for agreement, etc. Could well be
> the right approach for the next iteration after this one, though.