[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard

To: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
Subject: Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
From: Lawrence Greenfield <leg+@andrew.cmu.edu>
Date: Fri, 8 Feb 2002 08:54:37 -0500
Cc: iesg@ietf.org, IETF ldapext WG <ietf-ldapext@netscape.com>
In-reply-to: <Pine.LNX.4.40.0202071551540.21460-100000@perx.cac.washington.edu>
References: <Pine.LNX.4.40.0202071551540.21460-100000@perx.cac.washington.edu>

   Date: Fri, 8 Feb 2002 01:19:53 -0700 (MST)
   From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>
[...]
   Regarding the trailing ".", I would say that it is consistent with the
   matching defined in section 3.6 of RFC 2830 to ignore the trailing ".", if
   present, in either the input name or the name extracted from the cert.
   That is, what really should be looked at when matching DNS names is the
   labels, not the separators (is DNS matching specified somewhere?).  I will
   suggest that we clarify this in the revision to RFC 2830 now being worked
   on in ldapbis.

Does any other uses of TLS allow for trailing dots or no?  It seems
easier just to remove the trailing dot in this specification instead
of revising RFC 2830.  Reading 2830, I would expect the server
certificate to contain the trailing dot if the user entered it, and
not contain it if the user didn't.

Couldn't we just modify the paragraph to "the name obtained by doing
the mapping step defined in section 2 with the trailing dot removed" ?

Larry

Follow-Ups:
- Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>

References:
- Re: Last Call: Discovering LDAP Services with DNS to Proposed Standard
  - From: "RL 'Bob' Morgan" <rlmorgan@washington.edu>

Prev by Date: 0xy8YccTAldVqz6IFzp
Next by Date: [광고]쇼핑몰 구축..망설이지마세요! 몰뱅크입니다.
Index(es):
- Chronological
- Thread