Toerless Eckert <[email protected]> wrote: > Lets maybe finalize next tuesday during our meeting.
> In general i think that whenever a TLS initiator did learn the TLS
> responder through a URL with a domain name, then it needs to insert the
> domain name as the SNI "server_name".
> If thats not an unwritten rule, then i'd like to understand why not.
I think it is. I'm not objecting to that.
As you said, sometimes old/rusty TLS libraries don't do this.
But, the manufacturer knows that, and this can build their MASA based upon
SNI (or not) assumption, and it's fine.
But, for BRSKI-EST link, we can assume enough modern TLS to allow for SNI
based virtual hosting.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
