Alexey Melnikov wrote: > Peter Saint-Andre wrote: > >> On 3/17/10 10:58 PM, ArkanoiD wrote: >> >> >>> Well, when it comes to implementation we get *two* matching >>> algorithms then, >>> which is definitely no good ;-). >> Given that a self-signed certificate can say *anything*, I don't know >> that it's helpful to enforce any rules about issuance and checking of >> self-signed certs. It's not as if any "certification" has taken place in >> this situation. >> >> > +1.
Personally I don't want to endorse the use of self-signed certificates but I fail to see why self-signed certificates should be treated differently regarding name checking. Self-signed certificate are just treated differently regarding path validation (e.g. with a fingerprint transferred out-of-band) but the server name check should be the same. Ciao, Michael. _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
