On 10/13/10 4:20 PM, Martin Rex wrote: > Peter Saint-Andre wrote: >> >> Jeff and I have been thinking about this independently today, and it >> seems we're going in the same direction. Following Martin Rex's argument >> to its logical conclusion has led me to believe that wildcards deserve >> to be NOT RECOMMENDED in a best current practice document. > > I'm certainly in favor of NOT RECOMMENDING the use of any wildcards > to server admins (and to a lesser extent app protocol designers) > in the security considerations section of the server-id-check > document. > > I'm less inclined about recommending to implementations to > not implement it at all (which is about utility functions of the > TLS implementation for use by the application).
After further reflection, I agree with you. I think Jeff is on board with that, as well. We should be able to publish -10 real soon now. > Rather than leaving the issue of wildcards as underspecified as > rfc-2818, I would appreciate a few words of what is commonly > available in current web browsers and could be implemented with > minor effort and low complexity. Proposed text is always welcome. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
