On 11/20/10 2:28 PM, Dan Winship wrote: > draft-saintandre-tls-server-id-check-11, section 3.2 says: > > A certificate for the IMAP-accessible email server at > "mail.example.net" might include SRV-IDs of "_imap.mail.example.net" > and "_imaps.mail.example.net" (see [EMAIL-SRV]) and a DNS-ID of > "mail.example.net". > > As I understand it, the SRV-ID is based on the source domain, not the > derived domain, and so "_imap.mail.example.net" would only be correct if > you were expecting clients to do a SRV lookup for > "_imap._tcp.mail.example.net". But the more usual case would be doing a > lookup for "_imap._tcp.example.net", in which case the corresponding > SRV-ID would "_imap.example.net". Right?
Why assume so? Although my email address is [email protected], my email server is "mailhost.stpeter.im" and I have explicitly configured my email client to connect to that server. In that case, "mailhost.stpeter.im" is a source domain. Similarly, XMPP clients might be explicitly configured to look up im.example.com, not example.com. Why does this I-D need to legislate the DNS domain names at which services are located? > So the example should say something like > > A certificate for the IMAP-accessible email server at > "mail.example.net", which is pointed to by the SRV records > "_imap._tcp.example.net" and "_imaps._tcp.example.net", might > include SRV-IDs of "_imap.example.net" and "_imaps.example.net" > (see [EMAIL-SRV]) and a DNS-ID of "mail.example.net". > > Likewise for the XMPP example that follows it, and the corresponding > examples in 4.2.2. If folks would find that less confusing, we could change the examples. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
