On 11/20/2010 11:46 PM, Peter Saint-Andre wrote: > On 11/20/10 2:28 PM, Dan Winship wrote: >> draft-saintandre-tls-server-id-check-11, section 3.2 says: >> >> A certificate for the IMAP-accessible email server at >> "mail.example.net" might include SRV-IDs of "_imap.mail.example.net" >> and "_imaps.mail.example.net" (see [EMAIL-SRV]) and a DNS-ID of >> "mail.example.net". >> >> As I understand it, the SRV-ID is based on the source domain, not the >> derived domain, and so "_imap.mail.example.net" would only be correct if >> you were expecting clients to do a SRV lookup for >> "_imap._tcp.mail.example.net". But the more usual case would be doing a >> lookup for "_imap._tcp.example.net", in which case the corresponding >> SRV-ID would "_imap.example.net". Right? > > Why assume so? > > Although my email address is [email protected], my email server is > "mailhost.stpeter.im" and I have explicitly configured my email client > to connect to that server. In that case, "mailhost.stpeter.im" is a > source domain.
Right, but there would be no SRV-IDs involved in that case, because your email client didn't need to do a SRV lookup. Maybe I'm misusing the source/derived domain terminology, so forget about that part... What I was trying to say is that the example is weird, because it seems like it's probably talking about the IMAP server that is used by the guy whose email address is "[email protected]", but actually it's talking about the IMAP server that is used by "[email protected]". "[email protected]"'s IMAP server would have to present a SRV-ID of "_imap.example.net", not "_imap.mail.example.net", regardless of the hostname of the server it was running on (assuming I'm reading draft-daboo-srv-email-05 and RFC 4985 right). Likewise, if you had mail-related SRV records on stpeter.im so that you could configure your email client by typing in just your email address, then _imap._tcp.stpeter.im would point to mailhost.stpeter.im, and your IMAP server would present a certificate with a DNS-ID of mailhost.stpeter.im and a SRV-ID of _imap.stpeter.im. -- Dan _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
