Hi Frank,
On Jan 23, 2008, at 12:40 AM, Frank Siebenlist wrote:
Hi Gabriel,
Thanks for the feedback!
I believe that the "...matching server-SUFFIX.dom.org" is the same
as what I referred to as our support for "...funky wildcard
matching (http://tinyurl.com/2h33hp)".
Those wild-cards are specified in the server-certs, but you're
mentioning a configuration file for alias/wild-card matching rules
(?).
I'd be hesitant to support additional matching in relying party-
specific matching rules. It would be very GT-specific as the
browsers do not support any of that.
My hope was to mimic as much of the browser functionality as
possible, take "rfc2818 - 3.1. Server Identity" as the blue print,
and leave it at that.
We would basically just allow the server-cert to specify a list of
host-name aliases.
I believe that the pattern hostname*.test.edu, together with the aliases
specified by the server certificates, cover most of the cases.
I was not aware of the latter.
Thank you.
Gabriel
