From: Patrik Fältström on Tuesday, 22 June 2010 4:54 PM: > See http://tools.ietf.org/html/draft-faltstrom-uri-04 (i.e. the draft > has expired a few months ago).
It seems that Section 7 has an old example in it. Did you previously use NAPTR with a "D" flag? For security considerations, I have one to add. RFC 3958 (S-NAPTR) has this nasty little authentication hitch, that you should really consider in this draft. The reference identifier (see draft-saintandre-tls-server-id-check) that you are required to use for authenticating the host is the one that is input to the resolution process...not the product of the process. Basically, if you search for _http._web.example.net and get "http://www.example.com/ ", then you are expected to authenticate against _http._web.example.net (or maybe example.net, I'm not sure - NAPTR doesn't use the '_' prefix). I'm happy to expand on the problems that I faced with this little security tangle. The problem doesn't end there. Cheers, Martin _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
