----- Original Message ----- > From: "Jay Ashworth" <j...@baylink.com>
> > Who should implement the normalization logic? Not the SSL library, > > certainly. That sounds like the bailiwick of the resolver library... > > No, in fact, I think this is layer... 3 or 4, not 2; this *should* > be in the SSL library -- *you're not resolving this name*. Or maybe even above that. RFC 5246 seems the currently controlling spec, and neither it nor the Wikipedia article on this: https://en.wikipedia.org/wiki/Transport_Layer_Security actually says *what the client is supposed to do with the Server Certificate* which 7.4.2 says the server will send; appendix D.2 explicitly punts that question "upstairs"... but I'm not sure exactly to where, as I don't know in detail how HTTPS connections are generally set up. I suspect, though, that at this point, it leaves NANOG's domain. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274