On Sat, Feb 11, 2006 at 01:34:28AM -0700, Kyle Hamilton wrote:
> It can be an IP, but I'm not sure about the
> encoding rules for it (SMTP requires an IP in the destination field to
> be in the form [192.168.1.1] (in square brackets)
This is really the "domain literal" construct in the mailbox grammar of
RFC822/821. It is not used alone.
[EMAIL PROTECTED]
> subjectAltName=dNSName: domain.com
> subjectAltName=dNSName: *.domain.com
> subjectAltName=dNSName: *.*.domain.com
The semantics of "*.*.domain.com" are poorly defined. It is not likely
to work uniformly.
> The binding isn't done via IP address (as DNS can be spoofed), but
> rather by proof of possession of secret key.
>
Specifically, IP addresses in certificates are only useful, if the client
is configured to connect to a specific IP address and intends to verify
said address.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
