Perhaps it would be useful if Chris could walk through the example he gave in more detail.
My point is that if the client is configured to connect to "pop.example.com" that has to be in the certificate, regardless of how many SRV records there are. -Ekr On Fri, Oct 27, 2017 at 7:16 AM, Keith Moore <[email protected]> wrote: > > > On Oct 27, 2017, at 7:48 AM, Eric Rescorla <[email protected]> wrote: > > > > The entire principle here is that (absent DNSSEC) TLS operates on what > was fed into the client. > > Could you elaborate a bit? I feel like I'm missing some context. > > Thanks, > > Keith > >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
