[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Handling of certificates in Debian

On Mon, Sep 02, 2002 at 10:10:07PM +0200, Richard Braakman wrote:
[on TLS]
> If you're going to tinker with the specification anyway, I would
> suggest one where the client states up front whose certificate it wants.

Such the Server Name Indication mechanism described in:
<http://www.ietf.org/internet-drafts/draft-ietf-tls-extensions-05.txt>

Or, using a "TLS upgrade" procedure as in RFC2817 where the server name
can be specified in a Host: header before the TLS handshake is started.
For other protocols, e.g. IMAP and SMTP, the STARTTLS method is used to
do something similar.

-- 
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/
Reply to: