If the DNS is not present as CN, the certificate simply states that the CA (that I trust) did issue the private key to corresponding to the public key contained within the certificate. And since the private key is needed for signing and decryption, is this not security enough for data transfer?
/Jan On Thu, 2002-01-10 at 15:58, Rich Salz wrote: > Jan Vittrup Hansen wrote: > > > Why should one include the DNS/IP of oneself in a certificate? > > It provides a convenient "hook" for a client to map the server > certificate to the server it is connecting to. The certificate says > "this is the keypair for foo.bar.com". If the DNS is not in the name, > what is the certificate saying? > /r$ > > -- > Zolera Systems, http://www.zolera.com > Information Integrity, XML Security > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
