EDIT: And of course, RFC 5280 describes the process of correct hostname validation, too.
Hi, >> We seem to be woefully short on advice dealing with hostname >> validation. This is probably the real world problem that most often >> trips people up, in part because OpenSSL versions prior to 0.9.8 don't >> do it, and many TLS libraries have poor interfaces for it. > > I would appreciate proposed text about hostname validation. I suspect > this simply amounts to "please implement the RFC correctly", but if > there's something better we can say, let's do it. IIRC the current Baseline Requirements by the CA/B Forum have such a definition. It amounts to putting the domain/host name in the Subject Alternative Name, with wildcarding defined. I can put together some text, if you want? Ralph -- Ralph Holz I8 - Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/ Phone +49.89.289.18043 PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
