On Sun, Nov 21, 2021 at 04:06:35PM +0000, Salz, Rich wrote:
> I find Viktor's description of the asymmetry between clients and servers to
> be spot-on.
>
> John, could you craft a sample sentence you'd like to see? Something
> like this as a new sentence at the end of the second paragraph of the
> "In Scope" section:
>
> In cases where both parties are part of the same administrative
> domain, it MAY be acceptable to have the server enforce the same
> naming requirements on the connecting client.
>
If John's point was that an agent that acts sometimes as a client and
sometimes as a server may use the same certificate and key for both
roles, and so the server rules then apply, that's fine I think.
I don't recall any "cross-role" attacks that compromise a TLS server by
a separate attack on its activity as a TLS client.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
