On Wed, 2006-03-22 at 05:21 +1100, Darren Reed wrote: > > On Tue, 2006-03-21 at 18:00 +0800, Miao Fuyou wrote: > > > > So we either leave the SSL certificate binding undefined for the > > operators to decide, or we need to clarify how certificate is to be > > validated. > > How much of this is an operational matter that varies from site to site > with local policies on such things ?
Honestly I don't know. HTTPS gives you a certificate model on the server side as well. (e.g. use server name in subjectAltName or in CN) I would say that the basic model is mandated by the protocol, with overrides in the operator's hand (e.g. the "Yes, I want to continue" button in the browser, in the case of HTTPS). -- Bazsi _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
