>>>>> "Luke" == Luke Howard <[email protected]> writes:
Luke> In the case of hostname (or more generally, SPN) aliases, then
Luke> the initiator will fail if the acceptor returns its canonical
Luke> service principal name, because it has no way of validating
Luke> one against the other (a simple comparison may fail and the
Luke> canonicalisation logic belongs on the server side).
Right.
That's why the initiator is recommended to send its preferred name in
the initial state.
Actually, perhaps a better implementation strategy is for the acceptor
to look at what the initiator sends, see if it likes that, and if so,
return exactly that name in extensions state.
If the acceptor doesn't have a good handle on its own aliases, it's
probably better that it not return a response in extensions state (it
has that option).
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
