Resolver, at least. On a related note, I'd also expect to send the name
as SNI by default; 8.8.8.8 was not even sending me a certificate unless
I sent SNI (only when using TLS 1.3 though)
When I said verify by name I meant by DNS name, so the certs can be
signed by the existing ACME protocol or whatever.
I also meant verification by DNS (host)name in certificate's CN, signed
by some commonly accepted authority. I don't know where the
misunderstanding is.
Oh, OK, it sounded like you would ask for SNI for an IP.
Google's servers are inconsistent. When I connect to 8.8.8.8 it's OK with
no SNI, but 8.8.4.4 wants an SNI host name, not an IP.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
