On Sat, Feb 11, 2006 at 01:34:28AM -0700, Kyle Hamilton wrote: > It can be an IP, but I'm not sure about the > encoding rules for it (SMTP requires an IP in the destination field to > be in the form [192.168.1.1] (in square brackets)
This is really the "domain literal" construct in the mailbox grammar of RFC822/821. It is not used alone. [EMAIL PROTECTED] > subjectAltName=dNSName: domain.com > subjectAltName=dNSName: *.domain.com > subjectAltName=dNSName: *.*.domain.com The semantics of "*.*.domain.com" are poorly defined. It is not likely to work uniformly. > The binding isn't done via IP address (as DNS can be spoofed), but > rather by proof of possession of secret key. > Specifically, IP addresses in certificates are only useful, if the client is configured to connect to a specific IP address and intends to verify said address. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]