Replying to myself, and apologies to those who got my first, mangled attempt at this,
I have just read draft-ietf-netconf-tls-02.txt which covers an almost identical territory to transport-tls but with server and client roles reversed; well worth a read. Where we used to refer to RFC2818, it refers to RFC4642 (which itself considers relays). It has a reference to RFC5280 and specifies section 6 for certificate paths. It does not consider fingerprinting. It does not consider alternatives to hostname. <rant> As I have said before, I see a crying need for a generic 'application over ...' I-D for others - like me - to draw on and reference, lest we keep inventing our (less than round?) wheels. </rant> Tom Petch > > ----- Original Message ----- _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
