Rainer Gerhards wrote: > So we require an application to support certificates to identify the > remote peer, go great length to prevent anonymous peers ... and > then we introduce anon peers by allowing wildcards inside the > certificate? Well... if that's really our intension, I'll no longer > object it. I just wonder why we don't simply allow plain anon peers > as was suggested by others and me several times...
Wildcards in certificates aren't anonymous peers; they're a shorthand for specifying that the subject of the certificate is the valid "owner" of (large set of) multiple different names. Plain anonymous peers are allowed by the specification, but the text about them is in a different subsection than we're discussing now. Best regards, Pasi _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
