On Tue, 2007-04-24 at 09:42 +0200, Eliot Lear wrote: > Miao, > In addition, you have another problem in the text: > > > If the client is configured with IP address > > of the server, the hostname should be got first through a trusted > > mechanism such as a preconfigured hosts table or DNSSEC [8]. > > It is often the case that a reverse map does not match a forward map. > For example, often times a service provider might allocate IP address > space and route that space to a customer but not delegate the reverse > mapping. This is particularly true in consumer environments. I would > suggest that if the client is configured with an IP address, that it is > what should be present in the certificate, as the name has no meaning at > all to the client.
And the IP address can also be added to the X.509 certificate in the subjectAltName extension. -- Bazsi _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
