On Sat, Aug 16, 2014 at 2:51 AM, Yaron Sheffer <[email protected]> wrote:
> Hi Watson, > > > On 08/06/2014 06:53 AM, Watson Ladd wrote: > >> Dear all, >> >> We seem to be woefully short on advice dealing with hostname >> validation. This is probably the real world problem that most often >> trips people up, in part because OpenSSL versions prior to 0.9.8 don't >> do it, and many TLS libraries have poor interfaces for it. >> > > I would appreciate proposed text about hostname validation. I suspect this > simply amounts to "please implement the RFC correctly", but if there's > something better we can say, let's do it. Rather than "please implement the RFC correctly", I'd say "please test that your implementation correctly implements hostname verification, using dnschef or another spoofer. I have an example here: http://tersesystems.com/2014/03/31/testing-hostname-verification/ Will.
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
