On 15/04/2015 02:14, Brian Smith wrote:
Viktor Dukhovni <[email protected]> wrote:
Brian Smith wrote:
When the MUA connects to imap.gmail.com, how would the server know
which certificate to give the MUA? Would the MUA put
"_imap.example.com" in the SNI extension of the TLS ClientHello when
connecting to the GMail server?
No, it would send the base domain "example.com". The IMAP server would
need to know that an "_imap.exmaple.com" certificate is the right one
to return if that's what it has (absent an "example.com" certificate
on hand).
Thanks. That's not what I expected. Do you know which part of which
RFC documents that?
RFC 6125.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
