IETF Logo Mail Archive

Re: Any interest in rigorous definition for SSL certificate verification in SMTP?

"Carl S. Gutekunst" <csg@alameth.org> Mon, 14 November 2011 23:18 UTC

Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id pAENI4oK068798 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Nov 2011 16:18:05 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id pAENI4Yd068797; Mon, 14 Nov 2011 16:18:04 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by hoffman.proper.com (8.14.4/8.14.3) with SMTP id pAENI32v068792 for <ietf-smtp@imc.org>; Mon, 14 Nov 2011 16:18:04 -0700 (MST) (envelope-from csg@alameth.org)
Received: (qmail 45442 invoked from network); 14 Nov 2011 23:18:03 -0000
Received: from 67.115.118.5 (HELO clavinova.eng.sonicwall.com) (67.115.118.5) by relay01.pair.com with SMTP; 14 Nov 2011 23:18:03 -0000
X-pair-Authenticated: 67.115.118.5
Message-ID: <4EC1A1AB.1030507@alameth.org>
Date: Mon, 14 Nov 2011 15:18:03 -0800
From: "Carl S. Gutekunst" <csg@alameth.org>
User-Agent: Thunderbird 2.0.0.24 (X11/20100228)
MIME-Version: 1.0
To: SM <sm@resistor.net>
CC: SMTP Interest Group <ietf-smtp@imc.org>
Subject: Re: Any interest in rigorous definition for SSL certificate verification in SMTP?
References: <4EC0C9EB.1040506@alameth.org> <4EC0E09D.60704@dcrocker.net> <6.2.5.6.2.20111114063242.08cad4c0@resistor.net>
In-Reply-To: <6.2.5.6.2.20111114063242.08cad4c0@resistor.net>
X-Stationery: 0.5.1
Content-Type: multipart/alternative; boundary="------------070801090501090305010305"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

SM wrote:
>
> At 01:34 AM 11/14/2011, Dave CROCKER wrote:
>> what's the purpose?  what problem is this intended to solve?  how 
>> prevalent is that problem now?
>
> There was a discussion about this subject a year ago ( it may be 
> related to 
> http://www.ietf.org/mail-archive/web/yam/current/msg00420.html ).

That's client verification, a worthy topic for sure, and one I'm going 
to be deep-diving into soon. But different from the problem I was 
thinking of at the moment.

> I vaguely recall some discussion about SSL certificate verification.  
> See RFC 6125 as well.

Right, until proven otherwise, RFC 6125 was what I was looking for.

    % ls /srv/docs/internet/rfc6???.txt
    ls: No match.

Doh.

<csg>

v2.23.0 | Report a Bug | By Email