Re: Any interest in rigorous definition for SSL certificate verification in SMTP?
"Carl S. Gutekunst" <csg@alameth.org> Mon, 14 November 2011 23:18 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id pAENI4oK068798 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Nov 2011 16:18:05 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id pAENI4Yd068797; Mon, 14 Nov 2011 16:18:04 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from relay01.pair.com (relay01.pair.com [209.68.5.15]) by hoffman.proper.com (8.14.4/8.14.3) with SMTP id pAENI32v068792 for <ietf-smtp@imc.org>; Mon, 14 Nov 2011 16:18:04 -0700 (MST) (envelope-from csg@alameth.org)
Received: (qmail 45442 invoked from network); 14 Nov 2011 23:18:03 -0000
Received: from 67.115.118.5 (HELO clavinova.eng.sonicwall.com) (67.115.118.5) by relay01.pair.com with SMTP; 14 Nov 2011 23:18:03 -0000
X-pair-Authenticated: 67.115.118.5
Message-ID: <4EC1A1AB.1030507@alameth.org>
Date: Mon, 14 Nov 2011 15:18:03 -0800
From: "Carl S. Gutekunst" <csg@alameth.org>
User-Agent: Thunderbird 2.0.0.24 (X11/20100228)
MIME-Version: 1.0
To: SM <sm@resistor.net>
CC: SMTP Interest Group <ietf-smtp@imc.org>
Subject: Re: Any interest in rigorous definition for SSL certificate verification in SMTP?
References: <4EC0C9EB.1040506@alameth.org> <4EC0E09D.60704@dcrocker.net> <6.2.5.6.2.20111114063242.08cad4c0@resistor.net>
In-Reply-To: <6.2.5.6.2.20111114063242.08cad4c0@resistor.net>
X-Stationery: 0.5.1
Content-Type: multipart/alternative; boundary="------------070801090501090305010305"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
SM wrote: > > At 01:34 AM 11/14/2011, Dave CROCKER wrote: >> what's the purpose? what problem is this intended to solve? how >> prevalent is that problem now? > > There was a discussion about this subject a year ago ( it may be > related to > http://www.ietf.org/mail-archive/web/yam/current/msg00420.html ). That's client verification, a worthy topic for sure, and one I'm going to be deep-diving into soon. But different from the problem I was thinking of at the moment. > I vaguely recall some discussion about SSL certificate verification. > See RFC 6125 as well. Right, until proven otherwise, RFC 6125 was what I was looking for. % ls /srv/docs/internet/rfc6???.txt ls: No match. Doh. <csg>
- Re: Any interest in rigorous definition for SSL c… SM
- Re: Any interest in rigorous definition for SSL c… Alexey Melnikov
- Re: Any interest in rigorous definition for SSL c… Alexey Melnikov
- Re: Any interest in rigorous definition for SSL c… Carl S. Gutekunst
- Re: Any interest in rigorous definition for SSL c… Carl S. Gutekunst
- Re: Any interest in rigorous definition for SSL c… Robert A. Rosenberg
- Re: Any interest in rigorous definition for SSL c… Tony Finch
- Re: Any interest in rigorous definition for SSL c… Tony Finch
- SMTP TLS and CN Domain Matching Hector Santos
- Re: Any interest in rigorous definition for SSL c… Carl S. Gutekunst
- Re: Any interest in rigorous definition for SSL c… Hector Santos
- Re: Any interest in rigorous definition for SSL c… Alexey Melnikov
- Re: Any interest in rigorous definition for SSL c… Alexey Melnikov
- Re: Any interest in rigorous definition for SSL c… Carl S. Gutekunst
- Re: Any interest in rigorous definition for SSL c… Mark Andrews
- Re: Any interest in rigorous definition for SSL c… Carl S. Gutekunst
- Re: Any interest in rigorous definition for SSL c… Carl S. Gutekunst
- Re: Any interest in rigorous definition for SSL c… Dave CROCKER
- Re: Any interest in rigorous definition for SSL c… Tony Finch
- Re: Any interest in rigorous definition for SSL c… Dave CROCKER
- Re: Any interest in rigorous definition for SSL c… Arnt Gulbrandsen
- Any interest in rigorous definition for SSL certi… Carl S. Gutekunst