IETF Logo Mail Archive

[TLS] Re: Encoding of data for Server Name Indication?

Simon Josefsson <simon@josefsson.org> Tue, 19 June 2007 09:03 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I0Zcc-00064k-QS; Tue, 19 Jun 2007 05:03:34 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I0Zcc-00064S-6p for tls@lists.ietf.org; Tue, 19 Jun 2007 05:03:34 -0400
Received: from vinyl.extundo.com ([83.241.192.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I0ZcH-0006Id-4B for tls@lists.ietf.org; Tue, 19 Jun 2007 05:03:34 -0400
Received: from mocca.josefsson.org (38.177.241.83.in-addr.dgcsystems.net [83.241.177.38]) (authenticated bits=0) by vinyl.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l5J92qHv025150 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 19 Jun 2007 11:02:54 +0200
From: Simon Josefsson <simon@josefsson.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <200706130441.01903.bradh@kdelabs.net> <200706190935.09520.bradh@kdelabs.net> <p06240804c29ccb942b63@[10.20.30.108]> <200706191027.34934.bradh@kdelabs.net> <p06240806c29cd5af89d2@[10.20.30.108]>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:070619:tls@lists.ietf.org::sMz+cYU+p0ocfnD+:0ppE
X-Hashcash: 1:22:070619:bradh@kdelabs.net::cBng/O0k9MUi1Y+Z:GU1p
X-Hashcash: 1:22:070619:paul.hoffman@vpnc.org::nQjC2mLFqZTwCWeo:HxGj
Date: Tue, 19 Jun 2007 11:02:52 +0200
In-Reply-To: <p06240806c29cd5af89d2@[10.20.30.108]> (Paul Hoffman's message of "Mon\, 18 Jun 2007 17\:39\:20 -0700")
Message-ID: <87wsy0qptv.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.0.95 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: tls@lists.ietf.org
Subject: [TLS] Re: Encoding of data for Server Name Indication?
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Paul Hoffman <paul.hoffman@vpnc.org> writes:

>>Which part of the system is responsible for making sure that the host name and
>>the server certificate match?
>
> The TLS implementation.

I'd be happy to change my implementation if there is consensus about
what RFC 4366 is intended to imply, or if an updated document is
published.  I haven't understood yet whether there is consensus about
what the text in RFC 4366 really should imply in practice?

One approach is for the server to apply ToASCII on each label of both
what's in the certificate and what's in the SNI, concatenate them using
ASCII '.' and compare the result using strcmp() (in the C locale..).

/Simon

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.46.0 | Report a Bug | By Email | System Status