[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: msgtrk: MTQP, TLS, & SRV
Date: Fri, 8 Feb 2002 13:00:17 -0800
From: Gregory Neil Shapiro <gshapiro@xxxxxxxxxxxx>
Cc: ietf-msgtrk@xxxxxxx, Tony Hansen <tony@xxxxxxx>
leg+> Regardless, MTQP needs to specify what certificate name needs to be
leg+> sent.
Why "regardless"? If it is solved in the TLS protocol, why duplicate it in
the MTQP protocol? Or are you assuming it will never be solved by the TLS
protocol?
The multi-homed server problem can be solved in the TLS protocol.
What name the client expects cannot.
I do a SRV look on _mtqp._tcp.smtp3.example.com and get back
msgtrk.example.com, port 4530. I connect to msgtrk.example.com 4530,
and issue STARTTLS.
What certificate name should I expect? (In a future TLS protocol,
what certificate name should I request?)
"smtp3.example.com" might not be a great choice: that certificate name
may already be in use on a different machine. "msgtrk.example.com" is
definitely wrong---I received it from the insecure DNS system.
"_mtqp._tcp.smtp3.example.com" makes some sense but is kinda ugly.
You can see the LDAP SRV discussion on ldapext for more on this.
Larry