Hi all,
Interesting discussion :)
On 10/10/05, Greger V. Teigre <greger(a)teigre.com> wrote:
From that perspective, you would probably only
allow From domains that
are
found in the CN and alternative names of the certificate of server A.
I don't think this is a general matter (finding what is "correct"), but
more
about the policies you implement (or level of integrity checks you want to
enforce). Do you allow the certificate of the sender to deviate
(domain-wise) from the domain of the proxy? If you have multiple proxies
between you and the sender and you trust the proxy, you probably will
allow
it. If you are peering with a proxy and only want to allow that proxy's
users, you probable disallow it.
I would agree with greger that the authentication you need depends on the
local policy. For that, ser needs to provide flexible mechanism as i don't
think there is a one-fits-all.
As it is now, the current tls code does not really allow for flexibility, i
would say. How about creating some kind of module that would allow in-depth
access to tls functions, such as
- tls_verify_peer_cert()
- tls_check_from()
- tls_check_to()
.....
This way a barebones connection may be accepted on the tls level (say, just
server authentication). Then, in the config file you may be able to stiffen
the authentication requirements with a bunch of functionalities provided by
a tls_tools module.
Regards,
Cesc