Hi all,
 
Interesting discussion :)
 
On 10/10/05, Greger V. Teigre <greger@teigre.com> wrote:
>From that perspective, you would probably only allow From domains that are
found in the CN and alternative names of the certificate of server A.

I don't think this is a general matter (finding what is "correct"), but more
about the policies you implement (or level of integrity checks you want to
enforce). Do you allow the certificate of the sender to deviate
(domain-wise) from the domain of the proxy?  If you have multiple proxies
between you and the sender and you trust the proxy, you probably will allow
it. If you are peering with a proxy and only want to allow that proxy's
users, you probable disallow it.
 
I would agree with greger that the authentication you need depends on the local policy. For that, ser needs to provide flexible mechanism as i don't think there is a one-fits-all.
As it is now, the current tls code does not really allow for flexibility, i would say. How about creating some kind of module that would allow in-depth access to tls functions, such as
- tls_verify_peer_cert()
- tls_check_from()
- tls_check_to()
.....
This way a barebones connection may be accepted on the tls level (say, just server authentication). Then, in the config file you may be able to stiffen the authentication requirements with a bunch of functionalities provided by a tls_tools module.
 
Regards,
 
Cesc