[Devel] Re: [Users] TLS setup

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Oct 11 20:06:52 CEST 2005


in order to speed up the testing for the release, I would suggest to 
start the TLS testing in parallel with the disputions about the 
multi-domain setups and how to generate/distribute the certificates.
Prior to complex settings, I think it's good to have a solid engine 
under the hood ;).

just for testing, using certificates under same root CA will be fine 
(keep it simple). People still interested, please let me know.

regards,
bogdan

Juha Heinanen wrote:

>Klaus Darilion writes:
>
> > The second problem: RFC3263 also states that by validating the domain in 
> > the certificate it is possible to detect hacked nameserver entries. But 
> > with your suggestion (using only a host certificate), this wouldn't be 
> > possible.
>
>name server entries should be protected by dns means, not later by
>application means.
>
>-- juha
>
>_______________________________________________
>Devel mailing list
>Devel at openser.org
>http://openser.org/cgi-bin/mailman/listinfo/devel
>
>  
>




More information about the Devel mailing list