[Devel] Re: [Users] TLS setup
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Tue Oct 11 20:06:52 CEST 2005
in order to speed up the testing for the release, I would suggest to
start the TLS testing in parallel with the disputions about the
multi-domain setups and how to generate/distribute the certificates.
Prior to complex settings, I think it's good to have a solid engine
under the hood ;).
just for testing, using certificates under same root CA will be fine
(keep it simple). People still interested, please let me know.
regards,
bogdan
Juha Heinanen wrote:
>Klaus Darilion writes:
>
> > The second problem: RFC3263 also states that by validating the domain in
> > the certificate it is possible to detect hacked nameserver entries. But
> > with your suggestion (using only a host certificate), this wouldn't be
> > possible.
>
>name server entries should be protected by dns means, not later by
>application means.
>
>-- juha
>
>_______________________________________________
>Devel mailing list
>Devel at openser.org
>http://openser.org/cgi-bin/mailman/listinfo/devel
>
>
>
More information about the Devel
mailing list