[NNTP] One more STARTTLS issue

Russ Allbery rra at stanford.edu
Mon Aug 15 08:33:31 PDT 2005


Sorry, I missed this.

I don't think we did anything about this portion of Sam's review of
STARTTLS:

| The TLS document discusses certificate matching but does not discuss
| certificate verification.  I'd recommend using the certificate
| verification specified in RFC 3280.  You certainly need to say
| something about verification.

I think this may be as simple as inserting a sentence or so with a
normative reference to RFC 3280.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the ietf-nntp mailing list