Author pitrou
Recipients Ryan.Tucker, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, giampaolo.rodola, heikki, janssen, jsamuel, kiilerix, orsenthil, pitrou, vila, zooko
Date 2010-10-04.17:19:57
SpamBayes Score 2.47551e-08
Marked as misclassified No
Message-id <1286212791.3178.51.camel@localhost.localdomain>
In-reply-to <1286212126.76.0.64007303154.issue1589@psf.upfronthosting.co.za>
Content
> I think it looks good except for the wildcard checking. According to
> the latest draft of that TLS id-checking RFC, you aren't supposed to
> allow the wildcard as part of a fragment. Of course this contradicts
> RFC 2818.

Well, since it is then an "error" (according to the id-checking draft)
in the certificate itself rather than the hostname we are trying to
match, it seems there would be no real issue in accepting the match
anyway. It's up to CAs to make sure that certificates conform to
whatever standard is currently in effect.

I'm also assuming RFC 2818 is in wider use than the id-checking draft;
am I wrong?
History
Date User Action Args
2010-10-04 17:19:59pitrousetrecipients: + pitrou, zooko, janssen, orsenthil, giampaolo.rodola, vila, heikki, ahasenack, kiilerix, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2010-10-04 17:19:57pitroulinkissue1589 messages
2010-10-04 17:19:57pitroucreate