[19429] in cryptography@c2.net mail archive
Re: browser vendors and CAs agreeing on high-assurance certificat
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Dec 27 16:59:05 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 24 Dec 2005 17:38:20 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: EKR <ekr@rtfm.com>
Cc: Ian G <iang@systemics.com>, leichter_jerrold@emc.com,
pgut001@cs.auckland.ac.nz, cryptography@metzdowd.com,
jamesd@echeque.com, smb@cs.columbia.edu
In-Reply-To: <86psnmxwtz.fsf@romeo.rtfm.com>
Eric Rescorla wrote:
> Ben Laurie <ben@algroup.co.uk> writes:
>>> And we need SSL v2 to die so it doesn't interfere
>>> with the above.
>> Actually, you just disable it in the server. I don't see why we need
>> anything more than that.
>
> The problem is that the ServerHostName extension that signals
> which host the client is trying to contact is only available
> in the TLS ClientHello.
Sure, but if the server won't negotiate SSL 2, why is this a problem?
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
