[161086] in North American Network Operators' Group
Re: Should host/domain names travel over the internet with a
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Mon Feb 25 13:51:15 2013
Date: Mon, 25 Feb 2013 13:50:58 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <7370441.7160.1361812308247.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Jay Ashworth" <jra@baylink.com>
> > Who should implement the normalization logic? Not the SSL library,
> > certainly. That sounds like the bailiwick of the resolver library...
>
> No, in fact, I think this is layer... 3 or 4, not 2; this *should*
> be in the SSL library -- *you're not resolving this name*.
Or maybe even above that.
RFC 5246 seems the currently controlling spec, and neither it nor
the Wikipedia article on this:
https://en.wikipedia.org/wiki/Transport_Layer_Security
actually says *what the client is supposed to do with the Server Certificate*
which 7.4.2 says the server will send; appendix D.2 explicitly punts that
question "upstairs"... but I'm not sure exactly to where, as I don't know
in detail how HTTPS connections are generally set up.
I suspect, though, that at this point, it leaves NANOG's domain.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
