[caops-wg] GFD 125 CN for network entities
Doug Olson
dlolson at lbl.gov
Thu Jun 25 18:58:08 CDT 2009
On 6/25/2009 4:34 PM, Mike Helm wrote:
> Doug Olson writes:
>
>>> The only network entity that ssl/tls can really distinguish is the host itself,
>>> not the applications running on it. Even that is not quite the right way
>>>
>
>
>> The SSL layer is using whatever server certificate the application presents.
>> Different applications should use different certificates.
>>
>
> There's no problem with that that I know of.
> SSL/TLS and the Grid gssapi variant has certain issues that have to
> be addressed, that's all.
>
The problem comes from having a recommendation that the CN is only the FQDN
but also having several different server certificates issued for
different applications
(with different people responsible) all with the same subjectname.
I am saying the recommendation in GFD125 should be changed.
Doug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3994 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.ogf.org/pipermail/caops-wg/attachments/20090625/17d00eca/attachment.bin
More information about the caops-wg
mailing list