 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
> Comparing the Server-Id in the certificate to the expected server > name limits the damage that will result from an attacker compromising > a server private key. If the peer does not check the Server-Id, then > the peer would accept a compromised server certificate chaining to > any of the configured trust anchors. >
[Joe] If the server key is compromised then it seems checking the server-ID will not help discover this or limit damage.
_______________________________________________ Emu mailing list Emu at ietf.org https://www1.ietf.org/mailman/listinfo/emu