Re: [TLS] Verifying X.509 Certificate Chains out of order
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] Verifying X.509 Certificate Chains out of order
On Thu, 09 Oct 2008 01:12:40 +1300
pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:
> Martin Rex <Martin.Rex at sap.com> writes:
>
> >But I really dislike the idea of expecting an empty DName (i.e. one
> >that contains no RDName elements in the ASN.1 SEQUENCE) should have
> >the same meaning as _NO_ DName at all! Are you sure that this
> >notion is interoperable with other implementations?
>
> Because TLS client certs are so rarely used it's hard to say, the
> best I can say is "I haven't run into problems so far", but that
> doesn't mean much given the very small sample size.
FYI, my favorite MUA (claws-mail) has support for client-side
certificates in its latest release. I'll let you know how well they
work...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
