[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] How evil is TLS cert collection?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 06/04/2011 12:37 PM, tagnaq wrote:
> IP address and hostname (and cert.) of intranet-server1.example.com
> using a valid certificate *.example.com will be published even if the
> first two options in the "advanced options" are enabled. Is that correct?
> In such scenarios I'm not worried about the certificate being submitted
> but the hostname and IP address (domain and server_ip arguments).
To make this example clearer:
The internal DNS resolves intranet-server1.example.com to a public IP
address (non RFC1918). The public DNS does not resolve this hostname
(split DNS).
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk3qk0AACgkQyM26BSNOM7YgjQD/Y5k2f4A5oZ1iN6YHAvlxm76f
imGN4ouFX1BftSTBdJkBAIr1xVUdNg8enYqo8n984ClZ29vzJcKpEfOgVfjYmrFk
=i/Wt
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk