On 6/25/2009 4:34 PM, Mike Helm wrote:
Doug Olson writes:
The only network entity that ssl/tls can really distinguish is the host itself, not the applications running on it. Even that is not quite the right way
The SSL layer is using whatever server certificate the application presents. Different applications should use different certificates.
There's no problem with that that I know of. SSL/TLS and the Grid gssapi variant has certain issues that have to be addressed, that's all.
The problem comes from having a recommendation that the CN is only the FQDN but also having several different server certificates issued for different applications (with different people responsible) all with the same subjectname. I am saying the recommendation in GFD125 should be changed. Doug