7 Dec
2007
7 Dec
'07
9:01 a.m.
Duane Merrill wrote:
Thanks for the comments, Sven!
In various places throughout the document you say that a server certificate is provided for "hostname verification" (e.g. line 454). I think that this is restrictive as the certificate authenticates the server and not just the name of the remote host that gives you access to the server. I think that these statements could be rephrased.
Yes, we're going to rephrase the discussion to "identity verification".
The actual suggestion I made was "service identity verification". It's not about general identity verification, which is a much thornier subject due to privacy issues. Donal.