
----- Original Message -----
From: "Jay Ashworth" <jra@baylink.com>
Who should implement the normalization logic? Not the SSL library, certainly. That sounds like the bailiwick of the resolver library...
No, in fact, I think this is layer... 3 or 4, not 2; this *should* be in the SSL library -- *you're not resolving this name*.
Or maybe even above that. RFC 5246 seems the currently controlling spec, and neither it nor the Wikipedia article on this: https://en.wikipedia.org/wiki/Transport_Layer_Security actually says *what the client is supposed to do with the Server Certificate* which 7.4.2 says the server will send; appendix D.2 explicitly punts that question "upstairs"... but I'm not sure exactly to where, as I don't know in detail how HTTPS connections are generally set up. I suspect, though, that at this point, it leaves NANOG's domain. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274