* Does it seems like it's at all reasonable, from the perspective of the security area and focus on PKIX (documents and tools), for an application profile like this to say to conform to "... RFC 5280 with the exception of the FQDN/IP-address restriction on URI authority part". It's not exactly an update to RFC 5280 but I don't know how valid or typical it is for one RFC to relax requirements from a normative reference.
How would that work? Let’s take an application using OpenSSL. It currently calls d2i_X509() to parse the DER into internal format. It does various cert checks along the way. Would you add a new API (because you can’t change the calling sequence it breaks all existing applications), and then pass that flag down through all the call stack?
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
