Kent Watsen <[email protected]> wrote: > Separately, as long as we're raising issues with RFC 8366, I strongly > believe that the pinned-domain-certificate should've be a list of > certificates. Or, in crypto-types [1] terms, a trust-anchor-cert-cms, > not a trust-anchor-cert-x509. To enable the pinned-domain-certificate > for an intermediate CA to be a chain that includes the root self-signed > certificate, thus supporting tooling unable to validate partial-chains.
I believe that a future version could make this change relatively easily, particularly if we do it quickly. Destinguishing between arrays of 1-element and single-items isn't that difficult in the serializations we have. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
