On Tue, Feb 1, 2022 at 11:55 AM Stefan Santesson <ste...@aaa-sec.com> wrote:
> Hi, > > This issue is currently discussed in the LAMPS WG. The background is > that X.520 removed the size limitations of the common X.520 attributes > in 2008, while they are still enforced in RFC 5280. > > I don't want to move this discussion to TSL and I don't want to express > an opinion on the matter in this thread. > > However, I'm curious about the facts of the case, and would appreciate > if people here could help me answer a key question: > > > - Would removal of such upper bounds (e.g. common name max 64 > characters) break TLS in any way such as: > > a) Breaking current implementations > > b) Require any changes or updates to the TLS standard. > Without taking a position on this particular case... >From a standards perspective, TLS requires that certificates conform to RFC 5280, and I would expect that if we were to relax any requirement in 5280, that would require that the associated RFC update 8446. >From a practical perspective, it seems like this creates potential interoperability risk because you don't know whether a client enforces these restrictions or not. Perhaps one could do a survey of common implementations and see who enforces the limit and then try to normalize it by measured use levels. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
