Hi Henning, > Hi, > > As a developer for an email security gateway, I'm all in favor of validating > the SAN instead of the CN on the > SMTP level. > > And though SMTP mostly uses opportunistic TLS, mandatory use of TLS is > increasing with more people > adopting MTA-STS. > > Now, the proposed RFC is specifically scoped to TLS certificates. I think > pushing the same thing for SMIME > certificates would also be useful.
I don't think S/MIME is in scope of UTA charter... Regards, Valery. > Kind regards, > Henning > > > -----Original Message----- > > From: Uta [mailto:uta-boun...@ietf.org] On Behalf Of Viktor Dukhovni > > Sent: Montag, 15. März 2021 11:32 > > To: uta@ietf.org > > Subject: Re: [Uta] Adoption of draft-rsalz-use-san > > > > > On Mar 15, 2021, at 7:58 AM, Eliot Lear <lear=40cisco....@dmarc.ietf.org> > > wrote: > > > > > > Architecturally, Rich is nailing it. We should be encouraging the use of > > SANs. However, use of SANs beyond the scope of the web may not be > > entirely ubiquitous, and so we should either be a bit more targeted, or > > slow > > roll the other uses with some backward compatibility language. Personally I > > like the latter approach. We shouldn’t hold up deprecation across the web > > due to the other uses, but we should encourage those other uses to move > > off of subject. > > > > > > If Rich and others are ok with that, I’m all for adoption. > > > > Certificates are barely checked in SMTP at all (opportunistic and at that), > > but > > to the extent that they are, I am not aware of anyone who's got meaningful > > certificates that only have a matching CN and no matching SAN. > > > > It is fine to deprecate the requirement to support CNs in the absence of a > > DNS-ID SAN also for SMTP (not just Web). Long overdue. > > > > -- > > Viktor. > > > > _______________________________________________ > > Uta mailing list > > Uta@ietf.org > > https://www.ietf.org/mailman/listinfo/uta > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
