Leif Johansson <le...@sunet.se> wrote: > Salz, Rich wrote: > > *>* I think it would be much better to rewrite RFC 6125 with all the > patches applied, and then have that new document obsolete RFC 6125 instead > of updating it. > > > > I took another look at 6125 and I am happy to put up a draft if the WG > prefers that approach. > > > > That is still a possible outcome of a WG draft - nothing forces us to > publish as a separate doc. >
Then I think the working group should adopt this and I'll help review it. It actually looks pretty good to me. The only thing I disagree with is "Severs either MUST NOT issue a CN-ID, or MUST use a form for the Common Name RDN that cannot be mistaken for an identifier" and similar language. It would be better to let people put whatever they want in the CN field of the subject whether or not it looks like a domain name. As long as conformant clients stop using the CN as a dNSName/iPAddress SAN alternative, then it doesn't matter what's in the CN. Probably some users will need to duplicate what's in the SAN in the subject CN for backward compatibility with nonconformant verifiers. Cheers, Brian -- https://briansmith.org/
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
