On Monday, 15 March 2021 11:38:04 CET, Henning Krause wrote:
Hi,
As a developer for an email security gateway, I'm all in favor
of validating the SAN instead of the CN on the SMTP level.
And though SMTP mostly uses opportunistic TLS, mandatory use of
TLS is increasing with more people adopting MTA-STS.
Now, the proposed RFC is specifically scoped to TLS
certificates. I think pushing the same thing for SMIME
certificates would also be useful.
Were people putting email addresses into the CN field, where there has been
an email field since "forever"?
I don't think we shoud worry (and thus include that information in the RFC)
about them.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
