On Wed, Mar 17, 2021 at 07:53:25AM +0100, Eliot Lear wrote: > The alternative view is that we shouldn’t break stuff or write edicts > we know will be ignored. AR certs are burned into products. They’re > NEVER going to change, and some code in some contexts need to expect > them. That includes, by the way, in all likelihood, the smart meter > providing your house electricity. Not everything is apache or a > browser that you can take an auto-update and simply get away from bad > code. The world is a complex place.
A better alternative view is that certs issued before a certain date can continue to be validated with the old rules, and certs issued after can be required by RPs to have SANs. A much better approach to not breaking existing things while still making progress. Nico -- _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
