On Fri, Mar 19, 2021 at 05:19:17PM +0100, Eliot Lear wrote: > This is it for me. Apparently you are not going to be convinced that > the world is bigger than the web. This is not about excuses, but the > real world. It is not about lawyering- few of us here, [...]
I think you've convinced yourself that there isn't a better alternative to the one you've suggested, and so you feel justified in writing such an aggressive reply to Hubert (which reads to me as "apparently you are not going to be convinced that you're so very very wrong, have a nice day"). My take is that RPs should be prepared to validate certs issued before a certain date using the old DN rules but require SANs in certs issued after. This covers the extant very-long-lived certs use cases while still making progress. Now, there might be other extant issues, like old RPs that can't be upgraded. There's still room for argument. Nico -- _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
