On Wed, Apr 21, 2021 at 06:50:56PM +0200, Eliot Lear wrote:
> If this is scoped to dnsNames then I’m fine with it going forward as
> is. Other names would be problematic.
It was my expectation/understanding all along that we're talking about
is deprecation of CN-ID fallback when the reference identifier is a
DNS-ID.
Ideally, I'd like to see certificates that have only DNS-ID SANs
published with an empty subject name. This is already the case when the
DNS-ID exceeds the 64 character limit on CommonName, and it would be
simply more consistent to just drop the subject name entirely, it
serves no purpose in certificates that only carry DNS names.
--
Viktor.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
