I think the 6125 was explicit about what it covered, and I hope the new version will be more explicit: how to validate server “names” when using PKIX certs and TLS.
Everything else is out of scope. As Viktor said, it’s often local policy. What RFC describes Chrome’s behavior? And why should there be one?
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
