Thanks for your feedback, Ryan and Alexey. I basically did what you suggested.
I share your concerns about the public suffix list. Does the WG have any thoughts? FYI, Ryan wrote this: * I'm a little sad any time there is a new dependency on the public suffix list, even informative :) I realize the point is to say it's out of scope, and alternative language, such as "wildcard that spans multiple domain administration boundaries" is as clear as mud and reads like a mouthful of marbles. My main concern/consideration is that the whole "wildcards and PSL" is messy (all the more reason to keep it out of scope!), although I worry folks will read this and think "Oh, this is a hint to use the PSL, nudge and wink" Alexey convinced me ALPN is out of scope, it’s more about “how to use TLS in applications” :) not this specific document. I still would like comments on the last paragraph of the section: * To accommodate the workaround that was needed before the development of the SNI extension, this specification allows multiple DNS-IDs, SRV-IDs, or URI-IDs in a certificate. Should that go away now? If so, that will have ripple effects. Perhaps just add that this MAY be the equivalent of multiple names, could enable cross-protocol attacks, and should be avoided unless necessary? The revised section is at https://github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/29<https://urldefense.com/v3/__https:/github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/29__;!!GjvTz_vk!HHlppXFTHBLKDYGimeX_L_WlwrRZzdDoVGRUTvmJdFazL5odZ53M_SBLIYdj$>
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
