Thanks for the feedback Yaron!
* The DTLS reference should change to DTLS 1.3.
Updated. Fun factoid, RFC6347 (dtls 1.2) is not RFC9147, 1800 apart. (
* See Appendix A of [VERIFY]
Fixed.
* The rules are brief - it's not clear from the text if this is a summary
of the totality of the new RFC, or just the changes from the previosu version
Hopefully more clear now.
Here's the diff, also available at
https://github.com/richsalz/draft-ietf-uta-rfc6125bis/pull/50
diff --git a/draft-ietf-uta-rfc6125bis.md b/draft-ietf-uta-rfc6125bis.md
index 1a8fbdd..0c8b011 100644
--- a/draft-ietf-uta-rfc6125bis.md
+++ b/draft-ietf-uta-rfc6125bis.md
@@ -44,7 +44,7 @@ informative:
ALPN: RFC7301
DNS-CASE: RFC4343
DNSSEC: RFC4033
- DTLS: RFC6347
+ DTLS: RFC9147
EMAIL-SRV: RFC6186
NAPTR: RFC3403
NTS: RFC8915
@@ -195,9 +195,10 @@ to verify the entire certification path as per {{PKIX}}.
The previous version of this specification, {{VERIFY}}, surveyed the
then-current
practice from many IETF standards and tried to generalize best practices
-(see Appendix A {{VERIFY}} for details).
+(see Appendix A of {{VERIFY}} for details).
+
This document takes the lessons learned since then and codifies them.
-The rules are brief:
+The rules defined here are brief:
* Only check DNS domain names via the subjectAlternativeName
extension designed for that purpose: dNSName.
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
