The list admins might want to be aware that this message was truncated
as follows (at least for me and Rich)...
On 6/24/22 10:04 AM, Yaron Sheffer wrote:
So here's a few comments. Thanks Valery for the reminder!
* The DTLS reference should change to DTLS 1.3.
* See Appendix A of [VERIFY]
* The rules are brief - it's not clear from the text if this is a summary of
the totality of the new RFC, or just the changes from the previosu version
In the archive [1], Yaron's message continued as follows...
###
* No definition is given for "FQDN" even though the name being an FQDN
is a major component of the document's scope. Specifically, are
enterprise hostnames (that are not on the public DNS) in scope? Are
.local names?
* Similarly, it is not clear to me whether certs obtained through DANE
are in or out of scope.
* And the same question for delegated credentials (draft-ietf-tls-subcerts).
* The Common Name RDN... can appear more than once in the subjectName.
I'm probably missing something, but how is this different from multiple
server names appearing in SAN when the certificate protects multiple
services?
* XMPP backward compatibility: does the XmppAddr still need to be
mentioned in -bis?
* the service provider SHOULD request [...] an SRV-ID or URI-ID that
limits the deployment scope of the certificate to only the defined
application service type. This is only somewhat accurate, because an
HTTP client would happily accept the DNS-ID, no matter what other
SRV-IDs are found there.
* Which identifier types a client includes in its list of reference
identifiers, and their priority, is a matter of local policy - given the
situation today, can we have a normative recommendation for clients to
be strict in constructing their reference list? If we don't include such
normative text, we're basically telling people to make the easier choice
and build lenient clients.
###
[1] https://mailarchive.ietf.org/arch/msg/uta/244nOnRZdoOEyp-4ML3YPWOdEvs/
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
