> The problem is that, having done this, can we use the result in SNI?
> The answer is mostly no. That's why there was some push to do something SNI
> compatible, which means it has to look like a dNSName.
And pedantically the answer is it looks like an unqualified DNS name, which is
not what the SNI is supposed to be, per RFC 6066:
HostName" contains the fully qualified DNS hostname of the server, as
understood by the client.
Now, you can twist the wordsmith away things, given that there are various
ambiguities such as "as understood by the client" and "TLS MAY treat the
provided server names as opaque ..." But I think you're really contorting
things into an indefensible position. Be honest. The document should say "put
the EUI64 in the CN part of the Subject DN" which is compliant, and then say
"the client MAY send the EUI64 in the TLS SNI, even though this violates the
TLS RFCs."
_______________________________________________
Uta mailing list -- uta@ietf.org
To unsubscribe send an email to uta-le...@ietf.org
