[cabfpub] RFC6125 and Subject Alternative Name Ballot request.
Steve Roylance
steve.roylance at globalsign.com
Wed Oct 17 16:36:14 UTC 2012
Hi Adam,
Brad is right. The current BR 1.1 for subjectAltName contains:-
9.2.1 Subject Alternative Name Extension
Certificate Field: extensions:subjectAltName
Required/Optional: Required
Contents: This extension MUST contain at least one entry. Each entry MUST
be either a dNSName containing the
Fully-Qualified Domain Name or an iPAddress containing the IP address of a
server..
It was reworded that's all.
Steve
On 17/10/2012 15:23, "Adam Langley" <agl at google.com> wrote:
>On Tue, Oct 16, 2012 at 3:32 PM, Steve Roylance
><steve.roylance at globalsign.com> wrote:
>> I've attached an updated v1.1 so people can see where it all fits in
>>and the
>> text itself as a separate file. Word and PDF versions.
>
>"Each subjectAltName entry MUST be a Domain Name or IP Address"
>
>Really? We want to ban all other types of certificates? The Baseline
>states that its scope is "authenticating servers accessible through
>the Internet" but Jabber already specifies the use of SRVNames (RFC
>6125).
>
>(I know that Baseline goes on to say that "IM" is not in scope, but
>either that meant some form of personal IM certificate, or it's
>contradicting itself.)
>
>
>Cheers
>
>AGL
More information about the Public
mailing list