[cabfpub] Draft Ballot - Subject Common and Alternative Names
Peter Bowen
pzb at amzn.com
Mon Apr 11 17:27:24 UTC 2016
> On Apr 11, 2016, at 8:21 AM, Gervase Markham <gerv at mozilla.org> wrote:
>
> On 09/04/16 00:15, Peter Bowen wrote:
>> Whereas SRVNames help improve the security of certificates and have a globally managed namespace, and
>
> Sorry to be dumb, but what are these? Bing appears to be of no help.
RFC 4985 (http://tools.ietf.org/html/rfc4985) defines SRVName. It is a name in the format _<service>.<fqdn>. RFC 6125 (https://tools.ietf.org/html/rfc6125) discusses how these can be used. The general concept is that a certificate can be valid for a specific protocol via TLS but not all protocols. In my opinion, it has great potential for making on-host demonstration of control validation appropriately scoped. However we don’t really know if it will be widely used as no one is allowed to issue public certificates with SRVNames.
Thanks,
Peter
More information about the Public
mailing list