[cabf_validation] SRV - Other Names Ballot
Ben Wilson
ben.wilson at digicert.com
Fri May 19 13:35:24 MST 2017
Following up on our WG discussion earlier this week, and to keep this
discussion going, here is what was proposed a while ago by Jeremy as a valid
SAN entry.
Amending BR Section 7.1.4.2.1 -
otherName with SRVName { 1.3.6.1.5.5.7.0.18.8.7 } type-id
The subjectAltName MAY include one or more SRVNames (as defined in RFC4986)
as an otherName entry with the SRVName type-id. The CA MUST verify the name
portion of the entry in accordance with Section 3.2.2.4. SRVName entries
MUST NOT contain Wildcard Domain Names. If a Technically Constrained
Subordinate CA Certificate includes a dNSName constraint but does not have a
technical constraint for SRVNames, the CA MUST NOT issue certificates
containing SRVNames from the Technically Constrained Subordinate CA
Certificate. A Technically Constrained Subordinate CA Certificate that
includes a technical constraint for SRVNames MUST include permitted name
subtrees and MAY include excluded name subtrees.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170519/eb06321f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20170519/eb06321f/attachment.bin>
More information about the Validation
mailing list