It seems that there is general requirement for URI matching. URIs are not only used in subjectAltName, but are used in X.500 in general, i.e., for RFID support. Defining uniformResourceIdentifier as just an IA5String may also be a simplification.
Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: [email protected] Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ -----Oprindelig meddelelse----- Fra: [email protected] [mailto:[email protected]] På vegne af Scott Cantor Sendt: 1. april 2010 01:47 Til: [email protected] Emne: [Spam] Re: [certid] URI match >> So, without defining further constraints an URI in subjAltnames is >> rather useless, isn't it? > > No, because we're trying to be inclusive regarding SANs at this point, > and SIP certificates (as one example) prefer uniformResourceIdentifier. > > However, I will work to clean this up some more in -04. Somewhat paraphrasing a question that I think was asked at the app area open meeting last week, is it the intention to encourage new protocols/services that adopt/reference this proposal to favor matching based on URIs where possible or appropriate? That's something I'm in favor of, and I think worrying about what users think they're connecting to is really beside the point; users don't get this stuff. Our software is supposed to do the right things for them so that they don't have to. -- Scott _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
