> It seems that there is general requirement for URI matching. URIs are not > only used in subjectAltName, but are used in X.500 in general, i.e., for > RFID support. Defining uniformResourceIdentifier as just an IA5String may > also be a simplification.
However, matching on URI makes a lot more sense as a certificate constraint if you also stop at that point rather than continuing to DNS or CN-based matching. If you just keep going, it's not worth much. I think it's very sensible to use URIs only but if that's not consistent with the intent of the draft, it's probably a simplification to just advise against it or leave it out. -- Scott _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
