On Thu, Apr 01, 2010 at 11:53:14AM -0600, Peter Saint-Andre wrote:
>
> > Another way around this is to use URI/SRVName, but also have a
> > dNSName that includes an "application specific server name" which
> > might need to be locally configured in the client. See:
> >
> > http://www.ietf.org/mail-archive/web/apps-discuss/current/msg00935.html
>
> Shumon, including SRV query names in dNSName seems novel to me. Is that
> specified or recommended anywhere? Why not use SRVName instead and leave
> dNSName as a pure domain name?
>
> Peter
Yup, that is novel, and needs more discussion, so I agree with you.
So the first example I proposed in that note is what I would deploy:
dNSName mail.example.com
otherName SRVName _imap.example.org
I wouldn't put "example.com" in dNSName, because then it didn't
constrain that certificate to only the IMAP service. Although I
fully expect some sites wouldn't care.
--Shumon.
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
