Version -05 of draft-saintandre-tls-server-id-check has some warning text about Domain Components (DCs). However, the more I delve the matter the less I think that we need to warn people away from using DCs from a security perspective. The problem with them would arise from confusion about the order of DCs based on the string representation, however that kind of confusion is possible for any RDNs and is not limited to DCs (so follow the DER order, not the string order). There might be other reasons to discourage DCs, but so far I have not heard them, so I'm inclined to remove the warnings from -06.
Do speak up if you're concerned about this proposal. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
