Hi Paul,
Paul Hoffman wrote:
1. The certificate MUST include a "DNS-ID" (i.e., a subjectAltName
identifier of type dNSName).
2. If the service using the certificate deploys a technology in
which a server is discovered by means of DNS SRV records
[DNS-SRV] (e.g., this is true of [XMPP]), then the certificate
SHOULD include an "SRV-ID" (i.e., an instance of the SRVName form
of otherName from the GeneralName structure in the subjectAltName
as specified in [SRVNAME]).
If 2 is true, what is the value of the required DNS-ID?
One or more hostname for machines that would provide the specified
service. I.e. most likely some/all hostnames from the output of DNS SRV
lookup, but I can think of some examples where other hostnames can be
used in addition to or instead of these. E.g. a machine on internal
network, hostname of a NAT box, etc.
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
