At 1:53 PM -0600 6/30/10, Peter Saint-Andre wrote: >Upon further reflection, I think there are two dimensions here: > >1. From the client's perspective, some names are direct (provided by the >user = DNS-ID, CN-ID, URI-ID) and some names are indirect (resolved by >the client based on the input provided by the user = SRV-ID). This >dimension matters for verification. > >2. From the service provider's persective, some names are unrestricted >(can be used in any application = DNS-ID and CN-ID) and some names are >unrestricted (can be used in only one kind of application = SRV-ID and >URI-ID). This dimension matters for issuance.
That should be "...and some names are restricted (can be used in only...". But, yes, this is a good distinction. >I'll work to formulate this distinction more carefully in text that can >be included in the spec. That would help implementers (and hopefully CAs) a lot. --Paul Hoffman, Director --VPN Consortium _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
