On Wed, Jun 30, 2010 at 05:51:58PM +0200, Martin Rex wrote: > > While CN-ID and DNS-ID have exactly the same scope (hostname) > SRV-ID and URI-ID have a more restrictive scope. Does a combination > make sense? Or do we expect that to happen only during migration > from a currently used CN-ID or DNS-ID to a SRV-ID or URI-ID? > Keep in mind that "flag days" where the _entire_ installed base is taken down, > changed/updated and put back up, are difficult and rare in practice.
My take is the combination makes sense primarily for migration periods (which might be long in some cases). > Should CN-ID or DNS-ID be entirely ignored when SRV-ID or URI-ID is > found and understood/used by a client for server endpoint identification? > in the sense that SRV-ID and URI-ID supersede CN-ID or DNS-ID for the > clients which understand them? Yes, I think so. I think the draft already specifies a preference order putting SRV-ID and URI-ID ahead of the DNS-ID/CN-ID. --Shumon. _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
