Peter Saint-Andre wrote: > > > > > I did issue server certs for wildcard substring matching when I > > implemented rfc-2818, though -- and I consider it likely that other > > implementors did this as well. > > That's nice, but not directly relevant to the current discussion because > the I-D that Jeff and I have worked on does not override, supersede, or > obsolete RFC 2818 or any other prior art about matching rules for > application server identity.
I strongly disagree. the -09 wording: The client MUST fail to match a presented identifier in which the wildcard character is contained within a label fragment (e.g., baz*.example.net is not allowed and MUST NOT be taken to match baz1.example.net and baz2.example.net) attempts to invalidate rfc-2818 through the use of "MUST NOT". http://www.ietf.org/mail-archive/web/certid/current/msg00458.html -Martin _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
