On 3/30/11 11:45 PM, Matt McCutchen wrote: > On Wed, 2011-03-30 at 23:00 +0200, Peter Saint-Andre wrote: >> I think that this is a matter of local policy -- a client could prefer >> SRV-IDs yet still accept DNS-IDs, and as far as I can see that behavior >> is not expressly forbidden by the spec. > > "Prefer" is vague. Specifically, I would like the client to accept a > DNS-ID if and only if the certificate contains no SRV-IDs. How is this > accommodated within the framework of the spec? Clearly the reference > identifier must contain a DNS-ID.
Ah, I see the confusion. MUST has been changed to SHOULD in order to be consistent with what I have called the inclusion approach. If we were to change over to the conditional approach, we could have left DNS-ID as MUST, but as I said in my previous message that would have required very significant changes to the spec during AUTH48. If you'd like I can post the full list of changes, but it is midnight here in Prague and I have a lot of preparation to do for tomorrow's working group sessions, so I simply don't have time right now. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
