On Wed, 2011-03-30 at 23:51 +0200, Peter Saint-Andre wrote: > On 3/30/11 11:45 PM, Matt McCutchen wrote: > > On Wed, 2011-03-30 at 23:00 +0200, Peter Saint-Andre wrote: > >> I think that this is a matter of local policy -- a client could prefer > >> SRV-IDs yet still accept DNS-IDs, and as far as I can see that behavior > >> is not expressly forbidden by the spec. > > > > "Prefer" is vague. Specifically, I would like the client to accept a > > DNS-ID if and only if the certificate contains no SRV-IDs. How is this > > accommodated within the framework of the spec? Clearly the reference > > identifier must contain a DNS-ID. > > Ah, I see the confusion. MUST has been changed to SHOULD in order to be > consistent with what I have called the inclusion approach.
I'm not referring to the change in the document. I meant that the goal of accepting a DNS-ID in the case that the certificate contains no SRV-IDs is impossible to achieve unless the (fixed) list of reference identifiers contains a DNS-ID. With that clarification, consider my message. -- Matt _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
