On Fri, Jan 17, 2020 at 07:40:43AM -0800, Alexey Melnikov via Datatracker wrote: > Alexey Melnikov has entered the following ballot position for > draft-ietf-intarea-provisioning-domains-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > This is a well written document, but I have a small set of issues I would like > to discuss: > > 4.4. Detecting misconfiguration and misuse > > When a host retrieves the PvD Additional Information, it MUST verify > that the TLS server certificate is valid for the performed request > (e.g., that the Subject Alternative Name is equal to the PvD ID > expressed as an FQDN). > > The last sentence is not right: you should say “one of Subject Alternative > Names is equal to ... “ because a server certificate can have multiple Subject > Alternative Names.
Is there a reason to not use the DNS-ID terminology of RFC 6125? -Ben _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
