On 21/03/16 11:49, Rob Stradling wrote: > What would be the downside of saying that subject:commonName, if > included in the cert, MUST contain either the A-label form or U-label > form of one of the SAN:dNSName values?
Converting using IDNA2003 or IDNA2008? :-)) In a data structure designed for computer consumption, why would you not want to write the computer-readable, as opposed to human-readable, version of the label? My security spider-sense tells me that allowing multiple "equivalent" forms of a name in a security context, rather than requiring a single canonical form, is a good way of getting nasty bugs. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
