> On Apr 11, 2016, at 8:21 AM, Gervase Markham <[email protected]> wrote: > > On 09/04/16 00:15, Peter Bowen wrote: >> Whereas SRVNames help improve the security of certificates and have a >> globally managed namespace, and > > Sorry to be dumb, but what are these? Bing appears to be of no help.
RFC 4985 (http://tools.ietf.org/html/rfc4985) defines SRVName. It is a name in the format _<service>.<fqdn>. RFC 6125 (https://tools.ietf.org/html/rfc6125) discusses how these can be used. The general concept is that a certificate can be valid for a specific protocol via TLS but not all protocols. In my opinion, it has great potential for making on-host demonstration of control validation appropriately scoped. However we don’t really know if it will be widely used as no one is allowed to issue public certificates with SRVNames. Thanks, Peter _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
