On 2017-11-14 10:27, Brian Campbell wrote:
> The expectation/assumption is that the SubjectDN would be a stable
> identifier through re-issuance of certificates, regardless of whether
> they be short or long term. We've had basically this as a product
> feature for years and use of the SubjectDN
The expectation/assumption is that the SubjectDN would be a stable
identifier through re-issuance of certificates, regardless of whether they
be short or long term. We've had basically this as a product feature for
years and use of the SubjectDN as the identifier hasn't been an issue. And
it's not
So I reviewed the security considerations text which basically sais
that the server can avoid being spoofed by managing its set of trust
anchors. The text is better than nothing.
However this lead me to ask another question about the use of
SubjectDN as an identifier for the subject in client met