On Mar 26, 2008, at 3:33 PM, Paul Hoffman wrote: > At 11:48 AM -0700 3/26/08, Eric Rescorla wrote: >> At Wed, 26 Mar 2008 10:16:08 -0700, >> Paul Hoffman wrote: >>> >>> Greetings. Robert Sparks mentioned to me that this document is in WG >>> Last Call. I am familiar with PKIX and make these comments based on >> ...snip... >>> subjectAltName. Because of this, I suggest taking out this option >>> everywhere in the document; you'll get much better interoperability >>> if you do. >> >> So, I have no brief for one design or the other, but I think >> we can agree that it's imperative that this work with certs >> from commodity CAs. Has someone published a survey of which >> CAs will give you SAN? > > From what I have heard, all of them will, and all of them that don't > ask "CN or SAN" give them in SAN. I could be wrong, of course. I'll > ask on the PKIX list, and will report back.
OpenSSL can generate SAN. None of my certs have it . Oddly enough, the SAN settings appear to go into the master config file and affect every CSR generated. So you have to reconfigure the software for each CSR generated. Yuck. -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
