I presented this at SECDISPATCH, which said “get thee to UTA”
The draft is short, five pages, and updates RFC 6125 as described below. 6125
was AD sponsored.
The draft below addresses some feedback given during the SECDISPATCH session.
Name: draft-rsalz-use-san
Revision: 01
Title: Update to Verifying TLS Server Identities with
X.509 Certificates
Document date: 2021-03-13
Group: Individual Submission
Pages: 5
URL: https://www.ietf.org/archive/id/draft-rsalz-use-san-01.txt
Status: https:/datatracker.ietf.org/doc/draft-rsalz-use-san/
Html: https://www.ietf.org/archive/id/draft-rsalz-use-san-01.html
Htmlized: https://tools.ietf.org/html/draft-rsalz-use-san-01
Diff: https://www.ietf.org/rfcdiff?url2=draft-rsalz-use-san-01
Abstract:
In the decade since [RFC6125] was published, the
subjectAlternativeName extension (SAN), as defined in [RFC5280] has
become ubiquitous. This document updates [RFC6125] to specify that
the fall-back techniques of using the commonName attribute to
identify the service must not be used. This document also places
some limitations on the use of wildcards in SAN fields.
The original context of [RFC6125], using X.509 certificates for
server identity with Transport Layer Security (TLS), is not changed.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
