On 2015-12-15 15:55, Phillip Hallam-Baker wrote: > On Tue, Dec 15, 2015 at 9:39 AM, Salz, Rich <[email protected]> wrote: > >> >>> There's SRVName from https://tools.ietf.org/html/rfc4985 which in theory >>> already can be applied to https already. SRVNames are used in the XMPP >>> world a lot, maybe other places as well. >> >> But you can't put a SRVName in a certificate SAN field, can you? > > > Actually you can. The SRV label is simply a DNS name. That is arguably the > only way that you can legitimately create service specific certs in the > WebPKI.
Almost, but SRVname has its own OID, so it's not the same as a DNSName. But they live among the other SAN fields. -- Kim "Zash" Alvefur
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
