> Agreed, but that doesn't mean the ACME server has to check for such a SAN.
Agreed. > So I say keep the client-side part of the spec the same, but change item > three of the server-side part to say: > > "Verify that the certificate contains a subjectAltName extension containing a > dNSName entry of SAN B. The comparison MUST be insensitive to case and > ordering of names." In other words, follow the rules of subjectAltName per the RFC. So perhaps strike the last sentence. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
