Hi Michael, On Tue, Jul 16, 2019, at 6:12 PM, Michael Richardson wrote: > Alexey Melnikov via Datatracker <nore...@ietf.org> wrote: > > 1) In Section 5: > > > o In the language of [RFC6125] this provides for a SERIALNUM-ID > > category of identifier that can be included in a certificate and > > therefore that can also be used for matching purposes. The > > SERIALNUM-ID whitelist is collated according to manufacturer trust > > anchor since serial numbers are not globally unique. > > > I think now you are just inventing things. Please define what exactly > > SERIALNUM-ID is. Cut & paste text from RFC 6125, if needed. > > https://github.com/anima-wg/anima-bootstrap/commit/2f4cee70fc583c60a4589c983043a346ac0145ea > > new text reads: > This extends the informal set of "identifer type" values defined in > <xref target="RFC6125" /> to include a SERIALNUM-ID > category of identifier that can be > included in a certificate and > therefore that can also be used for matching > purposes. As noted > in that document this is not a formal definition as > the underlying > types have been previously defined elsewhere. The > SERIALNUM-ID whitelist is collated > according to manufacturer > trust anchor since serial numbers are not globally > unique.
This is actually not helping. I was looking for something like: DNS-ID = a subjectAltName entry of type dNSName Basically I was asking for a definition of SERIALNUM-ID somewhere. Best Regards, Alexey _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima