My apologies for commenting before having caught up on the whole thread (I've been pretty sluggish all week and don't want to get even further behind.)
On Sat, Jun 27, 2020 at 03:58:21PM -0700, Eric Rescorla wrote: > > Taking a step back from the substantive issue, it seems to me that to the > extent to which their is debate about the meaning of 5280, this is a > discussion which cannot be resolved entirely on this list, but instead > needs to involve the LAMPS WG. This has been a key point that I've (apparently) been failing to make very well so far. E.g., while the ANIMA WG has presumably reached consensus on the use of rfc822Name years ago, I think we also need consensus from LAMPS before we can be confident that there is IETF consensus. Also, making even another step back, it seems that there is a key issue of the CA model in play here, namely "know what you sign". If we are asking a CA to sign an rfc822Name, which the CA treats as having email semantics, but we assign different semantics to that name, then the CA is not actually in knowledge of what it's signing. Accordingly, the CA incurs significant (e.g., legal and financial) risk by making those signatures, and defining the field in this way gives the impression that we are trying to make an end-run around CA policies. -Ben _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
