My apologies for the delay, I'm just catching up on list traffic here. On 6/10/10 11:55 AM, Scott Cantor wrote: > These are all good arguments (which I subscribe to) for why treating > commercial X.509 as a "successful" trust infrastructure that other identity > standards should be leveraging in place of new approaches is a really, > really stupid idea. > > But I don't think they're relevant to a document describing how one should > verify server identity against X.509 certificate content, particularly with > respect to anything that isn't a CN RDN or a sAN. > > By all means rail against the idiocy of this stuff, and I'll join in since > there are still people pushing it constantly and belittling those who > disagree, but I don't think it needs to be part of this draft.
Agreed. Once again, this draft is not the sole repository for all wisdom regarding certificates, TLS, Internet identifiers, and security protocols in general. I'd love to see more general specifications regarding those topics, but in this draft we're trying to boil just a small harbor, not the entire ocean. Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
