I would consider this to be an application specific behavior and not part of the general validity processing that would be part of 5280. If it was to happen anyplace I think this is where it should be recommended.
I don't however believe that it should necessarily be recommended anywhere as a practice. jim > -----Original Message----- > From: Peter Saint-Andre [mailto:[email protected]] > Sent: Thursday, September 30, 2010 12:28 PM > To: Jim Schaad > Cc: 'Matt McCutchen'; [email protected] > Subject: Re: [certid] CN-ID and name constraints > > On 9/29/10 4:20 PM, Jim Schaad wrote: > > > It was my understanding of this that the request was that the DNS name > > constraints be applied to a CN-ID that is being treated as a DN. This > > would not be standard 5280 behavior. > > That's a nice short summary of the issue. It seems to me that defining such > behavior might be within scope for an update to RFC 5280, but not for the > server-id-check document (since it is by no means intended to update RFC > 5280!). > > Peter > > -- > Peter Saint-Andre > https://stpeter.im/ _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
