Per the BCP, section 3.3 on Certificate Name Check conventions, the Note
says that "except with certificate usage 3, where name checks are not
applicable (see section 4.1) ....."
Section 4.1 is presently empty. Is there a notion of populating the
Type Specific DANE Guidelines in section 4?
From all the above I take it to mean that if the Subject Alt Name in
the TLS Server served certificate differs from the domain name in the
TLSA record (for example it offers an email address instead of a DNS
label or wildcard), it doesn't matter because we don't check it.
Cheers,
Stephen.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
