Nelson B Bolyard wrote: > > Likewise, if I go to https://home/ and get a "home" page for some > enterprise, what assurances have I really been offered?
None, since your browser cannot check whether home is a fully-qualified domain name. > Does this bother any one else ? Yes. > Should Mozilla's policy speak to any of these issues? Yes. RFC 2818 (only INFORMATIONAL) references RFC 2459 concerning matching rules which was obsoleted by RFC 3280 which was recently obsoleted by RFC 5280. RFC 5280 references "Preferred name syntax" in RFC 1034. Glancing over these documents I found no provision that the dNSName in subjectAltName MUST specify a fully-qualified domain name. But maybe this issue should raised on the ietf-pkix mailing list. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto