Michael Ströder wrote: > [...] > RFC 2818 (only INFORMATIONAL) references RFC 2459 concerning matching > rules which was obsoleted by RFC 3280 which was recently obsoleted by > RFC 5280. RFC 5280 references "Preferred name syntax" in RFC 1034. > > Glancing over these documents I found no provision that the dNSName in > subjectAltName MUST specify a fully-qualified domain name. But maybe > this issue should raised on the ietf-pkix mailing list.
There's no reason to forbid at that level issuance of certificates that are intended to be used only on an intranet. It should be more the policy of the CA that should either refuse to issue such certificates, or require a written agreement that they are intended only for intranet use. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
