Sent from my iPhone
> On 18 Jan 2020, at 02:58, Benjamin Kaduk <ka...@mit.edu> wrote: > >> On Fri, Jan 17, 2020 at 07:40:43AM -0800, Alexey Melnikov via Datatracker >> wrote: >> Alexey Melnikov has entered the following ballot position for >> draft-ietf-intarea-provisioning-domains-10: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> This is a well written document, but I have a small set of issues I would >> like >> to discuss: >> >> 4.4. Detecting misconfiguration and misuse >> >> When a host retrieves the PvD Additional Information, it MUST verify >> that the TLS server certificate is valid for the performed request >> (e.g., that the Subject Alternative Name is equal to the PvD ID >> expressed as an FQDN). >> >> The last sentence is not right: you should say “one of Subject Alternative >> Names is equal to ... “ because a server certificate can have multiple >> Subject >> Alternative Names. > > Is there a reason to not use the DNS-ID terminology of RFC 6125? Yes, I would prefer that. Best Regards, Alexey _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area