We’re willing to continue talking through those issues in an attempt to reach a solution. I do think SRVNames would be a useful improvement. For us, the lack of movement has had more to do with time constraints than technical constraints!
While SRVNames do offer a way to scope the authority to a particular service (on any port), there's been no movement towards adopting them in the CA/Browser Forum, due to the issues they would have with technically constrained sub-CAs.
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public