I realize that this WGLC deadline passed, but maybe I can exploit the fact that
discussion is continuing to ask for one last change (apologies for not writing
this up sooner, I haven't been following closely).
RFC 9110 Section 4.3.5 (https://httpwg.org/specs/rfc9110.html#https.ip-id)
contains
On 6/28/22 11:12 AM, Salz, Rich wrote:
With regard to PKIX certificates, the primary usage is in the
context of the public key infrastructure described in {{5280}}.
In addition, technologies such as DNS-Based Authentication
of Named Entities (DANE) {{RFC6698}} sometimes use
The new text is kind-of normative, but IMO it's a significant improvement over
the old text. Thanks!
On 6/27/22, 22:16, "Peter Saint-Andre" wrote:
On 6/24/22 5:07 PM, Peter Saint-Andre wrote:
>> * Which identifier types a client includes in its list of reference
>> identifiers,
>With regard to PKIX certificates, the primary usage is in the
context of the public key infrastructure described in {{5280}}.
In addition, technologies such as DNS-Based Authentication
of Named Entities (DANE) {{RFC6698}} sometimes use certificates based
on PKIX (more
On 6/27/22 4:33 PM, Peter Saint-Andre wrote:
On 6/27/22 4:27 PM, Viktor Dukhovni wrote:
On Mon, Jun 27, 2022 at 02:37:22PM -0600, Peter Saint-Andre wrote:
It does for the majority of the certificate usages, but in practice
today DANE is primarily used with SMTP, and predominantly with
On 6/28/22 8:14 AM, Viktor Dukhovni wrote:
On Mon, Jun 27, 2022 at 04:31:25PM -0600, Peter Saint-Andre wrote:
I'm not necessarily saying that - I'm saying only that Jeff and I tried
to find a canonical definition of "fully-qualified domain name" and the
best we could do was RFC 1034.
On Mon, Jun 27, 2022 at 04:31:25PM -0600, Peter Saint-Andre wrote:
> >> I'm not necessarily saying that - I'm saying only that Jeff and I tried
> >> to find a canonical definition of "fully-qualified domain name" and the
> >> best we could do was RFC 1034. Alternative proposals are welcome.
> >
>RFC 6125 (and now 6125bis) are not documents about the definition or
enforcement of DNS naming rules, only about client-side matching of
service identifiers presented in X.509 certificates against the client's
conception of what the service ought to be (i.e., against a
