On Fri, 4 Mar 2022 14:59:54 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> Please review this change to fully support RFC 6125 in the TLS > implementation. This change forbids wildcard domains in TLS certificates > unless the wildcard is in the left-most component. Certificates of this > nature should be rare and are not allowed per the CABForum baseline > requirements. However there may be a small compatibility risk associated with > this change, so a CSR has also been filed. About the CSR, did you have a plan to update the "Endpoint Identification Algorithms" in the [Java Security Standard Algorithm Names](https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#endpoint-identification-algorithms) documentation? Currently, the "HTTPS" name is defined for RFC 2818. With this update is may be worth to mention the compliant to RFC 6125, like HTTPS | RFC 2818, compliant with RFC 6125 ------------- PR: https://git.openjdk.java.net/jdk/pull/7697