>> The authors of RFC 6487 can speak for themselves, but I think their >> intent was to avoid requests for "vanity names" (CN="Joe's Pizza" >> instead of CN="4DF2D88957372FF9FDA05C70F2D9E8BA334CFF89"), which >> could be construed as eroding claims that the RPKI attests only to >> things like addresses and autonomous system numbers. > As I recall the discussion at the time was based around a desire to > avoid any implication that the CA was attesting as to the identity of > the subject. i.e. the CA was explicitly not saying that the holder of > the public key was the individual described int subject field (section > 4.5 of RFC6487).
except i vaguely remember a proposal to have there be special privileged names for the certs of the rirs. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
