On Sun, Mar 23, 2008 at 10:58:58AM +0000, Alexey Melnikov wrote: > > > Have you compared this to recommendations in > draft-hodges-server-ident-check-00.txt? This draft has some extra > recommendation about internationalized domain names (IDN).
Thanks for the pointer. That looks reasonable to me. If it gets published, 3920bis could reference that, and then add supplementary text for the the additional application specific checks, eg. what subjectAltName fields specifically to check and how. I would be okay with either SRVName or URI as a means to solve the application specific identity problem. > Also, draft-hodges-server-ident-check-00.txt prohibits wildcard checks > in CNs (case c). Hmm, personally I'm okay with this too (I've never been a fan of wildcards certs anyway). Unfortunately, the most likely case of seeing a wildcard today happens to be in the CN, so I would anticipate others might object to it .. --Shumon.
