On 05/13/2008 2:47 PM, Dave Cridland wrote: > On Tue May 13 20:37:39 2008, Justin Karneges wrote: >> On Tuesday 13 May 2008 11:40 am, Dave Cridland wrote: >> > On Tue May 13 19:29:33 2008, Justin Karneges wrote: >> > > Two sets? >> > >> > Yes. One that says "If any xmppAddr is present, use only xmppAddr", >> > another that says "but fallback to dNSName". This is okay as long as >> > both ends know which identities are authenticated. >> >> 3920, section 14.2, case #1 essentially says that if the xmpp field is >> present >> then use it, otherwise fall back to dNSName (and then commonName). >> Where is >> the other set of rules? >> >> > Hmmm... I suppose you could read that as the method for checking > certificates, and 6.4.2 as the method for generating them. I think both > could be a lot clearer, though.
The text in bis-04 is out of date with the emerging consensus, which is why it needs to be seriously revised or replaced. I need to find time to crank out bis-05... Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
