Justin Karneges wrote:
On Tuesday 03 June 2008 9:58 am, Peter Saint-Andre wrote:
15.2.1.1.4. Common Name
A server's domain identifier MUST NOT be represented as a Common
Name; instead, the Common Name field MUST be reserved for
representation of a human-friendly name.
I don't think we need to make this assertion. There's no mention of Common
Name in any of the validation rules that follow, so that would mean the field
is effectively unused for XMPP anyway.
If for some reason we want to help encourage proper use of the Common Name
field, let's go with "SHOULD NOT".
I was about to suggest the same. People will ignore MUST NOT, if they
can't comply with it for practical reasons.
I think "MUST NOT" is too ambitious here,
when many servers (or CAs for that matter) still actively populate the Common
Name with the domain and it would be too much to consider all of those certs
non-compliant for XMPP.
+1.
