The only place 5280 goes into great detail about matching is with internationalized names. I don't think it specifies any specific rules for matching the iPaddress within a subjectAltName. This is left up to the definition by the application making use of the certificates. I'm not sure we need to standardize matching behavior unless it affects the representation within the certificates (for example including wildcards in the identities).
Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards > Sent: Wednesday, May 28, 2008 8:41 AM > To: [email protected] > Subject: [Syslog] -transport-tls references to "matching rules" > > Hi, > > -transport-tls refers (as [3] to RFC 5280), e.g. "Matching > for certificate credentials is performed using the matching > rules specified by [3]." I am revisiting 5280 to find the > matching rules for ipAddress. However, this is a nearly 150 > page document and I admit I do not know its ins and outs. It > would be really helpful if a section is mentioned inside the > reference so that one can quickly look up the rules. > > And, a hopefully quick question, where do I find the rules > for ipAddress? I was unable to bring it up on a quick look. > > Thanks, > Rainer > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
