On Fri, Mar 10, 2017 at 7:33 AM Martin Rex <[email protected]> wrote: > CABrowser-Forum defines the rules which browsers implemenent on > top of rfc2818 section 3.1 server endpoint identity checks > of server certificates.
This is neither accurate nor correct. The CA/Browser Forum neither describes nor dictates browser behaviour. Perhaps you are thinking RFC 6125, but since you've stated this multiple times, I can only believe this is an honest mistake, but one that deserves calling out. btw. SNI explicitly excludes IPv4 and IPv6 address matching that > is defined in rfc2818 section 3.1 as alternatives to DNS Hostname > matching. Could you clarify the relevance of this to the discussion? While it serves as a useful reminder for those who may have forgotten, I'm at a loss as to how this has any relevance or impact to the conversation thus far or the discussion of tradeoffs, so I must be missing something quite basic. > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
