#56: "*" domain labels MUST NOT be redacted
Comment (by [email protected]): The current text of 6962-bis says: 'When creating a Precertificate, the CA MAY substitute one or more of the complete leftmost labels in each DNS-ID with the literal string "(PRIVATE)".' On the mailing list we considered relaxing the "complete" and/or "leftmost" requirements, but everyone seems to agree that both of these requirements should remain. Peter Bowen suggests that... '...if the left most label is exactly "*", then it is considered redacted for the purposes of determining if the label to the right may be redacted. That would allow *.?.?.example.com to be an allowable redaction.' (Note: Peter's example assumes that we will change the redaction label from "(PRIVATE)" to "?", as proposed in ticket #54). -- -------------------------------------+------------------------------------- Reporter: | Owner: draft-ietf-trans- [email protected] | [email protected] Type: defect | Status: new Priority: major | Milestone: Component: rfc6962-bis | Version: Severity: - | Resolution: Keywords: | -------------------------------------+------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/56#comment:1> trans <http://tools.ietf.org/trans/> _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
