On 20/11/16 05:45, Ryan Sleevi wrote: <snip>
For example, redacting the commonName, as proposed by Clint, might simply be addressed by requiring that redacted domain labels respect the deprecation notice from RFC2818 and furthered by RFC6125 - namely, don't use commonName for DNS names, use the subjectAltName. If systems that need redaction can't support it, perhaps the cost should be born by updating these systems to reflect the past 18 years of deprecation notices of commonName (see https://tools.ietf.org/html/draft-ietf-tls-https-00#section-3.1 , which became 2818)
We've flip-flopped several times on this topic during the last several years' worth of discussions on redaction.
See here, for example: https://trac.ietf.org/trac/trans/ticket/17 -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
