On 20/11/15 14:18, Kathleen Moriarty wrote: >>> >>> - section 3, 2nd list, bullet 4 - afaik, CN is what is mostly >>> actually used. Shouldn't we recognise that reality with more >>> than a MAY? It's been more than a decade since PKI folks started >>> to want to not use CN and that's just not worked. (Or am I wrong >>> and CAs/MUAs are finally seeing CN not used?) > Hmm, they were used in all of the CAs I set up and certificates I > have needed to use, adding the host name there. Sometimes there were > CNAMEs added in an extension. What are you seeing used instead of > CN/DN?
Yeah, CN seems to still be ubiquitous, though Alexey reminded me (off list) that the dNSName SAN is also widely used. So all in all section 4 is probably ok, if we consider the SRV stuff as something we'd like to see deployed, but have yet to see deployed. S. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
