Hi Stephen, On 20/11/2015 12:53, Stephen Farrell wrote: > > Hiya, > > Sorry for being slow getting this done. My AD review of this > is below. Please consider my comments as last call comments. > I have requested last call for this one so you should see the > announcement of that shortly.
Thank you for your comments. > - section 3, first list, bullet 1: what's option (c) there mean? > wasn't clear to me. This is a reference to DNSSEC/DANE or similar mechanisms, without having an explicit reference to them. > - typo: "an email server certificates" Fixed, thank you. > - section 3, 2nd list, bullet 3 - is that MUST NOT really needed? if > URIs are not used, might it be better to be silent? (In case someone > does figure out a use?) I did this mostly because RFC 6125 mentions them. A document that figures out how to use them can update this document ;-)? > - section 3, 2nd list, bullet 4 - afaik, CN is what is mostly > actually used. Shouldn't we recognise that reality with more than a > MAY? It's been more than a decade since PKI folks started to want to > not use CN and that's just not worked. (Or am I wrong and CAs/MUAs > are finally seeing CN not used?) I don't mind switching from MAY. If you can suggest some specific text to add (other than just switching from MAY to something else), let me know. Best Regards, Alexey _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
