But it has to be signed by a CA. If the CA is not happy for you to assert SRV-ID, it should not include SRV-ID in an issued certificate.
Now I'm really confused. Are you saying the SRV-ID is optional? If so, what's the point of it? In nearly all cases, there's no way for a CA to tell what SRV-IDs it should allow, so nobody will use them.
(This is in addition to the problems that a large mail host handles tens of thousands of domains, and the list changes every day.)
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
