Architecturally, Rich is nailing it. We should be encouraging the use of SANs. However, use of SANs beyond the scope of the web may not be entirely ubiquitous, and so we should either be a bit more targeted, or slow roll the other uses with some backward compatibility language. Personally I like the latter approach. We shouldn’t hold up deprecation across the web due to the other uses, but we should encourage those other uses to move off of subject.
If Rich and others are ok with that, I’m all for adoption. By way of example, IEEE 802.1AR allows for the use of the subject, and some of those certs are extremely long lived. One thing we should do is liaise this draft to the 802.1 committee so that they can prepare their base, and get their feedback about how to roll out this change. For libraries like OpenSSL I wouldn’t mind throwing in a new flag, for instance, that would be required to validate a cert based on the subject. That would help these other uses get over the hump over time; perhaps even with a warning of some form emitted. Eliot > On 14 Mar 2021, at 15:47, Valery Smyslov <[email protected]> wrote: > > Hi, > > this message starts 2 weeks formal adoption call for draft-rsalz-use-san. > The call will end on Sunday 28 March. > > The draft has already received some support for adoption, of course it'll be > counted. > > Regards, > Valery (for the chairs). > > _______________________________________________ > Uta mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/uta > <https://www.ietf.org/mailman/listinfo/uta>
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
