On Mon Sep 13 18:59:03 2010, Stefan Santesson wrote:
I agree here. Both to this and to former speakers stating that the
assertion
is made by the CA and no the subject.
Well, I'd say the assertion is the presence of the SAN in the cert. I
mean, an assertion is a positive statement made *without* evidence.
The evidence is then the signature of the issuer, who certifies the
assertion - it doesn't matter who makes that assertion. But anyway,
that's somewhat moot, and as Shumon points out, we needn't care about
who authorized what unto whom.
I'm struggling with the most easy to understand text, but I think
this says
at least the correct thing:
"A DNS domain name, representing a domain for which the
certificate
issuer has asserted that the certified subject is a
legitimate
provider of the identified service."
"The requested DNS domain name for the specified service. That is,
the domain name which would be found in the URI for the service, and
other protocol identifiers of a similar nature. Where the service is
directly requested by hostname, this domain name would be the
requested hostname."
I think that covers all the cases I'd expect by example, without
worrying about who's asserting and certifying. No doubt someone will
reword with a sprinkling of 2119.
Dave.
--
Dave Cridland - mailto:dave(_at_)cridland(_dot_)net -
xmpp:dwd(_at_)dave(_dot_)cridland(_dot_)net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf