Hi Jeff,
On 02/02/2016 00:54, =JeffH wrote:
Hi Alexey,
I was taking a look at wrt draft-ietf-uta-email-tls-certs and noted that
it says this in Section 3..
[...]
Matching is performed according
to the rules specified in Section 6 of [RFC6125], including the
relative order of matching of different identifier types,
"certificate pinning" and the procedure on failure to match. The
following inputs are used by the verification procedure used in
[RFC6125]:
[...]
The rules and guidelines defined in [RFC6125] apply to an email
server certificate, with the following supplemental rules:
[...various supplemental rules to add to those defined in RFC6125.. ]
..thus I am curious as to why draft-ietf-uta-email-tls-certs does not
officially update RFC6125 -- should it not (in addition to updating four
other RFCs as it notes) ?
"Supplemental rules" are inputs to RFC 6125 procedure (such as use of
wildcards, use of CN-ID, etc.). I don't think the document updates RFC
6125. If you think something better than "supplemental rules" should be
used in this context, please let me know.
Best Regards,
Alexey