At 7:09 AM +0100 2/24/09, Kaspar Brand wrote:
>Kyle Hamilton wrote:
>> Removal of support for wildcards can't be done without PKIX action, if
>> one wants to claim conformance to RFC 3280/5280.
>
>Huh? Both these RFCs completely step out of the way when it comes to
>wildcard certificates - just read the last paragraph of section
>4.2.1.7/4.2.1.6. PKIX never did wildcards in its RFCs.
Which says:
Finally, the semantics of subject alternative names that include
wildcard characters (e.g., as a placeholder for a set of names) are
not addressed by this specification. Applications with specific
requirements MAY use such names, but they must define the semantics.
At 10:50 PM -0800 2/23/09, Kyle Hamilton wrote:
>RFC 2818 ("HTTP Over TLS"), section 3.1.
RFC 2818 is Informational, not Standards Track. Having said that, it is also
widely implemented, and is the main reason that the paragraph above is in the
PKIX spec.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
