Update to Verifying TLS Server Identities with X.509 Certificates
draft-rsalz-use-san-01

Document Type Replaced Internet-Draft (uta WG)
Author Rich Salz 
Last updated 2021-03-29 (latest revision 2021-03-13)
Replaced by draft-ietf-uta-use-san
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-uta-use-san
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-rsalz-use-san-01.txt

Abstract

In the decade since [RFC6125] was published, the subjectAlternativeName extension (SAN), as defined in [RFC5280] has become ubiquitous. This document updates [RFC6125] to specify that the fall-back techniques of using the commonName attribute to identify the service must not be used. This document also places some limitations on the use of wildcards in SAN fields. The original context of [RFC6125], using X.509 certificates for server identity with Transport Layer Security (TLS), is not changed.

Authors

Rich Salz (rsalz@akamai.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)