RE: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
How about including:
"Some deployments may require the presence of client and server
authentication extended key usage extensions in certificates. Client
implementations wishing to interoperate in these environments SHOULD
check the server's certificate for an Extended Key Usage field
implementations id-kp-serverAuth (1.3.6.1.5.5.7.3.1) or the special
keyPurposeID anyExtendedKeyUsage. Server implementations wishing to
interoperate in this environment SHOULD check the client's certificate
for an Extended Key Usage field containing id-kp-clientAuth
(1.3.6.1.5.5.7.3.2) or the special keyPurposeID anyExtendedKeyUsage.
Note that these key usage extension identifiers for server and client
authentication are somewhat generic and may not be sufficient to
authorize an entity's role specifically as an EAP-TLS client or server."
Looks good.
> Can someone descirbe a case where there would be more than
> one subjectAltName in a certificate?
> I'm having a hard time wrapping my head around this case.
>
[Joe] The subjectAltName may contain a host name as DNSName and a
manufacturing serial number as an OtherName or perhaps it may contain a
UPN and a SIP URI.
Any recommendations on what we should say about this?
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
