DNS-ID vs. dNSName #31

hannestschofenig · 2023-10-22T15:02:20Z

If the EUI-64 format is used to identify the subject of an end entity certificate, it MUST be encoded in a subjectAltName of type DNS-ID as a string of the form HH-HH-HH-HH-HH-HH-HH-HH where 'H' is one of the symbols '0'-'9' or 'A'-'F'.

Michael:
"DNS-ID" is not how 5280 calls it...
It uses dNSName.
I'm not sure I'd agree with dNSNAME, and you'll see that we tried to get something similar past RH on RFC8994, and wound up having to use otherName.

Thomas:
yeah, this bit reuses bits of RFC6125 glossary, which I thought was established terminology:

DNS-ID = a subjectAltName entry of type dNSName; see [PKIX]

Michael:

okay, that's news to me that we can call it the extension DNS-ID. I thought that was the check. And, I don't see how an EUI-64 going to pass a DNS-ID check.

The text was updated successfully, but these errors were encountered:

thomas-fossati · 2024-09-02T14:18:37Z

ACTION: cross-check this against RFC9525 (which updates 6125)

mcr · 2024-11-18T15:20:19Z

closed by #53

thomas-fossati added the cert certificate profiling label Nov 13, 2023

thomas-fossati self-assigned this Sep 2, 2024

mcr closed this as completed Nov 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DNS-ID vs. dNSName #31

DNS-ID vs. dNSName #31

hannestschofenig commented Oct 22, 2023

thomas-fossati commented Sep 2, 2024

mcr commented Nov 18, 2024

DNS-ID vs. dNSName #31

DNS-ID vs. dNSName #31

Comments

hannestschofenig commented Oct 22, 2023

thomas-fossati commented Sep 2, 2024

mcr commented Nov 18, 2024