Re: PKITS test case 4.13.38 vs RFC 3280

Subject: Re: PKITS test case 4.13.38 vs RFC 3280
From: "Nelson Bolyard" <misterssl@aol.com>
Date: Wed, 21 Jan 2004 15:37:00 -0800
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
In-Reply-To: <5.1.0.14.2.20040121104646.00affc00@email.nist.gov>
Organization: AOL Mountain View
References: <5.1.0.14.2.20040121104646.00affc00@email.nist.gov>


Tim, given the existing text of RFC 3280, and reading it strictly, a 
constraint string of "test.com" would match "my.test.com" and "mytest.com", 
and a constraint string of ".test.com" would match "my.test.com" but not 
"mytest.com".  The RFC does not prohibit the constraint from starting with
a dot.  Hence, it seems that the existing rules already suffice for 
constraints to disallow a case like "mytest.com".

If you change the RFC now, you may break working implementations.

If you do correct the RFC, the rules for this constraint need to be MUCH 
more exactly spelled out.  If (as I expect you will say) the constraint
string MUST NOT begin with a dot, then the RFC MUST say so.  

What about "my..test.com"?  Does it match a constraint of "test.com"? 
The RFC should make this all unambiguous and clear.  

But, IMO, it would be wrong to require that an implementation of this constraint determine that the name being tested is a properly formed 
domain name.  

/Nelson  

-- 
12345678901234567890123456789012345678901234567890123456789012345678901234567890

Follow-Ups:
- Re: PKITS test case 4.13.38 vs RFC 3280
  - From: Sam Roberts <sroberts@certicom.com>

References:
- Re: PKITS test case 4.13.38 vs RFC 3280
  - From: Tim Polk <tim.polk@nist.gov>

Prev by Date: Re: PKITS test case 4.13.38 vs RFC 3280
Next by Date: Re: PKITS test case 4.13.38 vs RFC 3280
Prev by thread: Re: PKITS test case 4.13.38 vs RFC 3280
Next by thread: Re: PKITS test case 4.13.38 vs RFC 3280

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov