did-method-web icon indicating copy to clipboard operation
did-method-web copied to clipboard
verified publisher icon w3c-ccg

Specify correct certificate identities

Open ekr opened this issue 4 years ago • 2 comments

The method specific identifier MUST match the common name used in the SSL/TLS certificate, and it MUST NOT include IP addresses. A port MAY be included and the colon MUST be percent encoded to prevent a conflict with paths. Directories and subdirectories MAY optionally be included, delimited by colons rather than slashes.

As noted in RFC 6125, subjectAltName is the preferred place for the identity.

ekr avatar Nov 21 '21 03:11 ekr

More generally, you should just be citing RFC 2818 here.

ekr avatar Nov 21 '21 03:11 ekr

+1

We can improve the language there.

gribneau avatar Nov 21 '21 18:11 gribneau