Hi Alexey,
I was taking a look at wrt draft-ietf-uta-email-tls-certs and noted that it
says this in Section 3..
[...]
Matching is performed according
to the rules specified in Section 6 of [RFC6125], including the
relative order of matching of different identifier types,
"certificate pinning" and the procedure on failure to match. The
following inputs are used by the verification procedure used in
[RFC6125]:
[...]
The rules and guidelines defined in [RFC6125] apply to an email
server certificate, with the following supplemental rules:
[...various supplemental rules to add to those defined in RFC6125.. ]
..thus I am curious as to why draft-ietf-uta-email-tls-certs does not
officially update RFC6125 -- should it not (in addition to updating four
other RFCs as it notes) ?
thanks, HTH,
=JeffH