Hi Jeff, On 02/02/2016 00:54, =JeffH wrote: > Hi Alexey, > > I was taking a look at wrt draft-ietf-uta-email-tls-certs and noted that > it says this in Section 3.. > > [...] > Matching is performed according > to the rules specified in Section 6 of [RFC6125], including the > relative order of matching of different identifier types, > "certificate pinning" and the procedure on failure to match. The > following inputs are used by the verification procedure used in > [RFC6125]: > > [...] > > The rules and guidelines defined in [RFC6125] apply to an email > server certificate, with the following supplemental rules: > > [...various supplemental rules to add to those defined in RFC6125.. ] > > > ..thus I am curious as to why draft-ietf-uta-email-tls-certs does not > officially update RFC6125 -- should it not (in addition to updating four > other RFCs as it notes) ? "Supplemental rules" are inputs to RFC 6125 procedure (such as use of wildcards, use of CN-ID, etc.). I don't think the document updates RFC 6125. If you think something better than "supplemental rules" should be used in this context, please let me know. Best Regards, Alexey