Specify correct certificate identities

w3c-ccg / did-method-web

DRAFT: did:web Decentralized Identifier Method Specification

https://w3c-ccg.github.io/did-method-web/

Other

32 stars 17 forks source link

Specify correct certificate identities #44

Open ekr opened 2 years ago

ekr commented 2 years ago

The method specific identifier MUST match the common name used in the SSL/TLS certificate, and it MUST NOT include IP addresses. A port MAY be included and the colon MUST be percent encoded to prevent a conflict with paths. Directories and subdirectories MAY optionally be included, delimited by colons rather than slashes.

As noted in RFC 6125, subjectAltName is the preferred place for the identity.

ekr commented 2 years ago

More generally, you should just be citing RFC 2818 here.

gribneau commented 2 years ago

We can improve the language there.