Re: Updated IdP to new spec.

On 29 Nov 2011, at 01:39, Peter Williams wrote:

> 
> 
> I vote we impose a limit of one, but that the text says... a future version of the standard will very likely reconsider this limit, as user experience is gained.

I’m struggling to see what benefit limiting to only one public key in the profile document will bring besides avoiding a loop somewhere. Can you elaborate?

> I'm tempted to suggests that only 1 URI be permitted in the cert too, with similar language about the strong likelihood of this changing as anticipated needs actually materialize.

What does “permitted” really mean? Would certs with multiple URIs be rejected, or only the first URI processed? What about other kinds of subjectAltName? (Not entirely opposed, FWIW)

M.

-- 
Mo McRoberts - Technical Lead - The Space,
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Project Office: Room 7083, BBC Television Centre, London W12 7RJ



http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
					

Received on Tuesday, 29 November 2011 08:08:07 UTC