View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001151 | Main CAcert Website | certificate issuing | public | 2013-03-05 12:44 | 2013-03-05 12:44 |
Reporter | oej | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | always |
Status | new | Resolution | open | ||
Summary | 0001151: Support SIP URI in subject alt names | ||||
Description | SIP DOmain certificates, specified in RFC 5922, use a Subject Alt name of type URI. For a certificate for example.com, the URI would be sip:example.com. Even if a CSR contains this URI today, CAcert strips these SANs away. I would like to suggest that we keep the URI's that match the domain name in the CN, even if CN is not used in SIP in this case. That's a first step to getting SIP URIs in the CAcert certificates, and a rather simple one. In short: - If we issue a cert for example.org, also approve sip:example.org as a SAN URI. - If we issue a cert for CN sip.example.org, also approv sip:sip.example.org as a SAN URI. | ||||
Additional Information | A cert with a CN being example.org could have SAN URIs for sip:voip.example.org. Since these does not match, it's harder to find a way to validate, but still possible. A cert with a CN being example.com could have SAN URIs for other domains, like sip:example.net and sip:example.com and sip:test.example.org. This could be a bit trickier, so I suggest we look into a simple first step. (Sorry if posting in the wrong section and category, found it hard to find the right "home" for this issue. Got recommended to file an issue in the bug tracker at FosDEM). | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2013-03-05 12:44 | oej | New Issue |