RFC Errata
RFC 4985, "Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name", August 2007
Source of RFC: pkix (sec)See Also: RFC 4985 w/ inline errata
Errata ID: 2520
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Stefan Santesson
Date Reported: 2010-09-14
Verifier Name: Tim Polk
Date Verified: 2011-03-09
Section 2 says:
Name The DNS domain name of the domain where the specified service is located.
It should say:
Name A DNS domain name, representing a domain for which the certificate issuer has asserted that the certified subject is a legitimate provider of the identified service.
Notes:
The current text is ambiguous compared with the defined meaning of this name form given in the RFC.
The definition of this component is given in the overall definition as:
"The content of the components of this name form MUST be consistent
with the corresponding definition of these components in an SRV RR
according to RFC 2782 [N3]."
And later in the same section:
"The purpose of the SRVName is limited to authorization of
service provision within a domain."
The changed text makes it clear that the domain is the domain where the certified host is a legitimate service provider, which may or may not be the domain where the same host is located. Thus the changed text harmonize with the rest of the document.