参照識別子

参照識別子

[1] RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) ( 版) <https://tools.ietf.org/html/rfc6125#section-1.8>

reference identifier: An identifier, constructed from a source

domain and optionally an application service type, used by the

client for matching purposes when examining presented identifiers.

[2] RFC 7525 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) ( 版) <https://tools.ietf.org/html/rfc7525#section-6.1>

If the host name is discovered indirectly and in an insecure manner

(e.g., by an insecure DNS query for an MX or SRV record), it SHOULD

NOT be used as a reference identifier [RFC6125] even when it matches

the presented certificate. This proviso does not apply if the host

name is discovered securely (for further discussion, see [DANE-SRV]

and [DANE-SMTP]).