nanog mailing list archives
Re: looking for terminology recommendations concerning non-rooted FQDNs
From: Brian Reichert <reichert () numachi com>
Date: Fri, 22 Feb 2013 12:17:10 -0500
On Fri, Feb 22, 2013 at 05:19:03PM +1100, Karl Auer wrote:
It's a convention common enough and useful enough that I can see why people would want a handy term for it.
The core issue I'm trying to resolve surrounds the generation of a CSR. We're trying automate this process for a network appliance my employer sells. When our appliance generates a CSR for itself, among the steps is to get a PTR record; by convention (or otherwise) these are rooted domain names. When we generate a CSR, we're choosing to include the rooted domain name, as well as the other form (for now, I guess it should be called a FQDN, the version without the trailing dot). The resulting issued certificate has both forms in the SubjectAltName field, and this allows both hostname forms to be used to establish an SSL connection to our server. They are considered distinct for the Subject verification phase. It's come to my attention that some commercial certificate vendors think that having multiple hostnames in the SAN list costs more money; go figure. Our customers then have to go through some soul-searching to pare down the list of hostnames in the SAN in the CSR. There's some understandable questions about why we include both forms, and whether or not they are necessary. We need to document our policies and recommendations, and I'm trying to establish the vocabulary. Hence my original question. Irrespective of the state of RFCs, there are competing conventions, and ambiguous terminology. And I was seeking guidance. :) I do appreciate the feedback provided thus far.
Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer () biplane com au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog
-- Brian Reichert <reichert () numachi com> BSD admin/developer at large
Current thread:
- looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 21)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Mark Andrews (Feb 21)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Karl Auer (Feb 21)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Jay Ashworth (Feb 22)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Mark Andrews (Feb 23)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Karl Auer (Feb 21)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Mark Andrews (Feb 21)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Mark Andrews (Feb 23)
- Re: looking for terminology recommendations concerning non-rooted FQDNs Brian Reichert (Feb 25)