Merge pull request #299 from ietf-wg-scitt/273-dn-regex

Adjust DN regex requirement to be URI requirement
ietf-wg-scitt · Sep 17, 2024 · 7615e71 · 7615e71
2 parents 068a334 + c48adfd
commit 7615e71
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/draft-ietf-scitt-architecture.md b/draft-ietf-scitt-architecture.md
@@ -501,7 +501,8 @@ Additionally, `x5chain` that corresponds to either `x5t` or `kid` identifying th
 - When using x.509 certificates, support for `x5t` is REQUIRED to implement.
 - Support for `kid` in the protected header and `x5chain` in the unprotected header is OPTIONAL to implement.
 
-When `x5t` is present, `iss` MUST be a string with a value between 1 and 8192 characters in length that fits the regular expression of a distinguished name.
+When `x5t` is present, `iss` MUST be a string that meets URI requirements defined in {{RFC8392}}.
+The `iss` value's length MUST be between 1 and 8192 characters in length.
 
 The `kid` header parameter MUST be present when `x5t` is not present.
 Key discovery protocols are out-of-scope of this document.