Script updating gh-pages from ac6154e. [ci skip]

ietf-wg-wimse · Jun 9, 2024 · 7954491 · 7954491
1 parent 7b4111e
commit 7954491
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/js-mtls-1/draft-sheffer-wimse-s2s-protocol.html b/js-mtls-1/draft-sheffer-wimse-s2s-protocol.html
@@ -1373,7 +1373,7 @@ <h3 id="name-host-name-validation">
 <a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-host-name-validation" class="section-name selfRef">Host Name Validation</a>
         </h3>
 <p id="section-4.1-1">[TODO: the following paragraph needs better alignment with RFC 9525. The following is a very drafty straw man]<a href="#section-4.1-1" class="pilcrow">¶</a></p>
-<p id="section-4.1-2">WIMSE clients <span class="bcp14">MUST</span> validate that the trust domain portion of the WIMSE certificate matches the expected trust domain for the server side of the connection.  It is also <span class="bcp14">RECOMMENDED</span> that the client match the WIMSE identity in the certificate against the WIMSE identity of the workload of the intended server. In this case the trust domain portion of the URI is NOT treated as a host name as specified section 6.4 of RFC 9525 but rather as a trust domain, the server identity is encoded in the path portion of the WIMSE identity in a deployment specific way.<a href="#section-4.1-2" class="pilcrow">¶</a></p>
+<p id="section-4.1-2">WIMSE clients <span class="bcp14">MUST</span> validate that the trust domain portion of the WIMSE certificate matches the expected trust domain for the server side of the connection.  It is also <span class="bcp14">RECOMMENDED</span> that the client match the WIMSE identity in the certificate against the WIMSE identity of the workload of the intended server. In this case the trust domain portion of the URI is NOT treated as a host name as specified section 6.4 of <span>[<a href="#RFC9525" class="cite xref">RFC9525</a>]</span> but rather as a trust domain, the server identity is encoded in the path portion of the WIMSE identity in a deployment specific way.<a href="#section-4.1-2" class="pilcrow">¶</a></p>
 <p id="section-4.1-3">In some cases the WIMSE client may connect to the server using a DNS host name in which case the client <span class="bcp14">MUST</span> perform host name validation as defined in 6.3 in RFC 9525.<a href="#section-4.1-3" class="pilcrow">¶</a></p>
 </section>
 </div>
@@ -1424,9 +1424,13 @@ <h3 id="name-normative-references">
 <span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
 <dd class="break"></dd>
 <dt id="RFC9421">[RFC9421]</dt>
-      <dd>
+        <dd>
 <span class="refAuthor">Backman, A., Ed.</span>, <span class="refAuthor">Richer, J., Ed.</span>, and <span class="refAuthor">M. Sporny</span>, <span class="refTitle">"HTTP Message Signatures"</span>, <span class="seriesInfo">RFC 9421</span>, <span class="seriesInfo">DOI 10.17487/RFC9421</span>, <time datetime="2024-02" class="refDate">February 2024</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9421">https://www.rfc-editor.org/rfc/rfc9421</a>&gt;</span>. </dd>
 <dd class="break"></dd>
+<dt id="RFC9525">[RFC9525]</dt>
+      <dd>
+<span class="refAuthor">Saint-Andre, P.</span> and <span class="refAuthor">R. Salz</span>, <span class="refTitle">"Service Identity in TLS"</span>, <span class="seriesInfo">RFC 9525</span>, <span class="seriesInfo">DOI 10.17487/RFC9525</span>, <time datetime="2023-11" class="refDate">November 2023</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9525">https://www.rfc-editor.org/rfc/rfc9525</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 </dl>
 </section>
 </div>

diff --git a/js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt b/js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt
@@ -224,7 +224,7 @@ Table of Contents
    the WIMSE identity in the certificate against the WIMSE identity of
    the workload of the intended server.  In this case the trust domain
    portion of the URI is NOT treated as a host name as specified section
-   6.4 of RFC 9525 but rather as a trust domain, the server identity is
+   6.4 of [RFC9525] but rather as a trust domain, the server identity is
    encoded in the path portion of the WIMSE identity in a deployment
    specific way.
 
@@ -274,6 +274,10 @@ Table of Contents
               Message Signatures", RFC 9421, DOI 10.17487/RFC9421,
               February 2024, <https://www.rfc-editor.org/rfc/rfc9421>.
 
+   [RFC9525]  Saint-Andre, P. and R. Salz, "Service Identity in TLS",
+              RFC 9525, DOI 10.17487/RFC9525, November 2023,
+              <https://www.rfc-editor.org/rfc/rfc9525>.
+
 7.2.  Informative References
 
    [I-D.ietf-wimse-arch]