From 7954491edc9ac3a738a62dcd9a91df664d0412be Mon Sep 17 00:00:00 2001
From: ID Bot <idbot@example.com>
Date: Sun, 9 Jun 2024 00:40:39 +0000
Subject: [PATCH] Script updating gh-pages from ac6154e. [ci skip]

---
 js-mtls-1/draft-sheffer-wimse-s2s-protocol.html | 8 ++++++--
 js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt  | 6 +++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/js-mtls-1/draft-sheffer-wimse-s2s-protocol.html b/js-mtls-1/draft-sheffer-wimse-s2s-protocol.html
index 7f0cffb..d715693 100644
--- a/js-mtls-1/draft-sheffer-wimse-s2s-protocol.html
+++ b/js-mtls-1/draft-sheffer-wimse-s2s-protocol.html
@@ -1373,7 +1373,7 @@ <h3 id="name-host-name-validation">
 <a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-host-name-validation" class="section-name selfRef">Host Name Validation</a>
         </h3>
 <p id="section-4.1-1">[TODO: the following paragraph needs better alignment with RFC 9525. The following is a very drafty straw man]<a href="#section-4.1-1" class="pilcrow">¶</a></p>
-<p id="section-4.1-2">WIMSE clients <span class="bcp14">MUST</span> validate that the trust domain portion of the WIMSE certificate matches the expected trust domain for the server side of the connection.  It is also <span class="bcp14">RECOMMENDED</span> that the client match the WIMSE identity in the certificate against the WIMSE identity of the workload of the intended server. In this case the trust domain portion of the URI is NOT treated as a host name as specified section 6.4 of RFC 9525 but rather as a trust domain, the server identity is encoded in the path portion of the WIMSE identity in a deployment specific way.<a href="#section-4.1-2" class="pilcrow">¶</a></p>
+<p id="section-4.1-2">WIMSE clients <span class="bcp14">MUST</span> validate that the trust domain portion of the WIMSE certificate matches the expected trust domain for the server side of the connection.  It is also <span class="bcp14">RECOMMENDED</span> that the client match the WIMSE identity in the certificate against the WIMSE identity of the workload of the intended server. In this case the trust domain portion of the URI is NOT treated as a host name as specified section 6.4 of <span>[<a href="#RFC9525" class="cite xref">RFC9525</a>]</span> but rather as a trust domain, the server identity is encoded in the path portion of the WIMSE identity in a deployment specific way.<a href="#section-4.1-2" class="pilcrow">¶</a></p>
 <p id="section-4.1-3">In some cases the WIMSE client may connect to the server using a DNS host name in which case the client <span class="bcp14">MUST</span> perform host name validation as defined in 6.3 in RFC 9525.<a href="#section-4.1-3" class="pilcrow">¶</a></p>
 </section>
 </div>
@@ -1424,9 +1424,13 @@ <h3 id="name-normative-references">
 <span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
 <dd class="break"></dd>
 <dt id="RFC9421">[RFC9421]</dt>
-      <dd>
+        <dd>
 <span class="refAuthor">Backman, A., Ed.</span>, <span class="refAuthor">Richer, J., Ed.</span>, and <span class="refAuthor">M. Sporny</span>, <span class="refTitle">"HTTP Message Signatures"</span>, <span class="seriesInfo">RFC 9421</span>, <span class="seriesInfo">DOI 10.17487/RFC9421</span>, <time datetime="2024-02" class="refDate">February 2024</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9421">https://www.rfc-editor.org/rfc/rfc9421</a>&gt;</span>. </dd>
 <dd class="break"></dd>
+<dt id="RFC9525">[RFC9525]</dt>
+      <dd>
+<span class="refAuthor">Saint-Andre, P.</span> and <span class="refAuthor">R. Salz</span>, <span class="refTitle">"Service Identity in TLS"</span>, <span class="seriesInfo">RFC 9525</span>, <span class="seriesInfo">DOI 10.17487/RFC9525</span>, <time datetime="2023-11" class="refDate">November 2023</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9525">https://www.rfc-editor.org/rfc/rfc9525</a>&gt;</span>. </dd>
+<dd class="break"></dd>
 </dl>
 </section>
 </div>
diff --git a/js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt b/js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt
index 73829e6..ecab9d1 100644
--- a/js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt
+++ b/js-mtls-1/draft-sheffer-wimse-s2s-protocol.txt
@@ -224,7 +224,7 @@ Table of Contents
    the WIMSE identity in the certificate against the WIMSE identity of
    the workload of the intended server.  In this case the trust domain
    portion of the URI is NOT treated as a host name as specified section
-   6.4 of RFC 9525 but rather as a trust domain, the server identity is
+   6.4 of [RFC9525] but rather as a trust domain, the server identity is
    encoded in the path portion of the WIMSE identity in a deployment
    specific way.
 
@@ -274,6 +274,10 @@ Table of Contents
               Message Signatures", RFC 9421, DOI 10.17487/RFC9421,
               February 2024, <https://www.rfc-editor.org/rfc/rfc9421>.
 
+   [RFC9525]  Saint-Andre, P. and R. Salz, "Service Identity in TLS",
+              RFC 9525, DOI 10.17487/RFC9525, November 2023,
+              <https://www.rfc-editor.org/rfc/rfc9525>.
+
 7.2.  Informative References
 
    [I-D.ietf-wimse-arch]