diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index aafdad743a..99a0784257 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -20,7 +20,16 @@ Security Fixes
 Known Issues
 ~~~~~~~~~~~~
 
-- None.
+- According to RFC 8310, Section 8.1, the Subject field MUST NOT be
+  inspected when verifying a remote certificate while establishing a
+  DNS-over-TLS connection. Only SubjectAltName must be checked
+  instead. Unfortunately, some quite old versions of cryptographic
+  libraries might lack the functionality to ignore the Subject
+  field. It should have minimal production use consequences, as most
+  of the production-ready certificates issued by certificate
+  authorities will have SubjectAltNames set. In such a case, the
+  Subject field is ignored. Only old platforms are affected by this,
+  e.g., those supplied with OpenSSL versions older than 1.1.1.
 
 New Features
 ~~~~~~~~~~~~