[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: 3280bis: CRL validation

To: Sharon Boeyen <sharon.boeyen@xxxxxxxxxxx>
Subject: RE: 3280bis: CRL validation
From: Stephen Kent <kent@xxxxxxx>
Date: Fri, 3 Jun 2005 13:53:16 -0400
Cc: "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>, "David A. Cooper" <david.cooper@xxxxxxxx>, pkix <ietf-pkix@xxxxxxx>
In-reply-to: <7A3E1242FA9989439AD1F9B2D71C287F03A03350@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <7A3E1242FA9989439AD1F9B2D71C287F03A03350@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Sharon,

I agree that the X.500 model of naming assumes unambiguous names andthat X.509, inherits this model. However, in reality, we do not havea global DIT and thus there are no good assurances that CAs operatingin different contexts will not issue certs to different entitiesusing the same subject DN. As a result, I think we have to developstandards guidance that acknowledges the potential of DN reuse underdifferent CAs.


Steve

References:
- RE: 3280bis: CRL validation
  - From: Sharon Boeyen

Prev by Date: RE: Absent keyUsage in certificates
Next by Date: Re: Absent keyUsage in certificates
Previous by thread: RE: 3280bis: CRL validation
Next by thread: RE: 3280bis: CRL validation
Index(es):
- Date
- Thread