Re: URN in subjectAltName

["Anders Rundgren" <anders.rundgren@xxxxxxxxx>]

Hi
You can put whatever you want including URNs in a serialNumber attribute.
I would though also consider using a scheme where you separate the identity
part from the authority/registry.  Like if your URN is:

         serialNumber=urn:com:example:id:3456

 you might as well use something like:

    serialNumber=<guid registry="urn:com:example:id">3456</guid>

[some "-mangling removed for brevity]
which has the advantage that it is a universal XML-ish way of specifying
a globally unique id where you don't have to know how the registry part
is constructed in order to get the id.  Although true URNs are cool, I
would still not rule out using HTTP URIs because then the registry part
would typically point to a web-page showing data associated with the
identity name space.

Anders

----- Original Message ----- 
From: "Milan Sova" <sova+pkix@xxxxxxxxx>
To: <ietf-pkix@xxxxxxxx>
Sent: Friday, January 26, 2007 01:25
Subject: URN in subjectAltName



Hi.

In our project, we mark end entities with URNs and need to include
these names in the certificates. We started with using
subjectAltName.URI field for this (as URN is a "subtype" of URI).
However, this practice clashes with RFC 3280 which explicitly requires
absolute URL for the field.

Is there any specific reason for excluding URNs from subjectAltName?

Regards
-- 
Milan Sova