[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: URN in subjectAltName

To: Milan Sova <sova+pkix@xxxxxxxxx>, ietf-pkix@xxxxxxxx
Subject: Re: URN in subjectAltName
From: Russ Housley <housley@xxxxxxxxxxxx>
Date: Sun, 28 Jan 2007 02:16:21 -0500
In-reply-to: <45B94A66.3030107@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <45B94A66.3030107@xxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At the time that RFC 2459 was written, URLs were the only thingsmature enough to include here. No one asked this question during theupdate to RFC 2459, which resulted in RFC 3280.


Going forward, I see two possible ways to go forward:

1) Revisit the uri choice, and see if people think URNs ought to bepermitted. One obvious question is to determine whether existingimplementations would fail badly if a URN was received here.


2) Define a way to carry URNs in an other name.

Russ

At 07:25 PM 1/25/2007, Milan Sova wrote:

        Hi.

        In our project, we mark end entities with URNs and need to include
these names in the certificates. We started with using
subjectAltName.URI field for this (as URN is a "subtype" of URI).
However, this practice clashes with RFC 3280 which explicitly requires
absolute URL for the field.

        Is there any specific reason for excluding URNs from subjectAltName?

        Regards
--
                                                Milan Sova

Follow-Ups:
- Re: URN in subjectAltName
  - From: Milan Sova
- Re: URN in subjectAltName
  - From: Paul Hoffman

References:
- URN in subjectAltName
  - From: Milan Sova

Prev by Date: Re: URN in subjectAltName
Next by Date: Re: URN in subjectAltName
Previous by thread: Re: What is the right list name
Next by thread: Re: URN in subjectAltName
Index(es):
- Date
- Thread