A US Federal agency which I support is planning on using the otherName
field to convey the URN. This agency is issuing more than 80,000
certificates. I think use of URN more be more prevelant with those
implementing Active Directory than is realized.
I believe defining URN via otherName is sufficient. We're conveying it as
a UTF8String.
Dave S.
>
> At 2:16 AM -0500 1/28/07, Russ Housley wrote:
>>At the time that RFC 2459 was written, URLs were the only things
>>mature enough to include here. No one asked this question during
>>the update to RFC 2459, which resulted in RFC 3280.
>>
>>Going forward, I see two possible ways to go forward:
>>
>>1) Revisit the uri choice, and see if people think URNs ought to be
>>permitted. One obvious question is to determine whether existing
>>implementations would fail badly if a URN was received here.
>
> This seems like overkill given the low usage of URNs as identifiers
> that are associated with public keys.
>
>>2) Define a way to carry URNs in an other name.
>
> Anders and I have suggested two legal ways to do this already.
>
> --Paul Hoffman, Director
> --VPN Consortium
>
>
--
Regards,
David Simonetti
Jacob & Sundstrom, Inc.
410-356-1067