[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: URN in subjectAltName

To: "Russ Housley" <housley@xxxxxxxxxxxx>
Subject: Re: URN in subjectAltName
From: "David Simonetti" <dsimonetti@xxxxxxxx>
Date: Wed, 31 Jan 2007 12:51:19 -0500 (EST)
Cc: ietf-pkix@xxxxxxxx
Importance: Normal
In-reply-to: <7.0.0.16.2.20070130195847.04bac5b8@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <45B94A66.3030107@xxxxxxxxx> <7.0.0.16.2.20070128021208.049264f8@xxxxxxxxxxxx> <> <13947.199.173.224.25.1170167473.squirrel@xxxxxxxxxxx> <7.0.0.16.2.20070130195847.04bac5b8@xxxxxxxxxxxx>
Sender: owner-ietf-pkix@xxxxxxxxxxxx
User-agent: SquirrelMail/1.4.6

Russ,

We're using Active Directory UPNs, not URNs.  I was wondering why this was
a big deal.

Dave S.

>
> David:
>
> Can you document what you are doing so that everyone that needs a URN
> can do it the same way?
>
> Russ
>
>
> At 09:31 AM 1/30/2007, David Simonetti wrote:
>>A US Federal agency which I support is planning on using the otherName
>>field to convey the URN.  This agency is issuing more than 80,000
>>certificates.  I think use of URN more be more prevelant with those
>>implementing Active Directory than is realized.
>>
>>I believe defining URN via otherName is sufficient.  We're conveying it
>> as
>>a UTF8String.
>>
>>Dave S.
>>
>> >
>> > At 2:16 AM -0500 1/28/07, Russ Housley wrote:
>> >>At the time that RFC 2459 was written, URLs were the only things
>> >>mature enough to include here.  No one asked this question during
>> >>the update to RFC 2459, which resulted in RFC 3280.
>> >>
>> >>Going forward, I see two possible ways to go forward:
>> >>
>> >>1) Revisit the uri choice, and see if people think URNs ought to be
>> >>permitted.  One obvious question is to determine whether existing
>> >>implementations would fail badly if a URN was received here.
>> >
>> > This seems like overkill given the low usage of URNs as identifiers
>> > that are associated with public keys.
>> >
>> >>2) Define a way to carry URNs in an other name.
>> >
>> > Anders and I have suggested two legal ways to do this already.
>> >
>> > --Paul Hoffman, Director
>> > --VPN Consortium
>> >
>> >
>>
>>
>>--
>>Regards,
>>David Simonetti
>>Jacob & Sundstrom, Inc.
>>410-356-1067
>
>


-- 
Regards,
David Simonetti
Jacob & Sundstrom, Inc.
410-356-1067

Follow-Ups:
- RE: URN in subjectAltName
  - From: Stefan Santesson

References:
- URN in subjectAltName
  - From: Milan Sova
- Re: URN in subjectAltName
  - From: Russ Housley
- Re: URN in subjectAltName
  - From: Paul Hoffman
- Re: URN in subjectAltName
  - From: David Simonetti
- Re: URN in subjectAltName
  - From: Russ Housley

Prev by Date: Re: Authority Key Identifier values
Next by Date: all
Previous by thread: Re: URN in subjectAltName
Next by thread: RE: URN in subjectAltName
Index(es):
- Date
- Thread