[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encoding of "dc" in DNs

To: "PKIX Mailing List" <ietf-pkix@xxxxxxx>
Subject: Encoding of "dc" in DNs
From: Volker Hammer <hammer@xxxxxxxxxx>
Date: Thu, 13 Apr 2000 18:05:05 +0200

Hi,

we use the "dc"-Attribute (domain component) to build distinguished names in multinational enterprises.

We need to decide how the "dc"-attribute should be encoded in implementations of the subject distinguished name and issuer dn within certificates as well as for X.500 directory information tree distinguished names. RFC2247 (X.500 OID DomainComponent) tells "IA5 string". Some CA products use "printableString", which is in accordance with recommendation of "DirectoryString" in X.500 ff. But the latter is only a recommendation and not enforced, so IA5 string seems to be correct.

Questions:

* Will interop problems in clients arise when using "the other" encoding (client expects IA5 but find printableString and vice versa)

* Products using printableString: will this be corrected in accordance to RFC2247?

* Other recommendations from the list?

Thanks in advance,
Volker Hammer.
--------------------------------------------------------
Dr.-Ing. Volker Hammer
Security Consultant

Secorvo Security Consulting GmbH
Albert-Nestler-Strasse 9, D-76131 Karlsruhe

Tel. +49 721 6105-458, Fax +49 721 6105-455
E-Mail hammer@secorvo.de, http://www.secorvo.de
--------------------------------------------------------
PGP-Fingerprint    3C9C AD64 AC6B 64CC  FA6B AE8D 2A5D 462D

Follow-Ups:
- Re: Encoding of "dc" in DNs
  - From: Juergen Brauckmann

Prev by Date: Re: Permanent identifiers in QC
Next by Date: Re: Global unique identifier
Previous by thread: testing
Next by thread: Re: Encoding of "dc" in DNs
Index(es):
- Date
- Thread