[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SubjectAltName verification

To: Peter Williams <peterw@xxxxxxxxxxxx>
Subject: RE: SubjectAltName verification
From: tgindin@xxxxxxxxxx
Date: Tue, 30 May 2000 14:51:09 -0400
Cc: "'Al Arsenault'" <awa1@xxxxxxxx>, "'Denis Pinkas'" <Denis.Pinkas@xxxxxxxx>, ietf-pkix@xxxxxxx

     I am not sure that VeriSign class 1's E-mail address usage is
unverified, as opposed to rather weakly verified, because the
challenge/response serves as a form of POP.  Whether this is an adequate
POP is more questionable.
     Furthermore, a number of fields which are placed in certificates are
restrictions on usage and cannot be verified by the CA.  The most obvious
such fields are the KeyUsage and ExtendedKeyUsage extensions.
     This does not, however, necessarily mean that the CA can avoid
responsibility for verifying identity fields and other fields that are
verifiable, such as Subject, SubjectPublicKey, SubjectAltName, and
SubjectDirectoryAttributes.

          Tom Gindin

Prev by Date: Re: TSA Response serialNumber Field
Next by Date: Re: SubjectAltName verification
Previous by thread: Re: SubjectAltName verification
Next by thread: RE: SubjectAltName verification
Index(es):
- Date
- Thread