Re: Can we form certificates with just name and e-mail address

["Christopher Williams" <ccwilliams@xxxxxxxxxxxx>]

You put your common name (or given name + surname) in the SubjectName field
and your e-mail address in the rfc822Name field in a SubjectAlternativeName
field extension.  I don't think that it is too important if the SubjectName
is not unique; the combination of SubjectName and SerialNo has to be unique.

Alternatively, you can leave the SubjectName field blank (unusual but the
standard permits it) and put your common name in a directoryName field in
your alternative name and your e-mail address in an rfc822Name.  While
you're at it, why not include the URL of your homepage in a uRI field!
Remember that a SubjectAlternativeName is type GeneralNames, which means it
can have any number of elements.

On the subject of alternative names, what exactly is an ediPartyName,
anybody?  I know that EDI stands for "Electronic Data Interchange" but I
don't know anything more.

Also, I have to say that I think it's crazy that your e-mail address has to
go into an extension, or can only be placed in the name field by means of a
(deprecated) kludge.  In a world context, your e-mail address is as
important (at least) as your X-500 characteristics.  If I get a personal
certificate, I don't have an "organization" or an "organizational unit"  -
it's just me.

Christopher Williams

Software engineer, NetLexis Ltd.
http://www.netlexis.com "Intelligent Trust"