[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can we form certificates with just name and e-mail address

To: Stefan Santesson <stefan@xxxxxxxxxxx>
Subject: Re: Can we form certificates with just name and e-mail address
From: thayes@xxxxxxxxxxxx (Terry Hayes)
Date: Mon, 19 Jun 2000 10:16:34 -0700
Cc: Stephen Kent <kent@xxxxxxx>, PKIX Mailing List <ietf-pkix@xxxxxxx>
References: <> <> <> <>

Stefan Santesson wrote:

> ....
>
> Why can't an e-mail address be part of a reasonable DN? (I guess that's
> what the current text implies)
>

There is no reason that it can't be.  In fact, I believe that e=name@isp.com is a
perfectly good DN.  It's probably not a good DN in the X.509 world, since it isn't
very helpful in locating the portion of the "global" directory that actually
contains the entry.  It is a unique name and probably will work in many LDAP or
other directory environments.

The RFC deprecates using an email component of the DN as the RFC822 name for
delivering email.  This means that you need to put the email address in the
Subject Alternate Name extension as well, to allow S/MIME (and other) applications
to find it there.  It does not mean that it is disallowed as a component in the
DN.

Terry

Follow-Ups:
- Re: Can we form certificates with just name and e-mail address
  - From: Aram Perez
- Re: Can we form certificates with just name and e-mail address
  - From: Stephen Kent

References:
- Re: Can we form certificates with just name and e-mail address
  - From: Christopher Williams
- Can we form certificates with just name and e-mail address
  - From: Stefan Santesson
- Re: Can we form certificates with just name and e-mail address
  - From: Stefan Santesson

Prev by Date: Re: Why is Java still crypto-crippled?
Next by Date: Re: Can we form certificates with just name and e-mail address
Previous by thread: Re: Can we form certificates with just name and e-mail address
Next by thread: Re: Can we form certificates with just name and e-mail address
Index(es):
- Date
- Thread