[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can we form certificates with just name and e-mail address

To: ietf-pkix@xxxxxxx
Subject: Re: Can we form certificates with just name and e-mail address
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Jun 2000 13:42:52 -0400 (EDT)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxxxxxxxxxxxx>

> From: Stefan Santesson <stefan@accurata.se>
>
>   ...
>
> Why can't an e-mail address be part of a reasonable DN? (I guess that's 
> what the current text implies)
> 
> /Stefan


DNS is a (the only?) universal-coverage name registration system, and
although one would never know it by examining current X.509
certificates, "reasonable" does not have to mean "beginning with a
Country= RDN".  So one reasonable DN might be:

  "DC=se, DC=accurata, SN=stefan + CN=Stefan Santesson"

This is semantically identical to a null DN and an rfc822Name in the
subjectAltName extension, and if there were an RFC spelling out some
equivalence rules, applications might someday be able to translate
between the rfc822Name format and the RDNSequence format as required.

Prev by Date: Re: Can we form certificates with just name and e-mail address
Next by Date: Re: Private Key Cloning
Previous by thread: RE: Can we form certificates with just name and e-mail address
Next by thread: Re: Can we form certificates with just name and e-mail address
Index(es):
- Date
- Thread