[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Basic Cert-2-Directory mapping question

To: "'Stephen Kent'" <kent@xxxxxxx>
Subject: RE: Basic Cert-2-Directory mapping question
From: "Jim Schaad" <jimsch5@xxxxxxxx>
Date: Fri, 12 Jan 2001 14:31:04 -0800
Cc: <ietf-pkix@xxxxxxx>
Importance: Normal
In-reply-to: <>
Reply-to: <jimsch@xxxxxxxxxx>

This does not match my memory of what was going on at the time. My memory said that the Issuer DN was made required to simplify the chaining issues for building names. I do not remember this as being pushed from the S/MIME working group although several of us from the S/MIME working group probably gave comments on this issue.

jim

-----Original Message-----
From: Stephen Kent [mailto:kent@xxxxxxx]
Sent: Thursday, January 11, 2001 1:56 PM
To: Slone, Skip
Cc: ietf-pkix@xxxxxxx
Subject: RE: Basic Cert-2-Directory mapping question

Skip,

I would just like to add that, in addition to X.521 and some LDAP specs, the ability to recognize civil naming attributes in the issuer and subject fields of an X.509v3 cert is mandated in RFC 2459 (ref section 4.1.2.4) and in son-of-2459.

Ironically, the requirement for support for Issuer names (DNs) vs. allowing an Issuer alname in lieu of a DN, arose because the S/MIME WG was relying on the presence of an Issuer DN in their design, and I believe the motivation for it (Russ can confirm or correct this notion) was to facilitate directory lookup for certs in S/MIME!

<snip>

Steve

Follow-Ups:
- RE: Basic Cert-2-Directory mapping question
  - From: Russ Housley

References:
- RE: Basic Cert-2-Directory mapping question
  - From: Stephen Kent

Prev by Date: Re: DPD & DPV Basics
Next by Date: RE: DPD & DPV requirements
Previous by thread: RE: Basic Cert-2-Directory mapping question
Next by thread: RE: Basic Cert-2-Directory mapping question
Index(es):
- Date
- Thread