[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-pkix-new-part1-08

To: ietf-pkix@xxxxxxx
Subject: draft-ietf-pkix-new-part1-08
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Wed, 22 Aug 2001 15:04:46 +0200 (MET DST)
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx


Chapter 4.1.1.11 says:

   When applying restrictions of the form directoryName, an
   implementation MUST compare DN attributes.  At a minimum,
   implementations MUST perform the DN comparison rules specified in
   Section 4.1.2.4.  CAs issuing certificates with a restriction of the
   form directoryName SHOULD NOT rely on implementation of the full ISO
   DN name comparison algorithm.  This implies name restrictions shall
   be stated identically to the encoding used in the subject field or
   subjectAltName extension.

Does this mean that excludedSubtrees are practically unusable ?

Follow-Ups:
- Re: draft-ietf-pkix-new-part1-08
  - From: Housley, Russ
- Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08)
  - From: Steve Hanna

Prev by Date: I-D ACTION:draft-ietf-pkix-pkalgs-supp-00.txt
Next by Date: Path validation and self-signed certificates (was RE: Recommended changes to draft-ietf-pkix-new-part1-08)
Previous by thread: I-D ACTION:draft-ietf-pkix-pkalgs-supp-00.txt
Next by thread: Re: excludedSubtrees (was Re: draft-ietf-pkix-new-part1-08)
Index(es):
- Date
- Thread