[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-ietf-pkix-certstore-http-03.txt
Some minor comments on the table of attributes and values in
Section 2. HTTP Certificate Store Interface:
The paragraph preceeding the table reads:
"Permitted attribute types and associated values are described below.
Arbitrary-length binary values (indicated in the table below) are
converted
into a search key by the process described in section 2.1. Note that
the
values are checked for an exact match, and are therefore
case-sensitive.
Is it necessary to require an exact match for all attributes,
particularly
for such attributes as the email and name attributes? For example, I'm
looking for the cert for Bill Williams, but I don't know if the common
name
is "Bill Williams" or "Will Williams" or "B. Williams", etc, so I might
like
to try a search on just "Williams"
Secondly, the entry for email attribute indicates the value as:
"Subject email address contained in the certificate,
typically as an rfc882Name attribute
Is it necessary the email attribute be from the certificate. Is it
a reasonable or likely situation that a certificate store might use
the email address as an database index even though it's not actually
in the certificate?
Jeff