[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-ietf-pkix-certstore-http-03.txt

To: housley@xxxxxxxxxxxx, tgindin@xxxxxxxxxx
Subject: Re: I-D ACTION:draft-ietf-pkix-certstore-http-03.txt
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Sat, 4 Jan 2003 14:32:02 +1300
Cc: ietf-pkix@xxxxxxx, jjacoby@xxxxxxxxxxxxxxx, pgut001@xxxxxxxxxxxxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

"Tom Gindin" <tgindin@xxxxxxxxxx> writes:

>Of course I have no objection to mentioning a preference for subjectAltName
>over subject for e-mail addresses.  I just thought that anybody actually
>implementing something which extracts e-mail addresses from certificates
>would be helped by knowing all the places which are used in large numbers of
>certificates, not just the approved ones.  In the earlier wording ("an
>rfc822Name attribute") I wasn't sure whether implementors would interpret
>this as the rfc822mailbox directory attribute or the rfc822Name component of
>GeneralName, anyway.

I've actually reworded it to use mostly a very generic "email address
associated with the cert" (someone pointed out that there doesn't actually
have to be an email address in the cert for it to be associated with one). The
intent was never to provide an exhaustive enumeration of all possible places
it could be hidden, just to say that it was whatever address(es) were
associated with the cert.

Peter.

Follow-Ups:
- Re: I-D ACTION:draft-ietf-pkix-certstore-http-03.txt
  - From: Michael Ströder

Prev by Date: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Next by Date: Re: LDAP PKI Schema (was Re: No-op LDAP ;binary option)
Previous by thread: Re: I-D ACTION:draft-ietf-pkix-certstore-http-03.txt
Next by thread: Re: I-D ACTION:draft-ietf-pkix-certstore-http-03.txt
Index(es):
- Date
- Thread