[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft and multi-valued RDNs (was: draft minutes)
Stephen Kent,
DST has been useing a multivalued RDN in EndEntity certificates for a number
of PKIs and since 1999 when we started issuing certificates. We only do
this for End Entities not servers. Basically the certificate SubDN looks
like the following.
0.9.2342.19200300.100.1.1 = D01E473E000000F58FE3DDDC00000709,E =
rweiser@xxxxxxxxxxxx, CN = Russel F Weiser,O = TrustID personal
certificate,C = US
We have used this with numerous and integrated with many applications.
So is the issue that microsoft Active Directory will not support multivalued
RDNs or that there Applications don't ?? I'm just trying to understand the
issue more clearly.
----- Original Message -----
From: "Michael Ströder" <michael@xxxxxxxxxxxx>
To: <ietf-pkix@xxxxxxx>
Sent: Thursday, July 24, 2003 3:47 AM
Subject: Microsoft and multi-valued RDNs (was: draft minutes)
>
> Stephen Kent wrote:
> >
> > LDAP Documents:
> > [..]
> > Biggest issue on the table for the schema document is that
> > Microsoft says it will not support multi-valued attributes (e.g., a
> > terminal RDN that is a set consisting of a common name and a serial
> > number).
>
> Could someone please elaborate on this?
>
> One of my customers is planning to use exactly this naming scheme with
> multi-valued RDNs in a rather large PKI deployment and so we're scared
about
> interoperability issues.
>
> Ciao, Michael.
>
>