[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 3280 and multiple Organization (O) fields in DN

To: Tom Gindin <tgindin@xxxxxxxxxx>
Subject: Re: RFC 3280 and multiple Organization (O) fields in DN
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 23 Dec 2004 14:09:39 -0500
Cc: ietf-pkix@xxxxxxx, Jostein Tveit <josteitv@xxxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 11:46 AM -0500 12/23/04, Tom Gindin wrote:

        IMHO, this rule originated with X.400.  The name form containing
C, O, OU, and CN is largely derived from the "Mnemonic O/R address" of
CCITT (now ITU) X.400, although in that standard there was also a
mandatory administrative domain name.  In that standard, C, O, and CN had
to be single-valued, while OU could have up to four values (see the
MTSUpperBounds ASN.1 module).
        I don't see anything in the directory standards proper (especially
X.520 and X.521, where it would be expected) which is as clear as X.400 in
forbidding multiple values of C and O while permitting them for OU.

Tom Gindin

I think the semantics of the attributes support the notion of one instance for C and O, but multiple instances of OU.

Steve

References:
- Re: RFC 3280 and multiple Organization (O) fields in DN
  - From: Tom Gindin

Prev by Date: Re: RFC 3280 and multiple Organization (O) fields in DN
Next by Date: Re: registration authorities
Previous by thread: Re: RFC 3280 and multiple Organization (O) fields in DN
Next by thread: Re: RFC 3280 and multiple Organization (O) fields in DN
Index(es):
- Date
- Thread