[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certificate and its subject name field

To: Shyh-Wei Luan <luan@xxxxxxxxxxxxxxx>
Subject: Re: X.509 certificate and its subject name field
From: Stephen Kent <kent@xxxxxxx>
Date: Wed, 28 May 1997 16:02:53 -0400
Cc: ietf-pkix@xxxxxxxxxx, ssl-talk@xxxxxxxxxxxx
In-reply-to: <>
References: Nick Pope <pope@secstan.demon.co.uk> "Re: X.509certificate and its subject name field" (May 28, 11:34am) Stephen Kent<kent@bbn.com> "Re: X.509 certificate and its subject name field"(May 27 1:46pm) <>

Shyh-Wei Luan,

	A driver's license number would be a fine DN component for a state
issuing the cert equivalent of licenses; it need not be put in the Sub UID
field.  Look at the SET spec and note how they handled this issue based on
credit card numbers.

	Still, the issue is that an arbitrary Subject UID value makes for a
terrible ACL entry, by itself.  It creates a tremendous opportunity for
management errors, as one cannot look at the ACL entry to figure out who is
authorized to do what.  Instead, one must go through a (trusted) mapping
form Subject UID to Subject name.  That is the point several of us have
been making.

Steve

Follow-Ups:
- Re: X.509 certificate and its subject name field
  - From: Marc Branchaud

References:
- Re: X.509 certificate and its subject name field
  - From: Nick Pope
- Re: X.509 certificate and its subject name field
  - From: Shyh-Wei Luan

Prev by Date: Re: X.509 certificate and its subject name field
Next by Date: Re: X.509 certificate and its subject name field
Previous by thread: Re: X.509 certificate and its subject name field
Next by thread: Re: X.509 certificate and its subject name field
Index(es):
- Date
- Thread