[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certificate and its subject name field

To: Peter Williams <peter@xxxxxxxxxxxx>
Subject: Re: X.509 certificate and its subject name field
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 29 May 1997 12:26:35 -0400
Cc: ietf-pkix@xxxxxxxxxx
In-reply-to: <>
References: <><>

Peter,

	The cert fingerprint is a useful notion, when used in conjunction
with the rest of the DN.  By itself, it's an awful way to identify a user,
as it is not at all descriptive. It also fails to sastisfy one of the
attrributes that Marc and some others desire.  Specifically, a change to
any part of the cert will result in a new finmgerprint, and this means that
even if the user in question is still authorized, a largely irrelevant
change to the cert would invalidate the ACL entry.  I'm not suggesting a
better, single value to use, just pointing out that there may be no simple,
single attribute that will satisfy all of the criteria being proposed.

Steve

Follow-Ups:
- Re: X.509 certificate and its subject name field
  - From: Anil R. Gangolli

References:
- Re: X.509 certificate and its subject name field
  - From: Stephen Kent
- Re: X.509 certificate and its subject name field
  - From: Stephen Kent
- Re: X.509 certificate and its subject name field
  - From: Peter Williams

Prev by Date: Re: X.509 certificate and its subject name field
Next by Date: Re: Problems with my last message about ASN.1 :(
Previous by thread: Re: X.509 certificate and its subject name field
Next by thread: Re: X.509 certificate and its subject name field
Index(es):
- Date
- Thread