[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X.509 certificate and its subject name field

To: Marc Branchaud <marcnarc@xxxxxxxxx>
Subject: Re: X.509 certificate and its subject name field
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 29 May 1997 18:16:59 -0400
Cc: ietf-pkix@xxxxxxxxxx, ssl-talk@xxxxxxxxxxxx
In-reply-to: <>
References: <>

Marc,

	My most recent response to Shyh-Wei(biy, is that ambiguous!) and
David Kemp's recent message  (slightly lkess ambuguous), for further
comments on these issues.  I don't mean to suggest that the matter is all
worked out and ought not be discussed, but several members of this WG have
spent some time looking into these issues and we are trying to provide some
of the rationale that motivated the decision to denigrate the use of the
SUID field.  The only comment I've heard so far that suggests it might be
worth revisiting this matter is the obesrvation that we have broadened the
scope of names that can be used for the subject (by having a null Subject
field and relying on an AltSubjectName extension).  There is still the
assumption that these other name forms are unique, like DNs, but they each
have different properties and thus not all of the arguments given for why
DNs are good ACL entries (better than SUIDs) are applicable.  Still, I
think the burden of proof is on anyone suggesting a change of the spec to
show why, for any of these other name forms, the SUID-ACL entry approach is
a good one.

Steve

References:
- Re: X.509 certificate and its subject name field
  - From: Stephen Kent
- Re: X.509 certificate and its subject name field
  - From: Marc Branchaud

Prev by Date: Re: X.509 certificate and its subject name field
Next by Date: Re: X.509 certificate and its subject name field
Previous by thread: Re: X.509 certificate and its subject name field
Next by thread: Re: X.509 certificate and its subject name field
Index(es):
- Date
- Thread