[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PKIX Part I - Name Constraints

To: Warwick Ford <wford@xxxxxxxxxxxx>
Subject: Re: PKIX Part I - Name Constraints
From: Russ Housley <housley@xxxxxxxxxx>
Date: Thu, 11 Sep 1997 20:56:24 -0400
Cc: ietf-pkix@xxxxxxxxxx
In-reply-to: <>

Warwick:

1.  I would like to encourage the use of alt names.  In my mind, they are
highly preferable to the alternatives.  I'm sure you agree.

2.  To deal with the exception that you propose, we need to add a
dependency between rfc822 alt names and X.500 Distinguished Names.  I do
not like this if we can avoide it.

Russ

At 05:44 PM 9/11/97 -0400, Warwick Ford wrote:
>I wish to propose a minor addition to 4.2.1.11 (Name Constraints) of PKIX
>Part I.  
>
>Regarding RFC822Name, the most common way to convey an e-mail address today
>is as a PKCS#9 e-mail attribute in the subject DN.  Migration to
>subjectAltNames will undoubtedly occcur in time, and the profile correctly
>covers that future.  However, to ensure that the intent of Name Constraints
>is met given current styles of naming, I propose that we additionally state
>that "Restrictions for the rfc822 name form shall also apply to any
>instance of the PKCS#9 E-mail Name attribute type present in a subject DN."
>
>Warwick
>
>---------------------------------------------------------------------
>Warwick Ford, VeriSign, Inc., One Alewife Center, Cambridge, MA 02140
>   wford@verisign.com; Tel: (617)492 2816 x225; Fax: (617)661 0716
>---------------------------------------------------------------------
> 
>

References:
- PKIX Part I - Name Constraints
  - From: Warwick Ford

Prev by Date: Re: PKIX-3 Extensibility
Next by Date: Re: Policy Contraints Object Identifier
Previous by thread: PKIX Part I - Name Constraints
Next by thread: Re: PKIX Part I - Name Constraints
Index(es):
- Date
- Thread