[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Comments about Part 2
>3.2.1 CertTemplate definition
>Why are issuer and Subject defined as Name instead of GeneralName?
The definition of Certificate in X.509 uses Name for subject and issuer.
Unless we wish for PKIX to be incompatible with X.509 (and that would
be bad, by definition of PKIX, right? :->), we should continue to use
Name instead of GeneralName for these fields. Note that PKIX pt1
describes an accomodation that works as well, and that is to have null
subject or issuer, with their identity being carried in the
subjectAltName or issuerAltName extension.
>3.2.4 Certificate Identification
>Shouldn't serialNumber be a CertificateSerialNumber?
That seems right, for the sake of complete accuracy (in the end, they
are the same thing, as CertificateSerialNumber is defined as INTEGER).