[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IETF-PKIX] Question about SubjectAltNames
Jim,
X.520 indicates that commonName is a reasonable solution. It
states that:
"The Common Name attribute type specifies an identifier of an object.
A Common Name is not a directory name; it is a (possibly ambiguous)
name by which the object is commonly known in some limited scope
(such as an organization) and conforms to the naming conventions of
the country or culture with which it is associated."
This seems to cover your need. Examples are also given there:
"Examples:
CN = "Mr. Robin Lachlan McLeod BSc(Hons) CEng MIEE";
CN = "Divisional Coordination Committee";
CN = "High Speed Modem".
Phil
--
Phillip H. Griffin Griffin Consulting
asn1@mindspring.com ASN.1-SET-Java-Security
919.828.7114 1625 Glenwood Avenue
919.832.7008 [mail] Raleigh, North Carolina 27608 USA
------------------------------------------------------------
Visit http://www.fivepointsfestival.com
------------------------------------------------------------
Jim Schaad (Exchange) wrote:
>
> I have a situation where the subject DN for a certificate does not
> contain a good displayable name for the person that the certificate is
> issued for. I would put a displayable name of some type in the
> subjectAltName field, but cannot figure out how this should work. This
> is no such thing as a Universial Name field in the GeneralName
> structure. Is the correct way to go about this to create an x500Address
> with a cn field? or somthing else? I've looked in serveral places and
> cannot figure this out. I would expect due to the uniqueness of a
> Subject DN that this problem may crop up in more that one context. Is
> this something that needs to be addressed in the PKIX documents?
>
> jim schaad