[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] Question about SubjectAltNames

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] Question about SubjectAltNames
From: Bob Jueneman <BJUENEMAN@xxxxxxxxxx>
Date: Wed, 3 Dec 1997 11:10:24 -0700
Comments: To: sharon.boeyen@ENTRUST.COM
Reply-to: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

Sharon,

>>>> Sharon Boeyen <sharon.boeyen@ENTRUST.COM> 12/03 6:01 AM >>>
>Bob
>
>Shades of NADF all over again - isn't it!

Deja vu..  You can pay me now, or you can pay me later, but these problems
are going to have to be solved.

>
>At the Washington PKIX meeting, one of the topics which will be
>discussed is whether or not the PKIX WG should define the minimum
>requirements of a schema for support in the directory environment. If
>that work does progress, I personally do not expect it to be a full
>directory schema definition (primarily because in many environments the
>PKI schema components need to fit into a larger schema which addresses
>multiple applications), however I believe there is utility in defining
>the minimum requirements for PKI purposes. I haven't given a lot of
>thought yet to what requirements of names there might be but  we'd be
>defining this schema with directory deployment so that probably would
>dictate a general direction for that piece of work.
>>
>Several people have indicated over the past 6 months or so that they
>think
>some schema work for PKIX would be useful and help move us forward in
>the area of interoperability, so I personally suspect this work item
>will progress (of course there's always the question of whether it
>belongs in the PKIX WG or elsewhere in the IETF). My opinion is that it
>should be tackled in the PKIX WG because that's where the understanding
>of the requirements is.

I'm not going to be able to make the December meeting, but I would certainly
put in my vote to make this a work item -- I think it will be necessary for
interoperability.

Of course the best of all worlds would be dynamic attribute definitions
distributed via the directory, but what good would that do without a
definition of the semantics?

Bob

Robert R. Jueneman
Security Architect
Novell, Inc.
Network Services Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com

"If you are trying to get to the moon, climbing a tree,
although a step in the right direction, will not prove
to be very helpful."

"The most dangerous strategy is to cross the chasm in two leaps."

Prev by Date: Re: [IETF-PKIX] OCSP using SSL/https
Next by Date: Re: [IETF-PKIX] digitalSignature vs. nonRepudiation
Previous by thread: Re: [IETF-PKIX] Question about SubjectAltNames
Next by thread: [IETF-PKIX] OCSP v CRLs over HTTP
Index(es):
- Date
- Thread