[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions

To: IETF-PKIX@xxxxxxxxxxxxxxxx
Subject: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
From: Peter Lipp <plipp@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Mar 1998 17:46:28 +0100
Approved-by: Peter Lipp <plipp@IAIK.TU-GRAZ.AC.AT>
Reply-to: Peter Lipp <Peter.Lipp@xxxxxxxxxxxxxxxxxx>
Sender: "IETF X.509-based public key infrastructure mailing list" <IETF-PKIX@xxxxxxxxxxxxxxxx>

>And I think pretending that a bare email address is verified
>and belongs to the named user is quite an opportunity for confusion.

Agreed. Obviously it might be the case that the comment field can be verified
and the email-adress not.

What I'd like to see is that the full SubjectAltName is verified, i.e. if
it contains a comment that this also is verified - or it's non-verified, then
both parts are not verified. The CPS specifies which way a CA does it.
Mixed-mode seems to be a good source of confusion, and while of course
specifyable in the CPS, I'd rather avoid it.

Peter

Prev by Date: Re: [IETF-PKIX] Comments on Malpani and PKIX OCSP drafts
Next by Date: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and
Previous by thread: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
Next by thread: Re: [IETF-PKIX] RFC 822 names in SubjectAltName and other extensions
Index(es):
- Date
- Thread