[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [IETF-PKIX] Subject/Issuer Name Population
Andreas Berger wrote:
> Tim Polk wrote:
> > I have attached proposed text for the issuer and subject name sections.
> >
> > Highlights:
> >
> > (1) issuer name is required (that is, may not be an empty SEQUENCE).
> Do we need this or can we loosen it a little? I am thinking of CAs that
> just have DNS name (which is also hierarchical and unique and thus
> similar to a DN)? Should we say that the name should be globally unique
> and that only on alternative name should be present if the DN is empty?
I support this approach.
> > (2) subject name is required for CA certs. (This means you never chain off
> > altnames!)
> see above.
The same.
(further text deleted)
Regards,
Denis
--
Denis Pinkas Bull S.A. mailto:Denis.Pinkas@bull.net
Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87
78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21