[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Q] AuthorityKeyIdentifier Question

To: ietf-pkix@xxxxxxx
Subject: [Q] AuthorityKeyIdentifier Question
From: dmitry@xxxxxxxxxxxxxx (Dmitry Dolinsky)
Date: Fri, 12 Feb 1999 11:51:37 -0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Hi all,

I have a question about matching authorityCertIssuer in
AuthorityKeyIdentifier extension with authority certificate.

I understand authorityCertIssuer has to match issuer (and/or?)
issuerAltName of the issuer certificate. Since authorityCertIssuer is
GeneralNames and issuer is a Name (distinguished name), in what manner one
should be matched against the other?

Alternatively, if authorityCertIssuer is supposed to be matched only with
issuerAltName, which is GeneralNames, doesn't it mean that presence of
authorityCertIssuer in the subject's certificate requires the presence of
issuerAltName in the issuer's certificate and the presence of
subjectAltName in the issuer issuer's certificate.

The clarification will be really appreciated.

--Dmitry

Prev by Date: RE: Usage of CRL Issuing Distribution Point
Next by Date: RE: Usage of CRL Issuing Distribution Point
Previous by thread: Comments to Qualified Certificates draft
Next by thread: A white paper on directory based messaging and transaction systems FYI
Index(es):
- Date
- Thread