[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Qualified Certificates draft - Country name

To: "Miklos, Sue A." <samiklo@xxxxxxxxxxxxxx>, ietf-pkix@xxxxxxx
Subject: RE: Qualified Certificates draft - Country name
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Mon, 22 Feb 1999 15:49:04 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Sue,

You have a point. We have had this issue up before (with NATO as example,
brougt up by Al Arsenault) and we said "-Well lets start with countryName
mandatory and see what reactions we get"

I feel rather convinced now that countryName should NOT be mandatory.

We will discuss this issue on the next IETF meeting.

/Stefan

At 09:03 AM 2/22/99 -0500, Miklos, Sue A. wrote: 
RE: SEIS:  RE: Comments to Qualified Certificates draft 

Please forgive what may be an ignorant question, but when I saw the Country
= mandatory, I became confused.   

I am thinking about international organizations (Red Cross, NATO, etc) that
do not wish to include a country in the name, as there is no singular
country 'owning' that name space.  The implementations have left that field
blank and go directly to the Organization = element of the name.   

Is this configuration supported?  If you are only working in the individual
name space, please forgive my potentially misinformed comment.   

Sandi 

---------- 
From:   Stefan Santesson[SMTP:stefan@accurata.se] 
Sent:   Friday, February 19, 1999 10:07 AM 
To:     Anders Rundgren 
Cc:     'SEIS-List'; wpolk@nist.gov; gloeckner@darmstadt.gmd.de 
Subject:        SEIS:  RE: Comments to Qualified Certificates draft 

--- Message on the SEIS mailing list (list@seis.nc-forum.com) 

Sorry, My fault. 

You are right. Country IS mandatory. 
Guess we have to think about that. I still think it makes sence to keep it 
there. 

/Stefan 

At 03:26 PM 2/19/99 +0100, Anders Rundgren wrote: 
>Hi,  
>Verbatim from the draft: 
>
>The subject field SHALL include one of the following choices of sets of 
>mandatory attributes: 
>Choice  I:  countryName commonName 
>Choice II:  countryName givenName surname 
>
>>The CountryName attribute is optional. If you find it redundant, then leave 
>>it out. There are on the other hand many certificates that do use this 
>>attribute so I would not prevent it from being used. 
>
>So SHALL and mandatory is to be interpreted as optional?  Mandatory is 
equivalent to MUST 
>at least outside of the PKIX-world. 
>
>>The purpose of the example certificate is only to show an example of how 
>>the profile may be implemented. It does NOT imply that the present 
>>attributes SHALL be present in any speciffic application. 
>
>I just wanted to express my view that the example was "untypical" . 
>
>For those who are a little bit leaning towards the practical side of 
things it does not 
>hurt with more than one example and maybe even mention what the example
could 
>be used for.  Naturally stating that they are just an examples and should 
not be 
>interpreted as policies, rules, recommendations, or whatever. 
>
>>>On a physical card personal data may be of interest to establish the 
>>connection between the person and 
>>>the card/certificate.  But what is inside the certificate, is a different 
>>story. 
>
>>I guess I lost you here. 
>
>What I said was just that the contents of a QC do not have to match its 
container in the way a SEIS ID-card does. 
>This is indeed very interesting to discuss given all projects in the 
making (SEIS, Germany, Finland, and Estonia). 
>
>>>Just my 2 öres. 
>>(What does this mean???? ;-) ) 
>
>I think it means something like "My opinion for what it is worth" 
>
>Anders Rundgren 
>Senior Internet e-commerce Architect 
>
>
>
------------------------------------------------------------------- 
Stefan Santesson                <stefan@accurata.se> 
Accurata Systemsäkerhet AB      
Lotsgatan 27 D                  Tel. +46-40 152211               
216 42  Malmö                   Fax. +46-40 150790               
Sweden                        Mobile +46-70 5247799 

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0 
------------------------------------------------------------------- 

----------------- SEIS mailing list (list@seis.nc-forum.com) 
Info about this list:
<http://www.nc-forum.com/seis>http://www.nc-forum.com/seis 
SEIS Contact: info@seis.se 




-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB     
Lotsgatan 27 D                  Tel. +46-40 152211              
216 42  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Prev by Date: RE: Comments to Qualified Certificates draft
Next by Date: RE: Finding PKIX Servers!
Previous by thread: cRLIssuer names and management domain correlation
Next by thread: RE: Qualified Certificates draft - Country name
Index(es):
- Date
- Thread