[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A web of directories

To: "Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>
Subject: Re: A web of directories
From: Francois Rousseau <f.rousseau@xxxxxxx>
Date: Wed, 24 Feb 1999 09:03:46 -0500
Cc: <kent@xxxxxxx>, <ietf-pkix@xxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Bob,

As I have previously suggested as solution to your requirement, I think
Steve meant the Authority Information Access (AIA) extension from section
4.2.2.1 of RFC 2459, which may be included in subject or CA certificates.

This proposed sub-type (i.e. id-ad-repository) would be included in
subject's certificates and could be used to associate an Internet style
identity for the location of the repository to retrieve the issuer's
certificate in cases where such a location is not related to the issuer's
name.

Francois Rousseau
AEPOS Technologies

Bob Jueneman wrote:
[clip]
>I confess that I don't recall the AAI extension, at least by that acronym.  
>Can you give me a reference to it?  If it will work, I'm happy.
>
>Bob
>
>
>>>> Stephen Kent <kent@bbn.com> 02/23/99 10:04AM >>>
>Bob,
>
>Aw, come on now, Bob.  DN's are NOT intended to include pointers to
>directory servers.  They are names within the DIT.  Don't try to shoehorn
>other info into a DN just because the GeneralName form allows other forms
>of IDs.  I agree with the suggestion that one could use the AAI extension
>with an appropriate sub-type.  (Actually, a previous version of PKIX Part
>1, which allowed for end-entity info rather than CA info makes more sense
>here, but we seemd to have lost that distinction along the way.)
>
>Steve

References:
- Re: A web of directories
  - From: Bob Jueneman

Prev by Date: Bug in RFC 2459
Next by Date: RE: CMC Comments?
Previous by thread: Re: A web of directories
Next by thread: RE: A web of directories
Index(es):
- Date
- Thread