[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Qualified Certificates draft - Country name

To: "Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>, <tgindin@xxxxxxxxxx>
Subject: RE: Qualified Certificates draft - Country name
From: Stefan Santesson <stefan@xxxxxxxxxxx>
Date: Sat, 27 Feb 1999 16:51:59 +0100
Cc: <samiklo@xxxxxxxxxxxxxx>, ietf-pkix <ietf-pkix@xxxxxxx>, Stephen Kent <kent@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

All,

I would like to clarify the scope of the draft.

It is NOT the intent of the draft to specify how a meaningful identity
should be composed.

Period.

It is though the intent of the draft to specify a well defined structure
within which any useful identity information could be expressed according
to the issuers and the key holders preferences.

The qualified certificate has two different compartments for subject
identity information.
1) The subject field
2) The PersonalData field (stored in subjextAltName extension as a new
information construct stored under otherNames.)

The main purpose of the subject field is to hold a "technical name"
fulfilling all technical requirements that might be imposed on the
certificate with respect to presence of a unique X.500 type of name. This
name may or may not be suitable as the subjects preferred legal name
(unmistakable identity).

The optional PersonalData field has the main purpose of providing means to
express a legal name in cases where the subject field is not sufficient for
this purpose. The advantage of this approach is to free the subject field
of strange attributes and semantics necessary for expressing the legal name.

So, this debate is about whether the countryName attribute in the subject
field (the technical name)shall be mandatory or optional. Keep in mind that
any country information as part of the legal name can be handled in the
PersonalData field regardless of what is done in the subject field.

This gives the conclusion that what we decide in the subject field (as
mandatory or not), should only be based on technical requirements from
X.500 directory systems and similar, not from requirements on legal name
forming.

Based on this presumption I would appreciate a consensus in this subject.

/Stefan




-------------------------------------------------------------------
Stefan Santesson                <stefan@accurata.se>
Accurata Systemsäkerhet AB     
Lotsgatan 27 D                  Tel. +46-40 152211              
216 42  Malmö                   Fax. +46-40 150790              
Sweden                        Mobile +46-70 5247799

PGP fingerprint: 89BC 6C79 5B3D 591B 8547  1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------

Follow-Ups:
- Comments on Qualified Certificates draft (incl. countryName)
  - From: Juergen Walter

Prev by Date: NIST Reference Implementation available
Next by Date: OCSP Service Locator and RFC2459's Authority Information Access
Previous by thread: RE: Qualified Certificates draft - Country name
Next by thread: Comments on Qualified Certificates draft (incl. countryName)
Index(es):
- Date
- Thread