[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Showing Nationality in Cert
- To: "Vickers, Randal R" <vickersr@xxxxxxxxxxxx>, "PKIX Mailing List (E-mail)" <ietf-pkix@xxxxxxx>
- Subject: Re: Showing Nationality in Cert
- From: Stefan Santesson <stefan@xxxxxxxxxxx>
- Date: Tue, 20 Jul 1999 22:14:17 +0200
- Cc: "Flanigan, Bill" <flanigab@xxxxxxxxxxxx>, "Friedrichs, Paul" <FriedriP@xxxxxxxxxxxx>, "Nelson, Lee" <nelson2l@xxxxxxxxxxxx>, "Sam Schaen (E-mail)" <schaen@xxxxxxxxx>, "Jamil Nimeh (E-mail)" <nimeh@xxxxxxxxxxxxxxxxxxx>
- In-reply-to: <>
This depends what you want to do.
If you just want to add citizenship as additional information to the
subject DN then I agree with Russ and Bill that you use
SubjectDirectoryAttribute.
If you, however wish to store a complete identity record, describing an
identity of a person, the Qualified Certificate draft has created a name
field placed in subjectAltName extension under OtherNames.
This field is named the PersonalData field and has defined attributes for
CountryOfCitizenship.
The complete list of defined attributes for this field is:
countryName;
givenName;
surname;
pseudonym;
dNQualifier;
dateOfBirth;
placeOfBirth;
gender;
postalAddress;
countryOfCitizenship; and
countryOfResidence.
You can use any subset of these attributes. But in order to use this field,
the present attributes from this list must form a unique identity (in order
to satisfy overall requirements for the SubjAltName extension).
You can find the latest preliminary QC draft at:
http://www.accurata.se/QC/documents/draft-ietf-pkix-qc-01prel_07.txt
A new draft will be submitted officially within 2 weeks.
After this the draft will got to last call (according to plan).
/Stefan
At 10:40 AM 7/17/99 -0400, Vickers, Randal R wrote:
>I work with the US DoD PKI engineers at the Defense Information Systems
>Agency. Requirements from the Assistant Secretary of Defense for C3I state
>that we must show citizenship or nationality (symantics) in the cert. My
>question is what extension does anyone reccommend placing it in. We have
>looked at subjectDirectoryattribute and one of the extensions below
>subjectAlternatename. We are not locked into any one thing as long as it is
>standards based.
> Thanks
> Randal Vickers
-------------------------------------------------------------------
Stefan Santesson <stefan@accurata.se>
Accurata AB http://www.accurata.se
Slagthuset Tel. +46-40 108588
211 20 Malmö Fax. +46-40 150790
Sweden Mobile +46-70 5247799
PGP fingerprint: 89BC 6C79 5B3D 591B 8547 1512 7D11 DBF4 528F 29A0
-------------------------------------------------------------------