ietf-smime
[Top] [All Lists]

More comments on the certs draft

1997-10-31 11:06:25
I have been debating this with myself for a couple of weeks now, and
after talking to some of the other S/MIME developers at the IMC S/MIME
interop event I am going to raise this issue.

It is unclear to me that we should be suggesting/requring support for
building certificate chains on any thing other than the Subject/Issuer
DN chaining.  This means that I am proposing that we will eliminate all
text which is refering to the use of subjectAltName and issureAltName
for the building of certificate chains.

I think that for the S/MIME V3 spec. we need to look closer at the set
of certificate chaining models which are proposed by the PKIX people.
However at this time I think that the set of models is sufficiently
unclear that we don't want to push any given model.  Given that the DN
chaining is a MUST under the current spec and any other methods do not
provide ensured compatability I think that we should remove them. 

Suggested Changes:

Section 2.3
Receiving agenst [sic] MUST support chaining based on the distinguished
name fields.  Other methods of building certificate chains may be
supported but are not currently recommended.



<Prev in Thread] Current Thread [Next in Thread>
  • More comments on the certs draft, Jim Schaad (Exchange) <=