Nice to see you back from vacation, John.
At 02:33 PM 1/6/98 -0800, John Gardiner Myers wrote:
In the message to which I was replying, Paul Hoffman was disagreeing
with this very point. He was espousing a position that it was OK for
the S/MIME specification to allow a conforming CA to issue certs
containing only DN's, yet allow UA's to only recognize RFC822 addresses.
I never said that. What I said was, unless we specify that this part of the
cert spec relates specifically to Internet mail, requiring RFC 822
addresses with no semantics is no more useful than requiring any old string
with no semantics.
John, your argument has changed over the thread, and where you are now is
much clearer than when you started off. At the risk of pissing you off even
further, let me try to summarize what I believe you are now saying:
- We should define the cert contents for certs passed in S/MIME messages
over Internet mail
- In these certs, the identifier must be an RFC 822 name, and cannot be a
DN (subject name null, subjectAltName must have at least an RFC 822
identifier in it)
- That identifier has some semantics. Someone creating a cert must follow
certain rules about the parts of the RFC 822 name. Someone receiving the
cert can be sure of certain things about the RFC 822 name and use that
information to make further inferences about the signer.
I'd like to request that you (John) write these out as a specific wording
changes for the certs draft so that we can talk about a specific, static
proposal. I'd especially like the wording on the semantics of the RFC 822
addresses, since this was a point of concern from other people on the list
and one that was not clear in your early posts.
In general, I would prefer the S/MIME spec to have as little mail-specific
text in it as possible, but am happy if we go the other way as long as we
do it carefully.
--Paul Hoffman, Director
--Internet Mail Consortium