ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mail addresses in S/MIME certs

1999-12-21 08:02:50
from [Paul Hoffman / IMC] [Permanent Link]
At the DC IETF meeting, Bob Jueneman brought up the issue of different certs for the same address. For instance, two people might use one email address and thus want different certificates. The current S/MIME and PKIX specs allow the email address, not the informational kruft around it, in the subjectAltName for a cert.
Do we want to change this? The arguments we heard against this in the PKIX group included: 
- A CA might check the validity of the email address but not the name
- The many formats for the additional information are incredibly confusing and likely to promote lack of interoperability 
The arguments in favor of using full addresses include:
- Ability for multiple people with access to the mailbox to have unique certificates 
- Increased identification for systems that do more than just check the mailbox

Comments?

--Paul Hoffman, Director
--Internet Mail Consortium
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Final 11 November 1999 S/MIME WG Minutes, Pawling, John
Next by Date:  Re: Mail addresses in S/MIME certs, Frank W. Nolden
Previous by Thread:  Final 11 November 1999 S/MIME WG Minutes, Pawling, John
Next by Thread:  Re: Mail addresses in S/MIME certs, Frank W. Nolden
Indexes:  [Date] [Thread] [Top] [All Lists]