I am in complete agreement with Al. I looked at this issue back when the
drafts were first getting started and I was just scared by the concept of
allowing more that I could reasonably verify into the RFC822 address field.
I had a chance as a mail program of looking at the RFC822 name, but not all
of the "comments" that go along with it. While I agree that there may be
some issues for display of RFC822 names vs the comment fields that are in
messages, I think this is true no matter what is done and is more of a
presentation/application issue than a standard issue. This is one of the
things that different applications will do well or not do well, but should
not really be part of the standard. We have the ability to look at and
think about the RFC822 name (or what ever type of name is being used as the
delivery address i.e. an X500 name in the Microsoft Exchange Server world),
but have no way of doing any type of reasonable verification on the comment
sections. Lets just leave things the way they are.
jim
-----Original Message-----
From: Al Arsenault [mailto:awa1(_at_)home(_dot_)com]
Sent: Tuesday, December 21, 1999 6:50 PM
To: Paul Hoffman / IMC
Cc: ietf-smime(_at_)imc(_dot_)org
Subject: Re: Mail addresses in S/MIME certs
Paul Hoffman / IMC wrote:
At the DC IETF meeting, Bob Jueneman brought up the issue
of different
certs for the same address. For instance, two people might
use one email
address and thus want different certificates. The current
S/MIME and PKIX
specs allow the email address, not the informational kruft
around it, in
the subjectAltName for a cert.
Do we want to change this? The arguments we heard against
this in the PKIX
group included:
- A CA might check the validity of the email address but
not the name
- The many formats for the additional information are
incredibly confusing
and likely to promote lack of interoperability
The arguments in favor of using full addresses include:
- Ability for multiple people with access to the mailbox to
have unique
certificates
- Increased identification for systems that do more than
just check the mailbox
Comments?
--Paul Hoffman, Director
--Internet Mail Consortium
Count me in the
"The many formats for the additional information are incredibly
confusing and likely to promote lack of interoperability"
camp. This, combined with the fact that that cruft is almost
infinitely
changeable today, and almost never checked by anybody, seems
to me to be
a sure guarantee of interoperability problems.
I don't have any philosophical objections to allowing this,
though, and
if the S/MIME vendors are convinced that they can get it
right and make
it all interoperate, I'm willing to be outvoted. But it just
strikes me
as begging for a failure to communicate.
Al Arsenault