-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Thursday, July 31, 2003 12:37 PM
To: blake(_at_)brutesquadlabs(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject: RE: RFC2632bis and subjectAltName
In practice, if there is not an email address in the certificate, the
client needs to have additional stuff to bind email addresses to
certificates. This could be done in an address book or elsewhere.
I agree. This is the way I've written all my clients -- it's an
arbitrary binding of any certificate to any email address at the agent
level ("agent" has been both standard email clients and S/MIME-enabled
servers in my case). An email address present in the certificate is
just a hint to me that I should probably bind it to that email address
-- the actual binding is a matter of configuration.
What needs to go in the document?
Dunno -- I didn't bring this up ;). There are other messages in this
thread that might be relevant, specifically from Tony Capel and Alberti
Antoine.
Blake