Re: CA Names

Paul,

        My point was exactly that the DER do not include any rules for
modifying the values of attributes, and the canonicalization you are
describing does involve such modification.  Hence the question is
whether there can legitimately exist two distinct DNs that differ in
terms of, for example, capitalization, and which thus are equivalent
in terms of the directory serach rules, but which represent different
entries.  If so, then it would be an error to use the search rules for
automatically select a certificate from a cache with an issuer DN that
is not exactly identical to the issuer DN in a received message, but
which does match under the search rules.  In general, it would seem
dangerous to declare two DNs equivalent when they match under
search rules but really are not identical.

Steve

<Prev in Thread]	Current Thread	[Next in Thread>
CA Names, warwick (w.s.) ford Re: CA Names, Christian Huitema Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent <= Re: CA Names, Russ_Housley . McLean_CSD Re: CA Names, Steve Kent Re: Re: CA Names, jueneman%wotan Re: CA Names, Christian Huitema Re: CA Names, Mike Roe re: CA Names, warwick (w.s.) ford Re: Re: CA Names, jueneman%wotan Re: CA Names, warwick (w.s.) ford

Previous by Date:	Re: re:X.509 extensions, warwick (w.s.) ford
Next by Date:	Re: X.509 extensions, Steve Kent
Previous by Thread:	Re: CA Names, Paul C. Clark
Next by Thread:	Re: CA Names, Russ_Housley . McLean_CSD
Indexes:	[Date] [Thread] [Top] [All Lists]