Re: CA Names


I believe that PEM  implementations do have to understand the matching rules,
for the following reason:

Suppose my certificate has:
Issuer c=GB;o=Cambridge University
Subject: c=GB;o=Cambridge University;ou=Computer Lab;cn=Michael Roe

and my CA's certificate has:
Issuer: c=GB;o=JNT Policy CA
Subject: c=GB;o=CAMBRIDGE UNIVERSITY

I can use these two certificates to form a valid certification path up
to the policy CA because the matching rules say that o (organisation)
is caseIgnoreString and hence "Cambridge University"="CAMBRIDGE UNIVERSITY".

However, the certification path checking routine much understand the
matching rules for the naming attributes in order to realise that this
is a valid path,.

Mike

<Prev in Thread]	Current Thread	[Next in Thread>
Re: CA Names, (continued) Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent Re: CA Names, Paul C. Clark Re: CA Names, Stephen D Crocker Re: CA Names, Steve Kent Re:CA Names, jueneman%wotan Re: CA Names, Stephen D Crocker Re: CA Names, Amanda Walker Re: Re: CA Names, jueneman%wotan Re: CA Names, Stephen D Crocker Re: CA Names, Mike Roe <= Re: CA Names, Jeff Kimmelman Re: CA Names, jueneman%wotan Re: CA Names, John Lowry Re: Re: CA Names, jueneman%wotan Re: CA Names, jueneman%wotan Re: CA Names, warwick (w.s.) ford Re: Re: CA Names, jueneman%wotan Re: Re: CA Names, warwick (w.s.) ford

Previous by Date:	Syntax vs. semantics, TCJones
Next by Date:	Re: CA Names (text format of names, really), Christian Huitema
Previous by Thread:	Re: CA Names, Stephen D Crocker
Next by Thread:	Re: CA Names, Jeff Kimmelman
Indexes:	[Date] [Thread] [Top] [All Lists]