Re: CA Names

Paul,

        You may recall that 1422 specifies that the IPRA-maintained
database to detect DN conflicts calls for a canonical representation
of DNs in that database to avoid the concern you cited.  The specific
canonical form was described in a detailed message that is not part
of the RFC but was exchanged among those of us worrying about how
to  build and operate this database.  This form called for removal
of all whitespace and transformation into all lower case.

        I spoke with Mike Roe and he believes that a properly
functioning DSA would refuse to create an entry for an entity with the
same canonical DN as an existing entry, under the matching rules.
This alleviates my concerns about using these rules for matching in
local caches, IF we operate the IPRA database (which could be a
DSA) to catch potential DN conflicts, as specified in 1422.

Steve

<Prev in Thread]	Current Thread	[Next in Thread>
Re: CA Names, warwick (w.s.) ford Re: CA Names, Russ_Housley . McLean_CSD Re: CA Names, Wolfgang Schneider Re: CA Names (text format of names, really), Christian Huitema Re: CA Names, warwick (w.s.) ford Re: CA Names, Paul C. Clark Re: CA Names, Steve Kent <= Re: CA Names, Paul C. Clark Re: CA Names, Stephen D Crocker Re: CA Names, Steve Kent Re:CA Names, jueneman%wotan Re: CA Names, Stephen D Crocker Re: CA Names, Amanda Walker Re: Re: CA Names, jueneman%wotan Re: CA Names, Stephen D Crocker Re: CA Names, Mike Roe Re: CA Names, Jeff Kimmelman

Previous by Date:	Re: CA Names, Jeff Kimmelman
Next by Date:	Re: Use of PEM increasing?, John Lowry
Previous by Thread:	Re: CA Names, Paul C. Clark
Next by Thread:	Re: CA Names, Paul C. Clark
Indexes:	[Date] [Thread] [Top] [All Lists]