Following are two further X.509 certificate extension fields I would
like to propose:
(1) Internet Mail Address
This extension has the ASN.1:
InternetMailAddress ::= PrintableString
This extension is non-critical.
I would propose that this extension be incorporated into a revised RFC
1422, i.e., registered by the IETF (not ISO).
(2) Printable Subject Identifier
This extension has the ASN.1:
PrintableSubjectId ::= PrintableString
This extension is non-critical. Its purpose is to provide a string
suitable for display in user interfaces, e.g., when advising a
signature-verifying user of the identity of the signing party.
I would propose that this extension also be incorporated into a revised
RFC 1422. However, being universally useful, it could also be
incorporated in the ISO standard.
Warwick
Warwick,
A couple of comments:
I certainly agree with the Internet e-mail address extension, after all of the
arguments over the last year of civil naming structure vs. every other possible
alternative. However, we should be sure that the character set and other
"trivial" details will support non-Internet networks, so that we don't
accidentally discriminate against someone's gateway, whether X.400, bitnet,
etc. Particularly in this day and age of NAFTA, we don't want to rule out
c-cadillas and n-tildes (at least until we see which way the elections go!)
If the (a) hack has to be used because of an awkward choice of character set,
then at a minimum a careful caution should be added to the text. But I will
leave such arcane details to the character set specialists.
I have a few more misgivings about the intent of the printableSubjectID. First
of all, if the intent is to allow the user to specify his own name, etc., in a
"human readable, user friendly" fashion, then support for international
character sets are even more important than in the email address case.
But aside from the syntax, I'm not sure that I understand the semantics. I am
worried that the user might say one thing in the fairly precise distinguished
name field, and then say something rather different in the "user friendly"
field. Since the CA is supposed to certify these fields, we are supposed to
believe that they are "true", or at a minimum at least globally unambiguous.
But if these names are not qualified by the use of the CA's name, that may be
very difficult to assure.
Could you take a stab at a semantic definition, and offer several diverse but
concrete examples?
Robert R. Jueneman
Mgr., Secure Systems
Wireless and Secure Systems Laboratory
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Internet: Jueneman(_at_)gte(_dot_)com
Voice: 1-617-466-2820 (rolls over to cellular if no answer -- have patience)