names in certificates for IPSec...?

[Rodney Thayer <rodney@tillerman.nu>]

Anyone have ideas on how large a name for an IPSec certificate should be?  How many parts (surname, organization, organizational unit, country, etc.) should it have?  How big should each entry be allowed to be?

I am interested in what IPSec users and implementors want, _not_ what certificate engine vendors are selling.  For example, the fact some CA's jam copyright notices, nutritional information, and galactic polar coordinates into these things is not relevant.

I was thinking of this:

max 16 entries
max 256 characters each entry

Also, does this work for non-US names?  I am not sure how non-US names should be stored in this, and I was present when someone from Japan pointed out we kind of got this wrong in the Open PGP work at the IETF meeting.

---

Follow-Ups:

• Re: names in certificates for IPSec...?
• From: Dan McDonald <danmcd@Eng.Sun.Com>
• Re: names in certificates for IPSec...?
• From: Alex Deacon <alex@verisign.com>

---

• Prev by Date: updated draft-ietf-ipsec-ciph-cbc-03.txt
• Next by Date: Re: names in certificates for IPSec...?
• Prev by thread: updated draft-ietf-ipsec-ciph-cbc-03.txt
• Next by thread: Re: names in certificates for IPSec...?
• Index(es):
  • Main
  • Thread