Re: Can ID be different than SubjectAltName field of theCertificate

[Tamir Zegman <zegman@checkpoint.com>]

In aggressive mode, the initiator ID is sent before the responder has a chance
to send his certificate request. Therefore, if we adhere to this restriction, an
aggressive mode initiator will
have to choose the certificate before receiving the certificate request from the
responder. This restricts aggressive mode
with certificates to scenarios in which the responder know in advance the CA the
responder trusts.
While aggressive mode has other restrictions, do want want to impose more?
What do we have to gain from having the same content in both ID payload and
subjectAltName?

Tamir and Moshe.

Rodney Thayer wrote:

> Not if you want to use the ID payload to decide what certificate to use,
> so no.
>
> At 07:13 PM 1/5/99 -0500, you wrote:
> >Hi All,
> >
> >When we use Certificates for authentication, can the ID payload be IP address
> >and the
> >subjectAltName field in the certificate be rfc822name?
> >
> >Thanks in advance
> >Sashidhar Annaluru
> >avs@lucent.com
> >
> >
> >

---

Follow-Ups:

• Re: Can ID be different than SubjectAltName field of theCertificate
• From: Bronislav Kavsan <bkavsan@ire-ma.com>

References:

• Re: Can ID be different than SubjectAltName field of the Certificate
• From: Rodney Thayer <rodney@internetdevices.com>

---

• Prev by Date: Re: Test Vectors
• Next by Date: Re: Can ID be different than SubjectAltName field of theCertificate
• Prev by thread: Re: Can ID be different than SubjectAltName field of the Certificate
• Next by thread: Re: Can ID be different than SubjectAltName field of theCertificate
• Index(es):
  • Main
  • Thread