Re: Can ID be different than SubjectAltName field of theCertificate

[Bronislav Kavsan <bkavsan@ire-ma.com>]

Tamir Zegman wrote:

> What do we have to gain from having the same content in both ID payload and
> subjectAltName?

Tamir,

If the Policy on my server my server (responder in this case)  is key-ed by the
other party ID and I allow ID payload and cert mismatch as you suggested - than
person A could impersonate his boss by sending boss's ID and person's A valid cert.
In this case my policy will select wrong entry in SPD.

> Rodney Thayer wrote:
>
> > Not if you want to use the ID payload to decide what certificate to use,
> > so no.
> >
> > At 07:13 PM 1/5/99 -0500, you wrote:
> > >Hi All,
> > >
> > >When we use Certificates for authentication, can the ID payload be IP address
> > >and the
> > >subjectAltName field in the certificate be rfc822name?
> > >
> > >Thanks in advance
> > >Sashidhar Annaluru
> > >avs@lucent.com
> > >
> > >
> > >

---

Follow-Ups:

• Re: Can ID be different than SubjectAltName field of theCertificate
• From: Tamir Zegman <zegman@checkpoint.com>

References:

• Re: Can ID be different than SubjectAltName field of the Certificate
• From: Rodney Thayer <rodney@internetdevices.com>
• Re: Can ID be different than SubjectAltName field of theCertificate
• From: Tamir Zegman <zegman@checkpoint.com>

---

• Prev by Date: Re: Can ID be different than SubjectAltName field of theCertificate
• Next by Date: Re: Can ID be different than SubjectAltName field of theCertifica te
• Prev by thread: Re: Can ID be different than SubjectAltName field of theCertificate
• Next by thread: Re: Can ID be different than SubjectAltName field of theCertificate
• Index(es):
  • Main
  • Thread