[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can ID be different than SubjectAltName field of theCertifica te

To: "Mason, David" <David_Mason@nai.com>
Subject: Re: Can ID be different than SubjectAltName field of theCertifica te
From: Bronislav Kavsan <bkavsan@ire-ma.com>
Date: Tue, 12 Jan 1999 09:50:23 -0500
CC: "'ipsec@tis.com'" <ipsec@tis.com>
References: <447A3F40A07FD211BA2700A0C99D759B05CEA2@md-exchange1.nai.com>
Sender: owner-ipsec@ex.tis.com

> I would suggest extracting the SubjectAltName from the certificate
> and using that to key into your Policy database.

Which one? Certificate may have multiple SubjectAltNames (IP Address, FQDN,
USER_FQDN). ID payload is useful at least in this case by specifying ID Type to
help extracting corresponding SubjectAltName from the certificate.

Otherwise - I agree - the rest of the ID payload is useless in the presence of
the certificate payload.

Slava

References:

RE: Can ID be different than SubjectAltName field of theCertificate

From: "Mason, David" <David_Mason@nai.com>

Prev by Date: Re: Can ID be different than SubjectAltName field of theCertificate
Next by Date: RE: Can ID be different than SubjectAltName field of theCertificate
Prev by thread: RE: Can ID be different than SubjectAltName field of theCertificate
Next by thread: I-D ACTION:draft-ietf-ipsec-sps-00.txt
Index(es):
- Main
- Thread