[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another query on draft-ietf-ipsec-pki-req-03.txt

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Another query on draft-ietf-ipsec-pki-req-03.txt
From: "Walker, Jesse" <jesse.walker@intel.com>
Date: Tue, 19 Oct 1999 08:06:49 -0700
Sender: owner-ipsec@lists.tislabs.com

Section 3.2 says
	The subject field in IPsec certificates SHOULD be populated and
non-null
	(this is contrary to the PKIX certificate profile, which says
thatthe subject
	MUST NOT be populated if the identification is in thesubjectAltName
	field). The exact contents of this field are notstandardized. By
convention, a
	minimal subject field containscountryName and commonName.
Distinguished
	names SHOULD be no more thanfour attribute/value pairs, each of
which
	SHOULD be no more than 128 characters in length (these restrictions
do
	not appear in the PKIXcertificate profile). An IKE implementation
that
	conforms to thisprofile SHOULD NOT reject a certificate that does
not
	follow theserules.

Why? The rationale for this requirement is not immediately obvious.

Prev by Date: Query on draft-ietf-ipsec-pki-req-03.txt
Next by Date: RE: I-D ACTION:draft-ietf-ipsec-pki-req-03.txt
Prev by thread: RE: Query on draft-ietf-ipsec-pki-req-03.txt
Next by thread: Check this
Index(es):
- Main
- Thread