[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re:-ipsec-pki-req-03 - subject/subjectAltName

To: rodney@ssh.fi
Subject: Re: Re:-ipsec-pki-req-03 - subject/subjectAltName
From: Paul Koning <pkoning@xedia.com>
Date: Wed, 27 Oct 1999 16:15:31 -0400
Cc: ipsec@lists.tislabs.com
References: <3.0.6.32.19991027121623.00acf780@127.0.0.1>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Rodney" == Rodney Thayer <rodney@ssh.fi> writes:

 Rodney> On the subject of limits to the name, I am afraid I
 Rodney> instigated this.  I thought there were not limits on this in
 Rodney> PKIX.  My point was that we should put in SOME limit on name
 Rodney> length.  If PKIX has something, I don't have a reason to use
 Rodney> a different number.  This allows us to be compatible (or
 Rodney> bug-compatible) with PKIX on this point.

 Rodney> I don't think X.509 is relevant.  It's an ugly old legacy
 Rodney> standard.  PKIX's slavish devotion to it is quaint but we
 Rodney> should move beyond that.  Quoting X.509 specs is not relevant
 Rodney> here, we're not building TP Class 4 over ISO IP...

Agreed. on X.509.  As for name length limits, I agree (with
hesitation).  But 64 is a bit tight for a name limit; look in a Sri
Lanka phone book (or Madagascar, worse yet) for examples...

	paul

References:

Re:-ipsec-pki-req-03 - subject/subjectAltName

From: Rodney Thayer <rodney@ssh.fi>

Prev by Date: Initial Contact
Next by Date: Re: Comments on CRACK
Prev by thread: Re:-ipsec-pki-req-03 - subject/subjectAltName
Next by thread: Re:-ipsec-pki-req-03 - certificate validity
Index(es):
- Main
- Thread