[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re:-ipsec-pki-req-03 - subject/subjectAltName
>>>>> "Rodney" == Rodney Thayer <rodney@ssh.fi> writes:
Rodney> On the subject of limits to the name, I am afraid I
Rodney> instigated this. I thought there were not limits on this in
Rodney> PKIX. My point was that we should put in SOME limit on name
Rodney> length. If PKIX has something, I don't have a reason to use
Rodney> a different number. This allows us to be compatible (or
Rodney> bug-compatible) with PKIX on this point.
Rodney> I don't think X.509 is relevant. It's an ugly old legacy
Rodney> standard. PKIX's slavish devotion to it is quaint but we
Rodney> should move beyond that. Quoting X.509 specs is not relevant
Rodney> here, we're not building TP Class 4 over ISO IP...
Agreed. on X.509. As for name length limits, I agree (with
hesitation). But 64 is a bit tight for a name limit; look in a Sri
Lanka phone book (or Madagascar, worse yet) for examples...
paul
References: