[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FQDN goes in commonName or domainComponent?

To: "Housley, Russ" <rhousley@rsasecurity.com>
Subject: FQDN goes in commonName or domainComponent?
From: Brian Korver <briank@xythos.com>
Date: Thu, 14 Nov 2002 18:52:49 -0800
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

Re: draft-ietf-ipsec-pki-profile-01.txt

On Wednesday, November 13, 2002, at 08:41 AM, Housley, Russ wrote:
>>> In section 4.1.2.2.2, describing conventions for FQDN Host Names, I 
>>> think that the SHOULD and MAY are backwards.  When a DQDN is carried 
>>> in the subject field of a certificate, the domainComponent attribute 
>>> SHOULD be used.  The commonName attribute MAY be used instead.  I 
>>> prefer dNSName in the SubjectAltName extension to both of these!

Your final statement agrees with the draft's SHOULD NOT.

On the other hand, domainComponent isn't nearly as standard
as commonName for containing FQDNs.  In fact, I'd be surprised
if much software could even process that attribute type and
display it to a user.

Question to the list:  How common is support domainComponent?
Which should be preferred?

-brian
briank@xythos.com

Follow-Ups:
- Re: FQDN goes in commonName or domainComponent?
  - From: Niklas Hallqvist <niklas@appli.se>
- Re: FQDN goes in commonName or domainComponent?
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: draft-ietf-ipsec-pki-profile-01.txt
Next by Date: support for v1 certificates?
Prev by thread: Re: padding in ESP
Next by thread: Re: FQDN goes in commonName or domainComponent?
Index(es):
- Date
- Thread