IETF Logo Mail Archive

Re: [certid] Domain Components

Peter Sylvester <peter.sylvester@edelweb.fr> Sat, 19 June 2010 14:11 UTC

Return-Path: <peter.sylvester@edelweb.fr>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2CB833A6A0F for <certid@core3.amsl.com>; Sat, 19 Jun 2010 07:11:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.061
X-Spam-Level:
X-Spam-Status: No, score=-0.061 tagged_above=-999 required=5 tests=[AWL=-0.062, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vZsBJxHQp6c3 for <certid@core3.amsl.com>; Sat, 19 Jun 2010 07:11:31 -0700 (PDT)
Received: from ganymede.on-x.com (ganymede.on-x.com [92.103.215.11]) by core3.amsl.com (Postfix) with ESMTP id 281523A63CA for <certid@ietf.org>; Sat, 19 Jun 2010 07:11:31 -0700 (PDT)
Received: from varuna.puteaux.on-x (varuna.puteaux.on-x [192.168.10.6]) by ganymede.on-x.com (Postfix) with ESMTP id EECCDD4 for <certid@ietf.org>; Sat, 19 Jun 2010 13:06:28 +0200 (CEST)
Received: from smtps.on-x.com (mintaka.puteaux.on-x [192.168.14.11]) by varuna.puteaux.on-x (Postfix) with ESMTP id 078561713C for <certid@ietf.org>; Sat, 19 Jun 2010 13:06:29 +0200 (CEST)
Received: from [192.168.0.21] (gut75-3-82-227-163-182.fbx.proxad.net [82.227.163.182]) by smtps.on-x.com (Postfix) with ESMTP id D3B0977D8 for <certid@ietf.org>; Sat, 19 Jun 2010 13:06:28 +0200 (CEST)
Message-ID: <4C1CA4B4.7090304@edelweb.fr>
Date: Sat, 19 Jun 2010 13:06:28 +0200
From: Peter Sylvester <peter.sylvester@edelweb.fr>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100423 Thunderbird/3.0.4
MIME-Version: 1.0
To: certid@ietf.org
References: <4C12A27D.3070308@stpeter.im> <p0624086ac8386db66483@[10.20.30.158]> <4C1CA2B8.9080103@isode.com>
In-Reply-To: <4C1CA2B8.9080103@isode.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [certid] Domain Components
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jun 2010 14:11:32 -0000

>>
> I personally I don't care if DCs are allowed or not by this document. 
> But if DCs are to be prohibited in this document, I want to make sure 
> that the document gives the right reason for that.
>
> The order of RDNs in a DN is fixed. So you are saying that there are 
> buggy implementations (and maybe most of them are buggy) which don't 
> read RDNs in the correct order, that is why we need to prohibit use of 
> DCs in subjectName?
>
In addition, RFC 5280 says:

    In addition, implementations of this specification MUST be prepared
    to receive the domainComponent attribute, as defined in [RFC4519].
    The Domain Name System (DNS) provides a hierarchical resource
    labeling system.  This attribute provides a convenient mechanism for
    organizations that wish to use DNs that parallel their DNS names.
    This is not a replacement for the dNSName component of the
    alternative name extensions.  Implementations are not required to
    convert such names into DNS names.  The syntax and associated OID for
    this attribute type are provided in the ASN.1 modules in Appendix A.
    Rules for encoding internationalized domain names for use with the
    domainComponent attribute type are specified in Section 7.3.

v2.8.7 | Report a Bug | By Email