IETF Logo Mail Archive

Re: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute

"David P. Kemp" <dpkemp@missi.ncsc.mil> Thu, 22 July 2004 13:45 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA20115 for <pkix-archive@lists.ietf.org>; Thu, 22 Jul 2004 09:45:32 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6MCp8Uu010332; Thu, 22 Jul 2004 05:51:08 -0700 (PDT) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i6MCp8OE010331; Thu, 22 Jul 2004 05:51:08 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from stingray.missi.ncsc.mil (stingray.missi.ncsc.mil [144.51.50.20]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i6MCp74q010322 for <ietf-pkix@imc.org>; Thu, 22 Jul 2004 05:51:08 -0700 (PDT) (envelope-from DPKemp@missi.ncsc.mil)
Message-ID: <200407221245.i6MCjbAJ008226@stingray.missi.ncsc.mil>
Date: Thu, 22 Jul 2004 08:50:56 -0400
From: "David P. Kemp" <dpkemp@missi.ncsc.mil>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Fisher, James L." <jlf@mitretek.org>
CC: ietf-pkix@imc.org
Subject: Re: PI: 10: draft-ietf-pkix-pi-10.txt - single serialNumber attribute
References: <D6F85F437959E24C99E2EE757453E82BED647F@email1.mitretek.org>
In-Reply-To: <D6F85F437959E24C99E2EE757453E82BED647F@email1.mitretek.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 22 Jul 2004 12:51:03.0252 (UTC) FILETIME=[8BD94940:01C46FEA]
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 7bit

James,

A "Relative Distinguished Name" (RDN) references one element
or object in a tree, like a single "folder" in a Windows
file pathname.  But unlike a folder name, an RDN may contain
more than one attribute as long as they all have different
types. [ cn="John Smith" sn=12345 ] is a single RDN with two
names, whereas [ cn="John Smith", sn=12345 ] (note the comma)
is two RDNs each with a single name.

A Distinguished Name (DN) is a full path through the tree.
There may be multiple DC= or OU= attributes at different
levels in the tree, but only one at a given level.

Dave


Fisher, James L. wrote:
>>Russ's "problem" DN does not need to be solved.  As David notes, an
> 
> attribute type is not allowed to appear more than once in an RDN.
> 
> But we frequently see DNs containing multiple "dc=" and "ou="
> attributes.  Are those certs in violation of RFC3280 since Section
> 4.1.2.6 references to X.501 names?
> 
>

v2.23.0 | Report a Bug | By Email