Re: Distinguished names and X509v3 extension OIDs (fwd)
Warwick Heath <warwick@rcc-irc.si> Wed, 02 April 1997 07:39 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id XAA23170; Tue, 1 Apr 1997 23:39:20 -0800
Received: from ircgate1.rcc-irc.si by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id XAA23167; Tue, 1 Apr 1997 23:39:15 -0800
Received: (from smap@localhost) by ircgate1.rcc-irc.si (8.8.4/8.8.4) id JAA20278 Wed, 2 Apr 1997 09:40:16 +0200
Received: from ircaix1.rcc-irc.si(193.77.55.11) by ircgate1.rcc-irc.si via smap (V2.0beta) id xma020274; Wed, 2 Apr 97 09:39:49 +0200
Received: (from warwick@localhost) by ircaix1.rcc-irc.si (8.8.5/8.6.12) id KAA34364 Wed, 2 Apr 1997 10:37:55 +0200
From: Warwick Heath <warwick@rcc-irc.si>
Message-Id: <199704020837.KAA34364@ircaix1.rcc-irc.si>
Subject: Re: Distinguished names and X509v3 extension OIDs (fwd)
In-Reply-To: <199703311453.JAA04641@argon.ncsc.mil> from "David P. Kemp" at "Mar 31, 97 09:53:31 am"
To: dpkemp@missi.ncsc.mil
Date: Wed, 02 Apr 1997 10:37:55 +0200
Cc: ietf-pkix@tandem.com, ssl-users@mincom.oz.au
X-Mailer: ELM [version 2.4ME+ PL27 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
> >I read that to mean that in the absense of a specific profile, *any* >attribute (not just any under 2.5.4) is a legal component of a DN >according to X.501. > >That said, it is good practice for a certificate to contain the >absolute minimum of information required to accomplish it's purpose, >which is to provide a secure binding between a public key and an >entity. If your definition of an "entity" does not include a street >address as a fundamental, essential element of it's identity, then >the street address should not be included in the DN in a certificate, >or for that matter, in an extension. OK, then street names etc. are out. I suppose I was looking at the certificate containing all the info that I would like to have (seeing as the directory itself is not available). >> >One person mailed to me the location of a copy of X500v3 online. >> >Another emailed the location of a database of lots of OIDs. > >Could you forward me, or better, post the location of the OID database? Andrew Probert <AndrewP@esd.nec.com.au> provided me with the following URL http://domen.uninett.no/~hta/ietf/oid/top.html Thanks to the people who have answered to this thread - the technical questions are now clearer, now I just have to wrestle with the social/privacy implications of sensitive data in high assurance certificates (i.e. a single cert containing a unique national identifier verses multiple certs each with application specific identifier). Any references anyone :-) Warwick /****** PGPfingerprint 88 18 A5 E6 9A B2 C2 24 80 1D BD 84 57 CB 73 AB ******/ Warwick Allan Heath, Unix & Comms RCC IRC d.o.o., Ulica XIV. divizije 14, Mail: warwick@rcc-irc.si 3000 Celje, SLOVENIJA Web: http://www.rcc-irc.si/ Tel: +386 63 441 144 x251 Fax: 442 036
- Re: Distinguished names and X509v3 extension OIDs… Eric Young
- Re: Distinguished names and X509v3 extension OIDs… Warwick Ford
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp
- RE: Distinguished names and X509v3 extension OIDs… Andrew Probert
- Re: Distinguished names and X509v3 extension OIDs… Charles W. Gardiner
- Re: Distinguished names and X509v3 extension OIDs… Warwick Heath
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp
- Re: Distinguished names and X509v3 extension OIDs… Ben Laurie
- Re: Distinguished names and X509v3 extension OIDs… David P. Kemp