Re: Distinguished names and X509v3 extension OIDs (fwd)

[Warwick Heath <warwick@rcc-irc.si>]

>
>I read that to mean that in the absense of a specific profile, *any*
>attribute (not just any under 2.5.4) is a legal component of a DN
>according to X.501.
>
>That said, it is good practice for a certificate to contain the
>absolute minimum of information required to accomplish it's purpose,
>which is to provide a secure binding between a public key and an
>entity.  If your definition of an "entity" does not include a street
>address as a fundamental, essential element of it's identity, then
>the street address should not be included in the DN in a certificate,
>or for that matter, in an extension.

OK, then street names etc. are out. I suppose I was looking at the
certificate containing all the info that I would like to have (seeing
as the directory itself is not available).


>> >One person mailed to me the location of a copy of X500v3 online. 
>> >Another emailed the location of a database of lots of OIDs.
>
>Could you forward me, or better, post the location of the OID database?

Andrew Probert <AndrewP@esd.nec.com.au> provided me with the following URL

http://domen.uninett.no/~hta/ietf/oid/top.html


Thanks to the people who have answered to this thread - the technical
questions are now clearer, now I just have to wrestle with the
social/privacy implications of sensitive data in high assurance 
certificates (i.e. a single cert containing a unique national identifier
verses multiple certs each with application specific identifier). 
Any references anyone :-)

Warwick

/****** PGPfingerprint 88 18 A5 E6 9A B2 C2 24  80 1D BD 84 57 CB 73 AB ******/
Warwick Allan Heath, Unix & Comms	RCC IRC d.o.o., Ulica XIV. divizije 14,
Mail: warwick@rcc-irc.si		3000 Celje, SLOVENIJA
Web: http://www.rcc-irc.si/		Tel: +386 63 441 144 x251 Fax: 442 036