- From: Brian LaMacchia <bal@microsoft.com>
- Date: Tue, 11 Jul 2000 08:18:15 -0700
- To: "'gregor.karlinger@iaik.at'" <gregor.karlinger@iaik.at>, Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
- Cc: w3c-ietf-xmldsig@w3.org, "Joseph M. Reagle Jr." <reagle@w3.org>
> -----Original Message----- > From: Gregor Karlinger [mailto:gregor.karlinger@iaik.at] > Sent: Monday, June 26, 2000 2:51 AM > To: Yoshiaki KAWATSURA; w3c-ietf-xmldsig@w3.org; Joseph M. Reagle Jr.; > Brian LaMacchia > Subject: RE: Questions/Comments for the current draft. > > > Hi Yoshiaki! > > > (2-1) For X509Data > > I think the X509IssuerName in the example of X509Data should be > > described actual value such that distinguished name, for example > > <X509IssuerName>CN =XXX Cert, C= US, O = XXX Trust > Inc.</X509IssuerName>. > > # Is there any general guideline which describes about text > representation > > # of distinguished name? I found > <draft-ietf-pkix-generalname-00.txt> > > # which specifies text representations for distinguished names > > # but this document has already expired. > > A previous version of the XML-Signature draft mentioned RFC > 2253 as the way > to represent a Name as a text string, I think this is still > intended by > the authors > > (Joseph, Brian: Am I right here?) (I've been out of the office much for the past couple weeks & am working through a backlog of mail...) Yup, you're correct. To the best of my knowledge RFC 2253 is the only standard way to string-encode a DN, so that's what we should use for X509IssuerName. It's not what I'd consider optimal for an XML environment, but I'd rather use what exists already than define something new. (Since the DN is itself a structured object, seems to me the right thing would be a direct mapping to a structured XML element...) --bal
Received on Tuesday, 11 July 2000 11:21:06 UTC