- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 18 Jul 2000 16:28:32 -0400
- To: Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
- Cc: bal@microsoft.com, gregor.karlinger@iaik.at, w3c-ietf-xmldsig@w3.org
At 17:44 7/12/00 +0900, Yoshiaki KAWATSURA wrote: >I propose to revise the example of <X509IssuerName> in order to be the >correct one and add "The value of X509IssuerName (MUST?) conforms to >RFC2253" in XMLDSIG document (,for example). I added SHOULD so as not to preclude an XML representation in the future. 4.4.4 The X509Data Element An X509Data element within KeyInfo contains one or more identifiers of keys/X509 certificates that may be useful for validation. Five types of X509Data pointers are defined: 1. The X509IssuerSerial element, which contains an X.509 issuer distinguished name/serial number pair that SHOULD be compliant with RFC2253 [LDAP-DN], ... And tweaked the example as follows: <X509Data> <!-- two pointers to certificate-A --> <X509IssuerSerial> <X509IssuerName>CN=TAMURA Kent, OU=TRL, O=IBM, L=Yamato-shi, ST=Kanagawa, C=JP</X509IssuerName> <X509SerialNumber>12345678</X509SerialNumber> </X509IssuerSerial> <X509SKI>31d97bd7</X509SKI> </X509Data> <X509Data> <!-- single pointer to certificate-B --> <X509SubjectName>Subject of Certificate B</X509SubjectName> </X509Data> Is there a constraint on X509SubjectName? _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 18 July 2000 16:29:40 UTC