RE: Questions/Comments for the current draft. from tgindin@us.ibm.com on 2000-07-18 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: <tgindin@us.ibm.com>
Date: Tue, 18 Jul 2000 17:21:30 -0400
To: "Joseph M. Reagle Jr." <reagle@w3.org>
cc: Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>, bal@microsoft.com, gregor.karlinger@iaik.at, w3c-ietf-xmldsig@w3.org
Message-ID: <85256920.00755411.00@D51MTA04.pok.ibm.com>

     I don't know if there is a constraint, but doesn't it have the same
syntax as X509IssuerName?  Thus I would use the current example's issuer
name as the example subject name, while making the issuer name "O=IBM,
C=JP" - perhaps with "CN=Certificate Authority," prefixed.

          Tom Gindin

"Joseph M. Reagle Jr." <reagle@w3.org>@w3.org on 07/18/2000 04:28:32 PM

Sent by:  w3c-ietf-xmldsig-request@w3.org

To:   Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
cc:   bal@microsoft.com, gregor.karlinger@iaik.at, w3c-ietf-xmldsig@w3.org
Subject:  RE: Questions/Comments for the current draft.

At 17:44 7/12/00 +0900, Yoshiaki KAWATSURA wrote:
 >I propose to revise the example of <X509IssuerName> in order to be the
 >correct one and add "The value of X509IssuerName (MUST?) conforms to
 >RFC2253" in XMLDSIG document (,for example).

I added SHOULD so as not to preclude an XML representation in the future.

4.4.4 The X509Data Element
An X509Data element within KeyInfo contains one or more identifiers of
keys/X509 certificates that may be useful for validation. Five types of
X509Data pointers are defined:
1. The X5009IssuerSerial element, which contains an X.509 issuer
distinguished name/serial number pair that SHOULD be compliant with RFC2253
[LDAP-DN],  ...

And tweaked the example as follows:

   <X509Data> <!-- two pointers to certificate-A -->
     <X509IssuerSerial>
       <X509IssuerName>CN=TAMURA Kent, OU=TRL, O=IBM,
        L=Yamato-shi, ST=Kanagawa, C=JP</X509IssuerName>
       <X509SerialNumber>12345678</X509SerialNumber>
     </X509IssuerSerial>
     <X509SKI>31d97bd7</X509SKI>
   </X509Data>
   <X509Data> <!-- single pointer to certificate-B -->
     <X509SubjectName>Subject of Certificate B</X509SubjectName>
   </X509Data>

Is there a constraint on X509SubjectName?

_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Tuesday, 18 July 2000 17:21:47 UTC