- From: Brian LaMacchia <bal@microsoft.com>
- Date: Tue, 18 Jul 2000 14:25:28 -0700
- To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>, Yoshiaki KAWATSURA <kawatura@bisd.hitachi.co.jp>
- Cc: gregor.karlinger@iaik.at, w3c-ietf-xmldsig@w3.org
The constraints should be the same on X509IssuerName and X509SubjectName,
since both are DNs. So a reference to RFC2253 would be appropriate for
both.
--bal
-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Tuesday, July 18, 2000 1:29 PM
To: Yoshiaki KAWATSURA
Cc: Brian LaMacchia; gregor.karlinger@iaik.at; w3c-ietf-xmldsig@w3.org
Subject: RE: Questions/Comments for the current draft.
At 17:44 7/12/00 +0900, Yoshiaki KAWATSURA wrote:
>I propose to revise the example of <X509IssuerName> in order to be the
>correct one and add "The value of X509IssuerName (MUST?) conforms to
>RFC2253" in XMLDSIG document (,for example).
I added SHOULD so as not to preclude an XML representation in the future.
4.4.4 The X509Data Element
An X509Data element within KeyInfo contains one or more identifiers of
keys/X509 certificates that may be useful for validation. Five types of
X509Data pointers are defined:
1. The X509IssuerSerial element, which contains an X.509 issuer
distinguished name/serial number pair that SHOULD be compliant with RFC2253
[LDAP-DN], ...
And tweaked the example as follows:
<X509Data> <!-- two pointers to certificate-A -->
<X509IssuerSerial>
<X509IssuerName>CN=TAMURA Kent, OU=TRL, O=IBM,
L=Yamato-shi, ST=Kanagawa, C=JP</X509IssuerName>
<X509SerialNumber>12345678</X509SerialNumber>
</X509IssuerSerial>
<X509SKI>31d97bd7</X509SKI>
</X509Data>
<X509Data> <!-- single pointer to certificate-B -->
<X509SubjectName>Subject of Certificate B</X509SubjectName>
</X509Data>
Is there a constraint on X509SubjectName?
_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 18 July 2000 17:26:45 UTC