OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [kmip] Groups - CertificateAttributes.pdf uploaded



If I’m reading your proposal correctly it would add two sets of new attributes for the DN components -  one which would have the Subject prefix and the second with Issuer prefix.   That seems very duplicative.  Is there an way in which we could add new attributes for the individual DN components (aka one set) and then handle that you want the CN of the Subject or CN of the Issuer when you perform the Locate?


On slide 4 you list a set of attributes – Is this the full list of DN components you are suggesting we add to KMIP or just representative examples? 

If it was intended to be a full list then I would suggest we look at the required and recommended lists from RFC5280 – On the required front you are missing DN Qualifier.  From the recommended list you should add Domain Component (RFC4519) and Title at a minimum.


Also some questions/corrections to slide 4


·         Is Email supposed to be emailAddress (RFC2985) or rfc822Name (RFC822)?

·         The abbreviation used for State or Province is ‘ST’ and not ‘SoP’

·         The Serial Number attribute is not abbreviated – The SN abbreviation maps to Surname (X.520)

·         I also assume that what you have labeled X.509 Serial Number was in fact the Serial Number that is a DN component and not the serial number of the certificate.  If this is true then you should drop the X.509 prefix because that value is defined in X.520




Judith Furlong | Consultant Product Manager | Product Security and Trusted Engineering | office: +1-774-803-3384 | email: Judith.Furlong@emc.com


From: kmip@lists.oasis-open.org [mailto:kmip@lists.oasis-open.org] On Behalf Of Tim Hudson
Sent: Thursday, December 17, 2015 7:40 AM
To: kmip@lists.oasis-open.org
Subject: [kmip] Groups - CertificateAttributes.pdf uploaded


Submitter's message
Currently there is no way to look up a certificate by a subject or issue DN component. This proposal is to add attributes for each of the main components in a DN.
-- Tim Hudson

Document Name: CertificateAttributes.pdf

Proposal to add certificate DN fields.
Download Latest Revision
Public Download Link

Submitter: Tim Hudson
Group: OASIS Key Management Interoperability Protocol (KMIP) TC
Folder: Proposals
Date submitted: 2015-12-17 04:40:12


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]