[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [kmip] Groups - CertificateAttributes.pdf uploaded
If I’m reading your proposal correctly it would add two sets of new attributes for the DN components - one which would have the Subject prefix and the second with Issuer prefix. That seems very duplicative. Is there an way in which we could add new attributes for the individual DN components (aka one set) and then handle that you want the CN of the Subject or CN of the Issuer when you perform the Locate?
On slide 4 you list a set of attributes – Is this the full list of DN components you are suggesting we add to KMIP or just representative examples?
If it was intended to be a full list then I would suggest we look at the required and recommended lists from RFC5280 – On the required front you are missing DN Qualifier. From the recommended list you should add Domain Component (RFC4519) and Title at a minimum.
Also some questions/corrections to slide 4
· Is Email supposed to be emailAddress (RFC2985) or rfc822Name (RFC822)?
· The abbreviation used for State or Province is ‘ST’ and not ‘SoP’
· The Serial Number attribute is not abbreviated – The SN abbreviation maps to Surname (X.520)
· I also assume that what you have labeled X.509 Serial Number was in fact the Serial Number that is a DN component and not the serial number of the certificate. If this is true then you should drop the X.509 prefix because that value is defined in X.520
Judith Furlong | Consultant Product Manager | Product Security and Trusted Engineering | office: +1-774-803-3384 | email: Judith.Furlong@emc.com
From: email@example.com [mailto:firstname.lastname@example.org]
On Behalf Of Tim Hudson