OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Re: rfc822name Name Constraints question. Forwarded messagefrom Housley, Russ.

I sent mail to ietf-pkix asking for a clarification on the rules
for rfc822 name "matching".  Here is the response.

Anne

------- start of forwarded message -------
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: Anne.Anderson@sun.com
Subject: Re: rfc822name Name Constraints question
Date: Tue, 03 Sep 2002 09:16:20 -0400

We do not really need one.  The lack of a constraint is the same a c 
constraint with a NULL string.

Russ


At 09:07 AM 9/3/2002 -0400, Anne Anderson wrote:
>So what is the root of the rfc822name namespace?  ""?
>
>Anne
>
>On 2 September, Housley, Russ writes: Re: rfc822name Name Constraints question
>  > From: "Housley, Russ" <rhousley@rsasecurity.com>
>  > To: Anne.Anderson@Sun.COM
>  > Subject: Re: rfc822name Name Constraints question
>  > Date: Mon, 02 Sep 2002 11:26:19 -0400
>  >
>  >
>  > Anne:
>  >
>  > The email address name constraint contains the right-hand part.  So, any
>  > email address that exactly matches the right-hand part in the name
>  > constraint is valid.
>  >
>  > >RFC3280 describes how name constraints for "Internet mail
>  > >addresses" may be specified, but is unclear on a few points:
>  > >
>  > >1. If the NameConstraint is "root@xyz.com", does that include
>  > >    "sys.root@xyz.com"?
>  >
>  > Yes.  The email address "sys.root@xyz.com" does satisfy the 
> "root@xyz.com"
>  > constraint.
>  >
>  > >2. Can "@xyz.com" be used to match all mail addresses at
>  > >    "xyz.com" but not addresses at "abc.xyz.com?
>  >
>  > Yes.  The constraint "@xyz.com" would only be satisfied by mailboxes (or
>  > .forward entries) on the host xyz.com.
>  >
>  > >3. The paragraph says the constraint "xyz.com" is satisfied by
>  > >    "any mail address at the host "xyz.com", and ".xyz.com" is
>  > >    satisfied by an address within the domain xyz.com, but not
>  > >    xyz.com itself.  How then do I specify all addresses in the
>  > >    domain xyz.com AND xyz.com itself?
>  >
>  > The constraint "xyz.com" permits "joe@xyz.com" and "harry@us.xyz.com"
>  >
>  > Russ
>  >
>
>--
>Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>Sun Microsystems Laboratories
>1 Network Drive,UBUR02-311     Tel: 781/442-0928
>Burlington, MA 01803-0902 USA  Fax: 781/442-1692

------- end of forwarded message -------

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC