OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] Subject Auth Name?


My Thawte s/mime cert has 4 email addresses as Subject Alternative names.  Works fine as far as I can tell.

=jbradley

On 11-Dec-08, at 10:10 PM, RL 'Bob' Morgan wrote:


SubjectAltName can technically include multiple values, so we're thinking about trying to include BOTH the user's UPN and XRI; however, we haven't yet had the bandwidth to test this. We're apprehensive to try it, because we expect a multi-valued subjectAltName will confuse COTS software (similar to how many LDAP-enable COTS applications get confused if the CN in an LDAP directory contains multiple values). Our primary concern is in making subjectAltName multi-valued; we're less concerned that one of the values would be an XRI.

I suspect we are getting seriously off-topic (time for a beer, Marty), but let me just say that we have had cases where multiple altNames in certs is useful (both logical-service-name.foo.edu and specific-box-name.foo.edu in the same server cert) and we have found this to work remarkably well with COTS relying-party software.  That is, it does what you want:  goes through the set of altNames, finds the one that's useful, and ignores the rest.  In fact the ability to have multiples is one of major benefits of altNames, since multiple CNs in a Subject DN is both technically illegal (as I recall) and (as I found out by asking X.509 implementors a few years ago, and by trying it) produces unknown results in deployed software.

- RL "Bob"


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

smime.p7s



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]