[sidr] multi-value distinguished name question

To: sidr at ietf.org
Subject: [sidr] multi-value distinguished name question
From: Stephen Kent <kent at bbn.com>
Date: Mon, 9 Nov 2009 19:30:12 -0500
Delivered-to: sidr at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/sidr>
List-help: <mailto:sidr-request@ietf.org?subject=help>
List-id: Secure Interdomain Routing <sidr.ietf.org>
List-post: <mailto:sidr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>

Tim Polk asked David Cooper (a NIST colleague) to check on thequestion that was raised during our meeting yesterday morning. Thequestion was whether, if we require Subject and Issuer names in X.509certs to be either just a CN or a CN plus a serialNumber (as a set),one could use commonly available CA software generate certs. Theanswer is that both OpenSSL and an NSS can do this. OpenSSL requiredsome configuration effort, but David provided the details of theconfig params in his response!


I will check with someone who knows about OpenCA, to see what they say.

Steve

Follow-Ups:
- Re: [sidr] multi-value distinguished name question
  - From: Geoff Huston
- Re: [sidr] multi-value distinguished name question
  - From: Russ Housley

Prev by Date: Re: [sidr] draft-pmohapat-sidr-pfx-validate-03.txt as SIDR WG document
Next by Date: Re: [sidr] multi-value distinguished name question
Previous by thread: [sidr] use cases draft
Next by thread: Re: [sidr] multi-value distinguished name question
Index(es):
- Date
- Thread

[sidr] multi-value distinguished name question

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.