Being completely pedantic about the RFC5280 text, nowhere in the text does it say that rfc822name cannot be used for anything but email address. It does state multiple times that an email address must be represented as an rfc822name, but places no explicit restrictions on what an rfc822name may represent. The text as is does not explicitly preclude use of rfc822name for ACP. This may be the widespread understanding of what RFC5280 means, but its not strictly what it says…
From: Anima <[email protected]> On Behalf Of Eric Rescorla Sent: 21 June 2020 09:26 To: Stephen Kent <[email protected]> Cc: Anima WG <[email protected]> Subject: Re: [Anima] representing ACP info in X.509 certs This matches my understanding as well. One thing that's not clear to me: is the expectation that you will be using a public CA or that you will be using an enterprise-level one? -Ekr On Sat, Jun 20, 2020 at 5:03 PM Stephen Kent <[email protected]<mailto:[email protected]>> wrote: Folks, My perspective matches what Russ & Ben have suggested, i.e., use of rfc822Name is inappropriate for this context. RFC 5280 is very clear about the intended use of the rfc822Name field in a cert and the proposed use in the anima context is inconsistent with 5280 text. A reasonable, appropriate way forward is to define a new otherName type for the anima context. Steve _______________________________________________ Anima mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/anima
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
