Brian: >> I think Brian actually made my point. While the filed contains an email >> address, using it as such would result in a delivery failure. The private >> key holder cannot be reached by this address. > > I don't see a requirement in RFC5280 that the email address in an rfc822name > must be reachable, or that it must belong to the private key holder.
We seem to be interpreting RFC 5280, Sections 4.1.2.6 and 4.2.16 differently. 4.1.2.6. Subject The subject field identifies the entity associated with the public key stored in the subject public key field. The subject name MAY be carried in the subject field and/or the subjectAltName extension. ... 4.2.1.6. Subject Alternative Name ... When the subjectAltName extension contains an Internet mail address, the address MUST be stored in the rfc822Name. The format of an rfc822Name is a "Mailbox" as defined in Section 4.1.2 of [RFC2821]. A Mailbox has the form "Local-part@Domain". Note that a Mailbox has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by "<" and ">". Rules for encoding Internet mail addresses that include internationalized domain names are specified in Section 7.5. Section 4.1.2 of RFC 2821 provides the ABNF for the Mailbox. RFC 2821 says: As used in this specification, an "address" is a character string that identifies a user to whom mail will be sent or a location into which mail will be deposited. The term "mailbox" refers to that depository. ... So, the mailbox is the place that email gets sent to. Russ _______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
