> -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Friday, January 19, 2007 10:12 AM > To: Joseph Salowey (jsalowey); [email protected] > Subject: RE: [Emu] Open issues with draft-simon-emu-rfc2716bis-06.txt
<snip> > > > > Can someone descirbe a case where there would be more than one > > > subjectAltName in a certificate? > > > I'm having a hard time wrapping my head around this case. > > > > >[Joe] The subjectAltName may contain a host name as DNSName and a > >manufacturing serial number as an OtherName or perhaps it > may contain a > >UPN and a SIP URI. > > Any recommendations on what we should say about this? > [Joe] There is no one field in all certificate that unequivocally represents the "identity" for all EAP-TLS uses. For the mapping of certificate fields to name: "If the peer's or server's certificate contains a non-empty subject name then it is the peer or server name respectively. If the subject name is empty then the peer name maps to a subjectAltName. Since the subjectAltName may contain more than one instance of subjectAltName an implementation should provide a means to choose which subjectAltName type is used. An implementation may also provide configuration controls to allow a particular subjectAltName type to override the subject name when present." I'm not sure that this maps sufficiently well to NAI as described in the opening sentence of the first paragraph. _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
