Not all identities are an RFC822 Name so using an RFC822 name is not always appropriate. If you are going to include an RFC822 name in the certificate then it should be in the RFC822 SubjecAltName. The Subject distinguished name may include other name elements.
> -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 07, 2007 7:54 AM > To: [email protected] > Subject: [Emu] Issue: Encoding of NAIs within EAP-TLS certificates > > > RFC 3280 Section 4.1.2.6 says: > > Conforming implementations generating new certificates with > electronic mail addresses MUST use the rfc822Name in the subject > alternative name field (section 4.2.1.7) to describe such > identities. > Simultaneous inclusion of the EmailAddress attribute in the subject > distinguished name to support legacy implementations is deprecated > but permitted. > > This leads me to believe that the statement below from > Section 5.2 isn't quite right: > > "Although the use of the subject name field is existing > practice, its use in EAP-TLS is deprecated and Certification > Authorities are encouraged to use the subjectAltName field instead. " > > An RFC 3280-equivalent statement would be: > > "Conforming implementations generating new certificates with > network access identifiers MUST use the rfc822Name in the > subject alternative name field to describe such identities." > _______________________________________________ > Emu mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
