Right. The RFC 3280 statement only applies to RFC 822 names. That's why I think that the text should focus on those names. > Subject: RE: [Emu] Issue: Encoding of NAIs within EAP-TLS certificates> Date: Thu, 7 Jun 2007 08:57:49 -0700> From: [EMAIL PROTECTED]> To: [EMAIL PROTECTED]; [email protected]> > Not all identities are an RFC822 Name so using an RFC822 name is not> always appropriate. If you are going to include an RFC822 name in the> certificate then it should be in the RFC822 SubjecAltName. The Subject> distinguished name may include other name elements.> > > -----Original Message-----> > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 07, 2007 7:54 AM> > To: [email protected]> > Subject: [Emu] Issue: Encoding of NAIs within EAP-TLS certificates> > > > > > RFC 3280 Section 4.1.2.6 says:> > > > Conforming implementations generating new certificates with> > electronic mail addresses MUST use the rfc822Name in the subject> > alternative name field (section 4.2.1.7) to describe such > > identities.> > Simultaneous inclusion of the EmailAddress attribute in the subject> > distinguished name to support legacy implementations is deprecated> > but permitted.> > > > This leads me to believe that the statement below from > > Section 5.2 isn't quite right: > > > > "Although the use of the subject name field is existing > > practice, its use in EAP-TLS is deprecated and Certification > > Authorities are encouraged to use the subjectAltName field instead. "> > > > An RFC 3280-equivalent statement would be:> > > > "Conforming implementations generating new certificates with > > network access identifiers MUST use the rfc822Name in the > > subject alternative name field to describe such identities."> > _______________________________________________> > Emu mailing list> > [email protected]> > https://www1.ietf.org/mailman/listinfo/emu> >
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
