> -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 12, 2007 3:57 PM > To: Joseph Salowey (jsalowey); [email protected] > Subject: RE: [Emu] Issue: Encoding of NAIs within EAP-TLS certificates > > > [Joe] I think the main issue is emailAddress should not be used and > > anything that you would put in the emailAddress RDN should > go in the > > SubjectaltName of type rfc822Name instead. Other parts of > the subject > > name should be allowed. > > > > "The subject name field MAY contain other RDNs for representing the > > subject's identity." > > This seems unambiguous, because an emailAddress RDN is > required to include both a username and realm portion. > > So effectively we are saying that an NAI needs to include > both username and realm to qualify; a serial number, for > example, would not qualify. > [Joe] In general, yes. Also a certificate may have identities representing the same entity for different purposes some of which may use an NAI, some that may be related to an NAI and some that are independent of NAI.
> _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
