Peter Gietz wrote:
There is a clash between IETF-Standardization, where pkix and LDAP People prefer the mail attribute, which is also incorporated in inetOrgPerson (RFC 2798), and between the practice of the PKI vendors (eg. RSA in nonstandard but informational RFC 2985 on PKCS#9) that use "email".OpenCA should IMO be able to support both at least until the IETF standard has won this dispute.
We will support both because we cannot ignore old stuff. I sent a patch for the openssl function get_email to the request tracker of OpenSSL. The CVS HEAD is fixed and prefers now rfc822Mailbox. Nevertheless you can still use emailAddress. It's always a user decision. OpenCA only tries to be so close as possible at the existing standards - and this is RFC 3280.
BTW we still add emailAddress with a schema extension to the directories (OpenCA::LDAP, ldap.conf and contrib/openldap/openca.schema). Do you think we should stop this and only add the mail attribute.
Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
