Greetings:
Is it possible to add additional customized fields to the DN (Distinguished
Name) of a standard X509 certificate. Since the DN appears as text, with
fields delimited by the forward slash character '/', in the subject of the
X509 certificate, it should be easy enough to adds these extra fields.
For example, the DN in my personal certificate is:
/C=CA/ST=Ontario/L=Toronto/O=CyberStation Inc./OU=
/CN=Alicia da [EMAIL PROTECTED]
And if we add a new field for my telephone number "/T=416-860-9378" to my
DN:
/C=CA/ST=Ontario/L=Toronto/O=CyberStation Inc./OU=/T=416-860-9378
/CN=Alicia da [EMAIL PROTECTED]
or if we add it to the end of the DN:
/C=CA/ST=Ontario/L=Toronto/O=CyberStation Inc./OU=
/CN=Alicia da [EMAIL PROTECTED]/T=416-860-9378
Are any of the above "extended" DN's valid? Would the X509 certificates
that contain these DN's still be valid certs? Instead of adding fields
to the DN's, would it be better to add extra fields within an extention
to the X509 certificate (like the extra netscape fields like "nsCertType")?
Thank you in advance. Sincerely, Alicia.
PS. If it possible to safely add extra fields to a client certificate, then
is it also possible with SSL3 or TLS to only allow those client
certificates to be submitted in an encrypted manner, to a SSL
server, after the client application first validates the server
certificate? That way, the client's certificate can contain private
data in its fields that only trusted servers are allowed to see.
(This is method would be very useful for decentralized databasing.)
begin: vcard
fn: Alicia da Conceicao
n: da Conceicao;Alicia
org: Cyberstation Inc.
adr: 121 Richmond Street West, Suite 1104;;;Toronto;Ontario;M5H-2G4;Canada
email;internet: [EMAIL PROTECTED]
title: VP of Technology
tel;work: 416-860-9378
tel;fax: 416-860-9380
x-mozilla-cpt: ;0
x-mozilla-html: TRUE
version: 2.1
end: vcard
