Is it possible make it in the application layer? For example, mapping
case-sensitive name to case-in-sensitive name before calling into the standard
KeyStore APIs. It may be not good to break the standards for corner cases?
Xuelei
> On Jul 13, 2022, at 4:38 AM, Ravi Patel8 <ravi.pat...@ibm.com> wrote:
>
> We have a customer who is having a security requirement. He wants to know, Is
> it possible to have case-sensitive support for PKCS#12? We referred the RFCs
> for PKCS#12. We found that PKCS#12 uses a case in-sensitive alias and the
> alias Name is mapped with friendlyName attribute, which is specified as
> "caseIgnoreMatch" as below.
>
> friendlyName ATTRIBUTE ::= {
> WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
> EQUALITY MATCHING RULE caseIgnoreMatch
> SINGLE VALUE TRUE
> ID pkcs-9-at-friendlyName
> }
>
> The RFCs can be found here:
> https://datatracker.ietf.org/doc/html/rfc7292
> https://datatracker.ietf.org/doc/html/rfc2985#page-19
>
> The JKS key store(case in-sensitive alias) has a special version
> (CaseExactJKS) that uses case sensitive aliases.
> So similarly, Will it be acceptable to have a case sensitive version of
> PKCS#12 as CaseExactPKCS12 which will use case sensitive aliases?
