#8: Distinguished Names in the RPKI
-----------------------------+----------------------------------------------
Reporter: g...@… | Owner:
Type: enhancement | Status: new
Priority: medium | Milestone:
Component: res-certs | Version:
Severity: In WG Last Call | Keywords:
-----------------------------+----------------------------------------------
reported by Steve Kent:
Tim Polk asked David Cooper (a NIST colleague) to check on the question
that was raised during our meeting yesterday morning. The question was
whether, if we require Subject and Issuer names in X.509 certs to be
either just a CN or a CN plus a serialNumber (as a set), one could use
commonly available CA software generate certs. The answer is that both
OpenSSL and an NSS can do this. OpenSSL required some configuration
effort, but David provided the details of the config params in his
response!
this related to arch and res-cert drafts - one, or both need to reflect
this structure if adopted
--
Ticket URL: <http://trac.tools.ietf.org/wg/sidr/trac/ticket/8>
sidr <http://tools.ietf.org/sidr/>
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
