Eric Rescorla wrote:
> So, I have no brief for one design or the other, but I think
> we can agree that it's imperative that this work with certs
> from commodity CAs. Has someone published a survey of which
> CAs will give you SAN?
Ekr: I don't know of a survey, but anecdotally speaking, at least
Thawte does. I have a freebie certificate from Thawte for
email signing. It has a couple of my identities in SAN:
[osiris:/u/vkg]$ x509 -noout -in vkg-Thawte-SAN.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:8d:ec:ff:b9:06:bf:76:49:7b:29:d6:e5:df:61:b8
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte
Personal Freemail Issuing CA
...
X509v3 extensions:
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED], email:[EMAIL PROTECTED]
X509v3 Basic Constraints: critical
CA:FALSE
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: [EMAIL PROTECTED],bell-labs.com,acm.org}
WWW: http://www.alcatel-lucent.com/bell-labs
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
