Re: email address and signed operations

[Bruce Greenblatt <bruceg@innetix.com>]

Vesna,

This is a very good point.  The S/MIME version 3 drafts no longer require
certificates to have email addresses.  Section 2.2 of the cert handling
draft says:

"Receiving agents MUST support PKIX v1 and PKIX v3 certificates. See
[KEYM] for details about the profile for certificate formats. End
entity certificates MAY include an Internet mail address, as described
in section 3.1."

The interesting text from section 3.1 is:

"Receiving agents MUST recognize email addresses in the subjectAltName
field. Receiving agents MUST recognize email addresses in the
Distinguished Name field."

For the purposes of the signed operations draft, what is a "receiving
agent"?  I believe that it is any LDAP client or server that tries to
verify the signature of the entries in the signed audit trail...

Bruce

At 02:04 PM 10/12/98 +0100, Vesna Hassler wrote:
>Hi,
>
>RFC2312 mandates the use of email address in an S/MIME certificate.
>Is it also the case for the "Signed Directory Operations Using S/MIME"?
>If it is, it should be important to have RFC2312 as a reference
>in the sigops draft.
>
>However, I don't think it's a good idea to mandate the use of email address
>for directory applications, since there are cases in which not all
>certified subjects have an email address (e.g. bank customers).
>
>Could the sigops authors comment on that? Thanks.
>
>Vesna
>
>
================================================
Bruce Greenblatt              bruceg@innetix.com
http://www.innetix.com/~bruceg
================================================