Re: EV email usage

2008-04-29 Thread Eddy Nigg (StartCom Ltd.)
Kick Willemse: LS, I think if e-mail is configured as *rfc822Name*=*email* it is something that is included within the altname. More and more you see certificate issuers using this field. Oh right, so I haven't seen it a lot yet...guess because of that I missed it... Another option i

RE: EV email usage

2008-04-29 Thread Kick Willemse
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Eddy Nigg (StartCom Ltd.) Verzonden: dinsdag 29 april 2008 13:46 Aan: mozilla's crypto code discussion list Onderwerp: Re: EV email usage Frank Hecker: The EV guidelines reference RFC 3280 as the guiding document on matters not addresse

Re: EV email usage

2008-04-29 Thread Eddy Nigg (StartCom Ltd.)
Frank Hecker: The EV guidelines reference RFC 3280 as the guiding document on matters not addressed in the EV guidelines themselves. Section 4.2.1.7 of RFC 3280 allows (and recommends that) email addresses to be included in a certificate using the subjectAltName extension; it also says Bec

Re: EV email usage

2008-04-29 Thread Frank Hecker
Frank Hecker wrote: > Appendix C of the EV guidelines contains requirements relating to EV > certificate extensions. My apologies, that reference should be to Appendix B of the EV guidelines. Frank -- Frank Hecker [EMAIL PROTECTED] ___ dev-tech-crypt

Re: EV email usage

2008-04-29 Thread Frank Hecker
Eddy Nigg (StartCom Ltd.) wrote: > Perhaps in that case email addresses MUST not be included in server > certificates and extended key usage MUST be present and NOT include > E-mail protection. I'm not 100% sure about any requirement in that > respect and/or if additional key usage (such as Key/

RE: EV email usage

2008-04-29 Thread Kick Willemse
@lists.mozilla.org Onderwerp: Re: EV email usage Eddy Nigg (StartCom Ltd.) wrote re email addresses in EV certificates: > Can somebody else have also a look at this? In case the > claims are correct and email address fields are allowed or required for > EV SSL server certificates and *no* extended key usa

Re: EV email usage

2008-04-28 Thread Eddy Nigg (StartCom Ltd.)
Frank Hecker: I just looked at the latest EV guidelines, doing a search for various email-related terms (e.g., "email", "e-mail", "RFC 822", "rfc822", etc.) and also reading section C in detail. As far as I can tell, the guidelines do not mention email addresses in any context relating to the

Re: EV email usage

2008-04-28 Thread Frank Hecker
Eddy Nigg (StartCom Ltd.) wrote re email addresses in EV certificates: > Can somebody else have also a look at this? In case the > claims are correct and email address fields are allowed or required for > EV SSL server certificates and *no* extended key usage is set *and* > validation of the ema