problems with X.509 certs + KDE 3.1 + KMail ??
Zdenek Pizl
pizl@systinet.com
Fri Feb 14 16:21:01 2003
Dne pátek, 14. únor. 2003 12:07 Bernhard Reiter <bernhard@intevation.de>
napsal(a):
> > > The SPHINX specification (and others)
> > > requires the e-mail-address to be in the extention like
> > > X509v3 Subject Alternative Name:
> > > email:bernhard@intevation.de
> > aha, I am sure enough that our certificates don't have altName feature.
> > OK, I'll check it ...
> >
> > But I can't understand it,
> > why it rely on (optional) altName when email can be
> > obtained from the standard DN ??
> Because that is the required method according to the standard.
> http://www.ietf.org/rfc/rfc2459.txt
> 4.1.2.6 Subject
hmm, I've carefuly read it, and there is no MUST. No requirement about it. As
I've spoken to some people from an certification authority, there is no need
(it is not requested by any standard) to include Altname.
Other clients (MS Outlook, Outlook Express, Mozilla) work without it. Only
"aegypten-ized" clients have those problems ... Hmm, I am confused.
It is true that with Altname feature in cert, KMail works fine. But as I said,
it's functionality rely on OPTIONAL extension, and I feel it is wrong way.
z.p.