RFC 3280 Section 4.1.2.6 says: Conforming implementations generating new certificates with electronic mail addresses MUST use the rfc822Name in the subject alternative name field (section 4.2.1.7) to describe such identities. Simultaneous inclusion of the EmailAddress attribute in the subject distinguished name to support legacy implementations is deprecated but permitted.
This leads me to believe that the statement below from Section 5.2 isn't quite right: "Although the use of the subject name field is existing practice, its use in EAP-TLS is deprecated and Certification Authorities are encouraged to use the subjectAltName field instead. " An RFC 3280-equivalent statement would be: "Conforming implementations generating new certificates with network access identifiers MUST use the rfc822Name in the subject alternative name field to describe such identities." _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
