RFC 5280 is just what it says it is:
"Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile"
"tailored for the Internet" (Section 3.1) No one said that it's
anything more. Don't use it if you don't like it, but it's worth
knowing about.
Erwann ABALEA wrote:
Hodie VII Id. Aug. MMX, David Shambroom scripsit:
See:
http://www.ietf.org/rfc/rfc5280.txt
RFC5280 is only a profile for X.509 certificates and CRLs, just were
RFC3280 and RFC2459 before it. Hopefully, RFC5280 is of better quality
than its predecessors, but doesn't replace the standard at all.
It adds more constraints, some of them are unnecessary (for example an
organizationName or a commonName limited to 64 characters).
RFC acts on top of X.509, and only for public key certificates (i.e.
not attribute certificates).
Kyle Hamilton wrote:
I was asked this morning where to find the X.509 specification,
since http://itu.int/ is such a messy website.
It's sad the 2008 version is only available for a fee.
I always thought the free 2005 version (and corresponding X.5xx
standards covering other important aspects) was a good thing to help
development.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
