edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?

From: Ian Young <ian AT iay.org.uk>
To: Jan Tomasek <jan.tomasek AT cesnet.cz>
Cc: edugain-discuss AT geant.net
Subject: Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?
Date: Wed, 28 Aug 2013 10:34:41 +0100
Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT iay.org.uk
List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
List-id: eduGAIN discussion list <edugain-discuss.geant.net>

On 28 Aug 2013, at 10:22, Jan Tomasek <jan.tomasek AT cesnet.cz> wrote:

> Ian thank you for sharing your experience. I'm considering the same - to
> remove ds:X509SerialNumber and I'm glad that you are doing this for some
> time and that you do not know about any problems.

If you're going down the road of removing ds:X509SerialNumber, note that you
also need to remove the enclosing ds:X509IssuerSerial elements.

We also drop ds:X509SubjectName elements, as long values for that have been
known to trip up some implementations.

-- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 27-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 27-Aug-2013
  - Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
    - Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 08/28/2013
      - Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
        
        Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
        
        Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013