edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Ian Young <ian AT iay.org.uk>
- To: Jan Tomasek <jan.tomasek AT cesnet.cz>
- Cc: edugain-discuss AT geant.net
- Subject: Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?
- Date: Wed, 28 Aug 2013 14:54:19 +0100
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT iay.org.uk
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
On 28 Aug 2013, at 14:38, Jan Tomasek <jan.tomasek AT cesnet.cz> wrote:
> On 08/28/2013 11:34 AM, Ian Young wrote:
>> If you're going down the road of removing ds:X509SerialNumber, note
>> that you also need to remove the enclosing ds:X509IssuerSerial
>> elements.
>>
>> We also drop ds:X509SubjectName elements, as long values for that
>> have been known to trip up some implementations.
>
> Do you have any records about those problems?
Removing ds:X509IssuerSerial is required for schema-validity. If you have a
ds:X509IssuerSerial, it MUST contain a ds:X509SerialNumber. So if you remove
the latter, you also need to remove the former.
I looked back in my archive for anything touching on the reason for the
ds:X509SubjectName removal, but all I found was a message in 2011 in reply to
someone else asking the same question. So whatever the reason, it must have
been quite a long time ago. As with the ds:X509SerialNumber, I know of no
software which makes any use of ds:X509SubjectName in metadata, so it is safe
to strip it if you want to be on the safe side.
-- Ian
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 27-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 27-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 08/28/2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 08/28/2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 27-Aug-2013
Archive powered by MHonArc 2.6.19.