Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What not use a different naming convention or other OID available in the x.509 spec?

Convention different naming OID Spec X.509
0
Posted

What not use a different naming convention or other OID available in the x.509 spec?

0 CommentsAdd a Comment

1 Answer

0

his is a long discussion. We were using /UID=username, but some OpenSSL versions reported the oid-to-name mapping inconsistently. Since this was casuing problems, TAGPMA encouraged us to change to a different scheme. We looked at other OID’s available along with appending additional /CN objects, and decided on /pseudonym=username as to to interfere with the original DN. However, due to inconsistencies in the BouncyCastle software used by much grid middleware, this was abandoned. We then had a shoot out of /CN=UID= and /CN=UID: and /CN=UID: had the least impact in the grid (BouncyCastle still had inconsistencies with /CN=UID=). There are countless different ways to handle this, including inventing our own OID, but it was decided to stick with something that supports the lowest common denominator while providing an easy to parse object to extract the Fermi username.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123