ietf-wg-scitt / draft-ietf-scitt-architecture

An Architecture for Trustworthy Digital Supply Chain Transparency Services
Other
11 stars 14 forks source link

Regular Expression distinguished name #273

Closed hannestschofenig closed 1 month ago

hannestschofenig commented 3 months ago

When x5t is present, iss MUST be a string with a value between 1 and 8192 characters in length that fits the regular expression of a distinguished name.

What is the "regular expression of a distinguished name"?

aj-stein-nist commented 2 months ago

I do understand the intent, but it would seem that distinguished name is not clearly going to have a specific reference we can use. That reference sets aside the regex requirement. I understand the need but there is some assorted LDAP RFCs and other attempts, but none seem to be the right kind of reference, even if about distinguished names in X.509.

I am going to propose we go back to what we know and then put forward my understanding and interpretation of the requirement, that we want a StringOrURI like the underlying CWT requires, perhaps with added length requirements?