On 10.06.2010 04:18, Peter Saint-Andre wrote:
>> The definition of "CN-ID" in section 1.3 should probably also be adapted
>> (i.e., it should explicitly forbid multi-CN RDNs).
>
> Is this a more accurate definition?
>
> * CN-ID = a subject Distinguished Name (DN) whose constituent
> sequence of Relative Distinguished Names (RDNs) contains one
> and only one attribute value assertion (AVA) whose attribute
> type is Common Name (CN)
I think it's better to refer to it at the RDN level (as is the case for
-05):
* CN-ID = a Relative Distinguished Name (RDN) in the certificate
subject which contains one and only one attribute value
assertion (AVA) whose attribute type is Common Name (CN)
When talking about CN-ID in the text, you would then say that only the
(DER-sequence-wise) last CN-ID is to be used for verification purposes.
Alternatively, the above definition could be changed to include this
"last" property as well, but this really depends on what text you
currently have in the working copy.
Kaspar
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
