At 4:07 PM -0600 6/29/10, Peter Saint-Andre wrote:
>Is the first RDN most specific, or is the last RDN most specific? I
>realize that the first one now will later be last [1] depending on the
>string representation, but my understanding is that in the DER encoding
>it's the first RDN that is most specific. Corrections are welcome.
This paragraph shows why it is crazy to assume that developers understand this.
First: if the RDN is a sequence, then whether it is encoded in DER or BER is
irrelevant. The difference in the two encodings is only relevant for SETs.
According to RFC 5280:
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET SIZE (1..MAX) OF AttributeTypeAndValue
However, RFC 5280 does not say which of the sequence is "most specific".
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
