URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension

tiran commented:
"""
@jcholast I'm not familiar with any standard that mandates that a X.509 Subject 
DN should identify a subject in a directory. Which standard mandates the 
relationship? RFC 5280 only requires that the Subject DN must be unique for 
each entity. A CA is allowed to issue multiple certs with the same Subject DN 
for the same entity. https://tools.ietf.org/html/rfc5280#section-4.1.2.6
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/228#issuecomment-263536634
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to