URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension

tiran commented:
@jcholast I'm not familiar with any standard that mandates that a X.509 Subject 
DN should identify a subject in a directory. Which standard mandates the 
relationship? RFC 5280 only requires that the Subject DN must be unique for 
each entity. A CA is allowed to issue multiple certs with the same Subject DN 
for the same entity. https://tools.ietf.org/html/rfc5280#section-

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to