Victor Duchovni wrote:
The usual interpretation seems to be not an alternative in the sense of "one more of the same", but rather "one more and possibly better *representation* of the same".The subject name in the certificate is an X.500 DN. What Internet applications that want to authenticate a connection to a given host are trying to verify is a DNS name. The convention for overloading CommonName in X.500 DNs as candidate DNS names is a transitional hack. When DNS names are present in the SubjectAlternativeName extension, these (with RFC blessing) are taken to represent *ALL* the valid DNS names of the subject. I don't have an RFC reference for such an interpretation. Anyone have a handy reference?
RFC 3280, Section 4.2.1.7. Thanks, - vijay -- Vijay K. Gurbani [EMAIL PROTECTED],research.bell-labs.com,acm.org} Bell Laboratories, Lucent Technologies, Inc. 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
smime.p7s
Description: S/MIME Cryptographic Signature
