On Oct 08, 2014, at 09:50, Andreas Reuter <[email protected]> wrote:
> Hi,
>
> I came across a (possible) oversight in RFC 6487, Section 4.4 about
> the issuer field:
>
>> An issuer name MUST contain one instance of the CommonName attribute
>> and MAY contain one instance of the serialNumber attribute. If both
>> attributes are present, it is RECOMMENDED that they appear as a set.
>> The CommonName attribute MUST be encoded using the ASN.1 type
>> PrintableString [X.680].
>
> This wording does not define the encoding of the serialNumber
> attribute.
>
> While mailing with Rob he told me that the serialNumber came later
> into the spec, and most likely the definition has been just forgotten.
> Can someone from the authors clarify?
I think it’s right as is.
RFC 5280 has the definition for serial number:
-- Naming attributes of type X520SerialNumber
id-at-serialNumber AttributeType ::= { id-at 5 }
X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))
So there’s no need to say it’s printable string because it always is printable
string. When you specify a common name you need say which of the permitted
encodings you want because there’s a choice of 5 string types:
-- Naming attributes of type X520CommonName
id-at-commonName AttributeType ::= { id-at 3 }
-- Naming attributes of type X520CommonName:
-- X520CommonName ::= DirectoryName (SIZE (1..ub-common-name))
--
-- Expanded to avoid parameterized type:
X520CommonName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-common-name)),
printableString PrintableString (SIZE (1..ub-common-name)),
universalString UniversalString (SIZE (1..ub-common-name)),
utf8String UTF8String (SIZE (1..ub-common-name)),
bmpString BMPString (SIZE (1..ub-common-name)) }
spt
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
