-----Original Message----- From: Peter Bowen [mailto:[email protected]] Sent: Thursday, April 07, 2016 5:34 PM To: Rick Andrews <[email protected]> Cc: [email protected] Subject: Re: [Trans] Issue with redaction and CN-IDs
<snip>
I also wonder how to handle multiple CN-IDs in a single certificate.
There is not, to my knowledge, a requirement that the Subject only
contain
one attribute of type commonName.
Dan Kaminsky's PKI Layer Cake paper
(https://www.cosic.esat.kuleuven.be/publications/article-1432.pdf) exposed
vulnerabilities around multiple CN-IDs, but we neglected to outlaw them in the
CABF BRs.
-Rick
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
