On Thu, Apr 7, 2016 at 5:46 PM, Rick Andrews <[email protected]> wrote: > -----Original Message----- > From: Peter Bowen [mailto:[email protected]] > Sent: Thursday, April 07, 2016 5:34 PM > To: Rick Andrews <[email protected]> > Cc: [email protected] > Subject: Re: [Trans] Issue with redaction and CN-IDs > > <snip> > > I also wonder how to handle multiple CN-IDs in a single certificate. > There is not, to my knowledge, a requirement that the Subject only > contain > one attribute of type commonName. > > Dan Kaminsky's PKI Layer Cake paper > (https://www.cosic.esat.kuleuven.be/publications/article-1432.pdf) exposed > vulnerabilities around multiple CN-IDs, but we neglected to outlaw them in the > CABF BRs.
Ah, then ignore that question in the trans context. We can fix in the CABF context. _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
