Yet what can be done is to (ab-)use one or more of those Attribute structures as elements of CsrAttrs to specify concrete values for individual sub-components of the subject DN, namely single attributes of RDNs, e.g., SEQUENCE { OBJECT IDENTIFIER commonName (2 5 4 3) UTF8String "myHostname" } and SEQUENCE { OBJECT IDENTIFIER serialNumber (2 5 4 5) PrintableString "JABA1234' } Note that in this way one cannot express a particular desired structure of RDNs for the subject DN.
At least the above is implementable. (BTW, the general structure of DNs being a sequence or RDNs, each of which can contain a set of name attributes, see https://datatracker.ietf.org/doc/html/rfc2253#section-2 is a rather weird thing that is hardly understood and not always implemented correctly/completely, but that's a different story). Is that “weird thing” even necessary? I feel like dumping a lot of accumulated crust and crud that proved to be more trouble than it seems worth…
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima