Yet what can be done is to (ab-)use one or more of those Attribute structures
as elements of CsrAttrs to specify concrete values for individual
sub-components of the subject DN,
namely single attributes of RDNs, e.g.,
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
UTF8String "myHostname"
}
and
SEQUENCE {
OBJECT IDENTIFIER serialNumber (2 5 4 5)
PrintableString "JABA1234'
}
Note that in this way one cannot express a particular desired structure of RDNs
for the subject DN.At least the above is implementable. (BTW, the general structure of DNs being a sequence or RDNs, each of which can contain a set of name attributes, see https://datatracker.ietf.org/doc/html/rfc2253#section-2 is a rather weird thing that is hardly understood and not always implemented correctly/completely, but that's a different story). Is that “weird thing” even necessary? I feel like dumping a lot of accumulated crust and crud that proved to be more trouble than it seems worth…
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima
