Thanks for bringing this up Nelson, it's certainly subtle-but-important aspects
of this spec. Peter and I've been editing the spec and are working on
addressing these items.
fwiw..
> The various standards for translating a DER encoded Name into
> a string call for the RDNs to be ordered, left to right, from most specific
> to most general, the reverse of the order in which they appear in the
> DER encoded certificate.
AFAICT, there is only one clear non-implementation-specific specification for a
X.500/LDAP DN string representation, and that's (now) RFC4514 (obsoletes 2253,
which obsoleted 1779, which obsoleted 1485). Is there a DN string rep specified
anywhere in the ISO specs (I can't find one)?
IIRC, quipu (a historical ISODE X.500 implementation) had its own DN string
rep, which was left-to-right, matching the ordering of the DER encoded form in
the certificate.
thanks,
=JeffH
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
