On 2010/04/14 08:32 PDT, =JeffH wrote: > Thanks for bringing this up Nelson, it's certainly subtle-but-important > aspects of this spec. Peter and I've been editing the spec and are > working on addressing these items. > > fwiw.. > >> The various standards for translating a DER encoded Name into a string >> call for the RDNs to be ordered, left to right, from most specific to >> most general, the reverse of the order in which they appear in the DER >> encoded certificate. > > AFAICT, there is only one clear non-implementation-specific > specification for a X.500/LDAP DN string representation, and that's > (now) RFC4514 (obsoletes 2253, which obsoleted 1779, which obsoleted > 1485).
Yes, that sequence of RFC is the set of "various standards" to which I was referring. > Is there a DN string rep specified anywhere in the ISO specs (I can't > find one)? I'm not aware of one. But people often assume that the tools they most frequently use implement "the standards". Increasingly I find that people assume that certain popular free tools ARE "the standard" for these things. :( and there are numerous free tools at the moment that don't follow the above-cited RFCs in this respect. > IIRC, quipu (a historical ISODE X.500 implementation) had its own DN > string rep, which was left-to-right, matching the ordering of the DER > encoded form in the certificate. _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
