The ordering rules in 3.2 contain a paradox:
o Reference identifiers that include the source domain MUST be
preferred over reference identifiers that include a target domain
(if any).
...
o A reference identifier of type CN-ID (if included) MUST always be
the lowest-priority reference identifier in the list.
So in the example given, the CN-ID MUST be 3rd by the former rule, and
MUST be 5th by latter rule.
-- Dan
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
