On 5/12/10 3:36 PM, Sean Turner wrote: > I think a lot of DNs got concocted because X.500 implementers assumed > the examples in X.501 were normative. That is c=, o=, (4) ou=, cn=. > But, you're might be right about no descending ordering can be assumed. > If you look at the subjectName in the datatracker certificate it's: > > CN = *.ietf.org > OU = Terms of use at www.verisign.com/rpa (c)05 > OU = Internet Engineering Task Force > O = IETF Trust > L = Reston > ST = Virginia > C = US > > Is an organization more or less specific than a location?
The Internet encompasses all locations, so in this case C = US is much more specific than OU = Internet Engineering Task Force. ;)
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
