Peter Saint-Andre wrote: > > > So I'm not sure right now what to say about that. I suspect we can still > > stipulate that the only RDN having attr type of CN that we'll pay > > attention to is the one at the far end of the RDN sequence comprising > > the DN. > > We can stipulate that, but is it realistic?
An X.509 cert may contain several CN= components, although this is much less common that multiple OU= components. My own server endpoint identification code (including the original string-representation-based) has always been checking all CN= components of a DName and no matter where within the dinstinguished name they are, but I noticed that Firefox and IE seem to check only one of them. -Martin _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
