The phrease "the (most specific) Common Name field in the subject field" is not plural. There is at most one Common Name attribute in the name that is *the* most specific one. The words "most specific" refer to its position in the list of RDNs, which are arranged (as encoded in the certificate Name field) from most general (first) to most specific (last). So, the most specific Common Name is the last of the Common Name attributes in the sequence of RDNs, as encoded in the certificate.
You can have two AVAs of the same type in the on RDN, i.e. two common names in the same RDN. There the interpretation of most-significant is not clear.
There term of 2818 itself is wrong, there is no such thing a 'Common Name field'. If one puts no more than one AVA of type CN into an RDN, and only one of such RDN, the result is ok. The "(most specific)" is a kind of hint not to put more than one unless you want to attack like a \0 :-) /P PS: I "like" the *.ietf.org cert use by the server 'ietf.org' :-) _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
