> However, if this > legacy identifer configuration is employed, then the server's > fully-qualified DNS domain name MUST be placed in the last (most > specific) RDN within the RDN sequence making up the certificate's > subjectName, as the order of RDNs is determined by the DER- > encoded Name within the server's PKIX certificate.
I always get this wrong, so I assume people less familiar with PKIX do as well. Before you say "(most specific)" as if it was a toss-off, you should define "most specific RDN" as "the last RDN within a sequence", probably in section 1.3. --Paul Hoffman, Director --VPN Consortium _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
