At 10:56 AM +0200 6/21/10, Peter Sylvester wrote:
>On 06/21/2010 10:27 AM, Michael Ströder wrote:
>>Paul Hoffman wrote:
>>
>>>particularly because all of the text examples in RFC 5280 say
>>>"dc=example,dc=com".
>>>
>>And what's wrong with that example?
>>RFC 5280 lists RFC 4514 as informative reference which I read as DNs are in
>>examples are .
>>
>The citation is taken out of context, all examples also include cn like in:
>
>Appendix C.1 contains an annotated hex dump of a "self-signed"
> certificate issued by a CA whose distinguished name is
> cn=Example CA,dc=example,dc=com
>
>and they reference ldap in all parts except appendix C.1
>In C.1 one can read the encoding of that textual representation.
>
> 31 67: SEQUENCE {
> 33 19: SET {
> 35 17: SEQUENCE {
> 37 10: OBJECT IDENTIFIER
> : domainComponent (0 9 2342 19200300 100 1 25)
> 49 3: IA5String 'com'
> : }
> : }
> 54 23: SET {
> 56 21: SEQUENCE {
> 58 10: OBJECT IDENTIFIER
> : domainComponent (0 9 2342 19200300 100 1 25)
> 70 7: IA5String 'example'
> : }
> : }
> 79 19: SET {
> 81 17: SEQUENCE {
> 83 3: OBJECT IDENTIFIER commonName (2 5 4 3)
> 88 10: PrintableString 'Example CA'
> : }
> : }
> : }
Exactly. Someone reading the *text* of RFC 5280 would see the components in
left-to-right order; only those who read the non-normative dumps would see that
they actually appear in the certificate in the correct right-to-left order.
No one would ever make the mistake of only reading the normative text, of
course...
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
