Peter Saint-Andre wrote: > > Based on feedback from you and from Kurt, I have changed the foregoing > paragraph to: > > Certificates are binary objects -- they are encoded using > distinguished encoding rules (DER). Thus, the generation of > displayable (a.k.a. printable) renderings of certificate subject and > issuer names means that the DER-encoded sequences are decoded and > converted into a "string representation" before being rendered. > Because a DN is an ordered sequence, order is preserved in the string > representation of a DN. However, because an RDN is an unordered > group of attribute-type-and-value pairs, the string representation of > an RDN can differ from the canonical DER encoding; in the canonical > encoding, the RDN that is nearest to the root of the naming tree is > called the "most significant" RDN and the RDN that is deepest in the > tree (and that therefore distinguishes the relative name) is called > the "most specific" RDN. See [LDAP-DN] for details.
I'm actually confused by refering to one end with "most significant" and the other with "most specific". Couldn't we just drop the "most significant" entirely and use "least specific" / "most specific" for the two ends? -Martin _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
