says the client MAY as a fallback check for a fully-qualified DNS domain name in the last Common Name RDN in the sequence of RDNs making up the Distinguished Name within the certificate's subjectName (where the term "last" refers to the DER order, which is often not the string order presented to a user; the order that is applied here MUST be the DER order).
The text in parenthesis 'refers to the order of the ASN.1 sequence' the last half sentence is superfluous. 'Common Name RDN' is not the correct term (as already explained by many). The text 'In existing certficates ..' stars with a defintion which should rather belong to 2.2. A clear separation of 2.2 and 4.4 should be done. There is also redundancy with 4.3 and 4.4.4 In one it is a security note, the other is not. at least the same things are said (at least) twice. _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
