So, I got a couple of bug reports on my original msg in this thread (thanks!).
It turns out (a) my regex was sorta broken, and (b) the subjectCommonName
column Ivan has in the dbase table has all the "CN" attr values smooshed into
it. So the certs with a subject with just one CN attr-value-assertion (AVA)
will (likely) have a reasonable-looking value (but not necessarily a domain
name) in the subjectCommonName column, but a subject with multiple CN AVAs will
have an odd-looking value in subjectCommonName (like the ones I included in
my orig msg).
Now, as Martin pointed out, the ones that look like this..
www.cebbank.com+2.5.4.5=#130f313030303030303030303131373438
..seem to be an RDName that's comprised of two AVAs, and in the/this DN string
representation, they're conjoined by a "+" char. And yes, as Matt noted, it
seems there's a bug in the parser used for the survey where it apparently
assumed that an RDN beginning with a "CN=" contains only a CN AVA. Also, upon
examining subject names more closely, it appears it properly parsed RDNs where
the CN AVA appears after the first AVA in the RDN. E.g...
2.5.4.5=#13083431343038353030+CN=secure.capis.com
..yielded "secure.capis.com" in the subjectCommonName column, surprisingly
enough.
So, anyway, yes, there are subject name with CN AVAs that have values /other
than/ dns domain names. Sometimes the cert has both natural-language CN values
(i.e. one or more) along with domain name values, sometimes just
natural-language values, but largely the CN values in the overall data are
domain name values.
With a new regex, I count 622 cert entries with at least one natural-language
CN value (they may also have CN values containing domain name-like constructs).
e.g...
CN=USMOTIVATION
CN=MONARCH MARKETING SERVICES (MONARCH GRAPHICS, INC)
CN=NORTH CAROLINA INFORMATION DATA, INC.
I hear tell that the regex-like esatz CN-ID values, e.g...
(www|zeus).asap-solution.com
..are due to at least one browser supporting (but no more?) such constructs.
=JeffH
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
