>>ALL IN ONE services.acheckamerica.com suite.agile1.com www.etimeentry.com ALL
>>IN ONE
>
> Duplicate instances of the same AVA at both ends of the DN (I'd like to see
> that go in an LDAP directory!).
>
>>intranet.zsi.at bibliothek.intranet.zsi.at webmail.intranet.zsi.at
>>wiki.intranet.zsi.at ztools.intranet.zsi.at
>
> This contains a DN with components thrown together in more or less arbitrary
> order, again with CNs at both the start and end of the DN.
>
>>PACKAGING TAPE www.airmovers.com www.carpetextractors.com www.cleanfreak.com
>>www.floorbuffers.com www.floorscrubbers.com www.packagingtapeinc.com
>>www.ptipackaging.com PACKAGING TAPE
>
> Another double-ended DN with all sorts of bizarro (non-CN) components all over
> it.
>
<snip/>
Yes, those are "odd", and as previously noted, the strings you're quoting above
are comprised of extracted & concatenated-with-space-separators CN values that
Ivan "smooshed" all together into one column ("subjectCommonName") in his
database table.
[If folks want to poke at the data themselves, request it from Ivan
http://www.ietf.org/mail-archive/web/certid/current/msg00484.html ]
fyi/fwiw, I count 946 certs in the dbase with more than one "CN" AVA in the
subject DN, out of a total of 867361, so << 1%.
WRT "Duplicate instances of the same AVA at both ends of the DN...", perhaps
RobS can provide some rationale for this practice?
Yes, they obviously aren't backing their CA databases with an X.500-based
directory. I suspect hardly anyone (or even no-one) does so.
=JeffH
_______________________________________________
certid mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/certid
