Granted the cert even for Cert Use DANE-EE(3) must be well-formed in
order to see what's in it.
But I believe Victor's main point is that the only field *value* that
matters for DANE-EE(3)
is the Public Key. Issuer, Common Name and SubjectAltName are just
deckchairs.
Stephen.
On 1/16/2014 11:45 AM, Stephen Kent wrote:
Martin is correct. This is not well-formed cert as per RFC 5280:
4.1.2.4.Issuer
The issuer field identifies the entity that has signed and issued the
certificate.The issuer field MUST contain a non-empty distinguished
name (DN)
4.1.2.6.Subject
The subject field identifies the entity associated with the public
carried in the subject field and/or the subjectAltName extension.
We issued 5280bis in part to accommodate DANE's use of ss certs.
Please don't
provide examples that are obviously non-complaint relative to basic
PKIX and
X.509 specs.
Steve
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
