[cabfpub] Draft Ballot - Subject Common and Alternative Names
Erwann Abalea
Erwann.Abalea at docusign.com
Fri Apr 15 14:32:37 UTC 2016
Bonjour,
Le 15 avr. 2016 à 08:22, Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>> a écrit :
On Thu, Apr 14, 2016 at 10:28 PM, Peter Bowen <pzb at amzn.com<mailto:pzb at amzn.com>> wrote:
I know at least some platforms had issues with empty subject names.
That's a good point. For example, OS X has this limitation: a leaf certificate with an empty distinguished name, but has subjectAlternativeNames as a non-critical extension will be rejected.
Which is in line with X.509 2012 edition, and RFC5280 (it has been so since RFC2459).
Similarly, a leaf certificate that asserts the CA bit with an empty subject will also be rejected, unless it's flagged as accepted that the leaf can be a CA (mostly, this arises with self-signed certs).
Again, this is correct behavior, and is not a limitation.
Cordialement,
Erwann Abalea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160415/25f056bf/attachment-0003.html>
More information about the Public
mailing list