[cabfpub] Draft Ballot - Subject Common and Alternative Names
Erwann.Abalea at docusign.com
Fri Apr 15 14:32:37 UTC 2016
Le 15 avr. 2016 à 08:22, Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>> a écrit :
On Thu, Apr 14, 2016 at 10:28 PM, Peter Bowen <pzb at amzn.com<mailto:pzb at amzn.com>> wrote:
I know at least some platforms had issues with empty subject names.
That's a good point. For example, OS X has this limitation: a leaf certificate with an empty distinguished name, but has subjectAlternativeNames as a non-critical extension will be rejected.
Which is in line with X.509 2012 edition, and RFC5280 (it has been so since RFC2459).
Similarly, a leaf certificate that asserts the CA bit with an empty subject will also be rejected, unless it's flagged as accepted that the leaf can be a CA (mostly, this arises with self-signed certs).
Again, this is correct behavior, and is not a limitation.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public