[cabfpub] Draft Ballot - Subject Common and Alternative Names

Erwann Abalea Erwann.Abalea at docusign.com
Fri Apr 15 14:32:37 UTC 2016


Le 15 avr. 2016 à 08:22, Ryan Sleevi <sleevi at google.com<mailto:sleevi at google.com>> a écrit :

On Thu, Apr 14, 2016 at 10:28 PM, Peter Bowen <pzb at amzn.com<mailto:pzb at amzn.com>> wrote:

I know at least some platforms had issues with empty subject names.

That's a good point. For example, OS X has this limitation: a leaf certificate with an empty distinguished name, but has subjectAlternativeNames as a non-critical extension will be rejected.

Which is in line with X.509 2012 edition, and RFC5280 (it has been so since RFC2459).

Similarly, a leaf certificate that asserts the CA bit with an empty subject will also be rejected, unless it's flagged as accepted that the leaf can be a CA (mostly, this arises with self-signed certs).

Again, this is correct behavior, and is not a limitation.

Erwann Abalea

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160415/25f056bf/attachment-0003.html>

More information about the Public mailing list