IETF Logo Mail Archive

Re: [certid] Need to define "most specific RDN"

Martin Rex <mrex@sap.com> Wed, 30 June 2010 17:46 UTC

Return-Path: <mrex@sap.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4B593A68CD for <certid@core3.amsl.com>; Wed, 30 Jun 2010 10:46:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.205
X-Spam-Level:
X-Spam-Status: No, score=-8.205 tagged_above=-999 required=5 tests=[AWL=0.185, BAYES_20=-0.74, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8YP+YtWdZob7 for <certid@core3.amsl.com>; Wed, 30 Jun 2010 10:46:10 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id B00873A6880 for <certid@ietf.org>; Wed, 30 Jun 2010 10:46:09 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o5UHkJeQ028408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 30 Jun 2010 19:46:19 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201006301746.o5UHkIsE019133@fs4113.wdf.sap.corp>
To: stpeter@stpeter.im (Peter Saint-Andre)
Date: Wed, 30 Jun 2010 19:46:18 +0200 (MEST)
In-Reply-To: <4C2B81C3.1040402@stpeter.im> from "Peter Saint-Andre" at Jun 30, 10 11:41:23 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal07
X-SAP: out
Cc: certid@ietf.org
Subject: Re: [certid] Need to define "most specific RDN"
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 17:46:10 -0000

Peter Saint-Andre wrote:
> 
> Based on feedback from you and from Kurt, I have changed the foregoing
> paragraph to:
> 
>    Certificates are binary objects -- they are encoded using
>    distinguished encoding rules (DER).  Thus, the generation of
>    displayable (a.k.a. printable) renderings of certificate subject and
>    issuer names means that the DER-encoded sequences are decoded and
>    converted into a "string representation" before being rendered.
>    Because a DN is an ordered sequence, order is preserved in the string
>    representation of a DN.  However, because an RDN is an unordered
>    group of attribute-type-and-value pairs, the string representation of
>    an RDN can differ from the canonical DER encoding; in the canonical
>    encoding, the RDN that is nearest to the root of the naming tree is
>    called the "most significant" RDN and the RDN that is deepest in the
>    tree (and that therefore distinguishes the relative name) is called
>    the "most specific" RDN.  See [LDAP-DN] for details.

I'm actually confused by refering to one end with "most significant" and
the other with "most specific".  Couldn't we just drop the "most significant"
entirely and use "least specific" / "most specific" for the two ends?

-Martin

v2.8.7 | Report a Bug | By Email