Re: [certid] Need to define "most specific RDN"

[Love Hörnquist Åstrand <lha@apple.com>]

30 jun 2010 kl. 10:51 skrev Peter Saint-Andre <stpeter@stpeter.im>im>:

> On 6/30/10 11:46 AM, Martin Rex wrote:
>> Peter Saint-Andre wrote:
>>> 
>>> Based on feedback from you and from Kurt, I have changed the foregoing
>>> paragraph to:
>>> 
>>>   Certificates are binary objects -- they are encoded using
>>>   distinguished encoding rules (DER).  Thus, the generation of
>>>   displayable (a.k.a. printable) renderings of certificate subject and
>>>   issuer names means that the DER-encoded sequences are decoded and
>>>   converted into a "string representation" before being rendered.
>>>   Because a DN is an ordered sequence, order is preserved in the string
>>>   representation of a DN.  However, because an RDN is an unordered
>>>   group of attribute-type-and-value pairs, the string representation of
>>>   an RDN can differ from the canonical DER encoding; in the canonical
>>>   encoding, the RDN that is nearest to the root of the naming tree is
>>>   called the "most significant" RDN and the RDN that is deepest in the
>>>   tree (and that therefore distinguishes the relative name) is called
>>>   the "most specific" RDN.  See [LDAP-DN] for details.
>> 
>> I'm actually confused by refering to one end with "most significant" and
>> the other with "most specific".  Couldn't we just drop the "most significant"
>> entirely and use "least specific" / "most specific" for the two ends?
> 
> Given that we never use the term "most significant" in this I-D, I'd say
> we can remove any mention of it.

Peter,

Can you please add a DER encoded Name, the asn1parse/dump version of the name, and the LDAP version of string and annotation what the different parts are called, this confuses me every time I try to in parse the rfc's and drafts.

Thanks
Love


> 
> Peter
> 
> -- 
> Peter Saint-Andre
> https://stpeter.im/
> 
> 
> 
> _________