[x500standard] Inconsistency in X.509

• From: "Erik Andersen" <era@xxxxxxx>
• To: "Directory list" <x500standard@xxxxxxxxxxxxx>, "SG17-Q11" <t09sg17q11@xxxxxxxxxxxxx>
• Date: Tue, 12 Jul 2011 16:13:08 +0200

Hi Folks,

 

Note 2 of 8.3.2.1 (which should not be a note) states that the value of the
public-key certificate subject field may hold an empty DN under certain
conditions. The note of 8.3.2.2 states something similar for the issuer
field.

 

Somewhere down in clause 7, a little before the CertificationPath data type,
the following statement may be found:

 

The issuer and subject fields of each certificate are used, in part, to
identify a valid path. For each pair of adjacent certificates in a valid
certification path, the value of the subject field in one certificate shall
match the value of the issuer field in the subsequent certificate. In
addition, the value of the issuer field in the first certificate shall match
the DN of the trust anchor. Only the names in these fields are used when
checking validity of a certification path. Names in certificate extensions
are not used for this purpose.

 

What is true?

 

Erik Andersen

Andersen's L-Service

Elsevej 48,

DK-3500 Vaerloese

Denmark

Mobile: +45 2097 1490

e-amail: era@xxxxxxx

Skype: andersen-erik

http://www.x500.eu/

http://www.x500standard.com/

 <http://dk.linkedin.com/in/andersenerik>
http://dk.linkedin.com/in/andersenerik

 

• Follow-Ups:
  • [x500standard] Re: Inconsistency in X.509
    • From: Santosh Chokhani

Other related posts:

• » [x500standard] Inconsistency in X.509 - Erik Andersen
• » [x500standard] Re: Inconsistency in X.509- Santosh Chokhani

1. Home
2. x500standard
3. Archive
4. 07-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---