[kmf-discuss] CSRVersion
Massimiliano Pala
pala at cs.dartmouth.edu
Wed Mar 21 22:14:03 PDT 2007
Wyllys Ingersoll wrote:
> Currently, no, but I can fix that. It is legal to have an empty subject
> as long as their is a subjAltName, correct?
Well, this is right for certificates. For requests, AFAIK, there is no such
a requirement for the Subject field. I think it is not OPTIONAL, but an empty
encoding should be allowed.
For certificates, if the certificate is a CA certificate, the Subject should
not be empty, otherwise there are no strict requirements---If I do remember
it correctly.
Cheers,
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] pala at cs.dartmouth.edu
project.manager at openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063 Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
Url : http://oss-beta1.opensolaris.org/pipermail/kmf-discuss/attachments/20070322/b0288f75/attachment.bin
More information about the kmf-discuss
mailing list