You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some extra text is needed to align commonName use with the restriction around subject givenName, surname and pseudonym.
If a subject:pseudonym is present, then subject:givenName and/or subject:surname should be absent and vice versa. However, if a subject:pseudonym is present, it's currently still possible to have a Personal Name in the commonName which seems at odds with the existing rule. Similarly, one could have a certificate containing a subject:givenName and subject:surname and then put one's pseudonym in the commonName despite the fact that there is a rule in place which would prevent the pseudonym being put into a subject:pseudonym field.
I don’t think it’s a difficult thing to fix though. Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:
“If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”
“If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”
The text was updated successfully, but these errors were encountered:
Some extra text is needed to align commonName use with the restriction around subject givenName, surname and pseudonym.
If a subject:pseudonym is present, then subject:givenName and/or subject:surname should be absent and vice versa. However, if a subject:pseudonym is present, it's currently still possible to have a Personal Name in the commonName which seems at odds with the existing rule. Similarly, one could have a certificate containing a subject:givenName and subject:surname and then put one's pseudonym in the commonName despite the fact that there is a rule in place which would prevent the pseudonym being put into a subject:pseudonym field.
I don’t think it’s a difficult thing to fix though. Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:
“If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”
“If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”
The text was updated successfully, but these errors were encountered: