|
Leaf RDN is another possibility >>> Howard Chu <hyc@highlandsun.com> 10/20/05 2:52:09 pm >>> Hallvard B Furuseth wrote: > Roger Harrison writes: >> The server's identity may also be verified by comparing the reference >> identity to the Common Name value of the least significant RDN of the >> subjectName field of the server's certificate. Note that the TLS >> implementation may display DNs in certificates according to X.509's >> rules rather than LDAP's rules. For example, RDNs in a DN may be >> ordered left-to-right instead of right-to-left. Upon further reflection, I would make this Note that the TLS implementation may display DNs in certificates according to X.509's conventions rather than LDAP's rules. as there really are no rules in X.500 for displaying DNs. > I still think "the RDN" is clearer than "the least significant RDN", > since I'm not used to the term "least significant" with this meaning for > non-numbers. Another choice could be "most inferior" though it's not much better. But, both terms are in keeping with the X.500 definition of a DN. I guess "the RDN" is better if it is more explicitly qualified: The server's identity may also be verified by comparing the reference identity to the value of the Common Name attribute in the RDN of the entity named by the server certificate's DN. I.e., a DN is a sequence of RDNs, but only one RDN names the entity in question, the others name the parents/ancestors. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/ |