Salz, Rich wrote: [ Charset UTF-8 unsupported, converting... ] > > The organization info (O, L, ST, C, etc...) is supposed to differ in that > > case (CN > > is just one field of DN), rendering the full DNs distinct. > > But where and how is that enforced, or enforceable? Again, any links to show > I'm wrong?
In theory: using Directory Name SubjectNameConstraints to enforce a hierarchical Naming on all Subject Names and one single hierarchy of CAs. (Just that this doesn't work for dozens of independent PKIs environments like the SSLiverse...) -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
