Actually, according to 802.1AR-2009, the subject MUST contain requires a DN with serial number, and it may contain a SAN (e.g., don’t count on it). That’s the major concern. To me, the rest is really negotiable.
Here’s the text: The DevID subject field shall uniquely identify the device associated with the particular DevID credential within the issuer’s domain of significance. The formatting of this field shall contain a unique X.500 Distinguished Name (DN). This may include the unique device serial number assigned by the manufacturer or any other suitable unique DN value that the issuer prefers. In the case of a third-party CA or a standards certification agency, this can contain the manufacturer’s identity information. That’s a pretty broad range. I don’t claim that this is the only use of subjects, but it is one such use. Email
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
