SCVP uses wild characters for validationNames, not for names included in certificates.Until I have clue to understand where "three additional lines" (which ones ?) would be included in RFC 3280bis, I disagree.
SCVP seems ambiguous in this sense. Names may contain the wildcard character * which is considered to match any single domain name component. That is, *.a.com matches foo.a.com but not bar.foo.a.com. To me it is not clear what "Names" refer to because in the previous sentences'name' is used for both cases.
The name validation algorithm allows the client to specify one or more subject names that MUST appear in the end certificate in addition to the requirements specified for the basic validation algorithm. The name validation algorithm allows the client to supply an application identifier and a name to the server. The application identifier defines the name matching rules to use in comparing the name supplied in the request with the names in the certificate.I have no problem not allowing wildcards in subjectAltName.
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature