Santosh Chokhani wrote:
RFC says "The relationship between the subject organization and the subject organization logotype, and the relationship between the issuer and either the issuer organization logotype or the community logotype, are relationships asserted by the issuer." It tends to imply that the logotype is predefined data and not in the certificate request payload.
I'd feel better if it were explicit that the subject logotype is provided by the issuer.
As it is, I think it can be read either way. The issuer asserts everything in the cert, after all, but it didn't create it all; much was provided by the applicant.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature